Trojan Horse generic4

[Pajaso]

wanneer ik hijackthis.exe vanuit de TrendMicro-map open krijg ik de volgende melding:

"Windows cannot access the specified device, path, or file. You may not have the appropiate permission to access the item."

(Avast-antivirus geeft me zojuist de volgende melding:

Object: C:\WINDOWS\System32\drivers\i8042prt.sys

Infectie: Win32:Crypt-KMR [trj]

Actie: verplaatst naar kluis

Proces: C:\Program files\AVAST software etc etc..)

[kape]

Download RSIT.

Sla het op je Bureaublad op.

Dubbelklik op RSIT om het te starten.

Klik op Continue in het disclaimer venster.

Zodra de scan beëindigd is, zullen twee logs openen. Post de inhoud van log.txt (zal gemaximaliseerd zijn) en info.txt (zal geminimaliseerd zijn) in je volgende antwoord.

[Pajaso]

info.txt logfile of random's system information tool 1.09 2011-10-11 16:41:35

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -maintain activex

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin

Adobe Reader 9.4.5 - Nederlands-->MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A94000000001}

Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"

Agere Systems AC'97 Modem-->agrsmdel

avast! Free Antivirus-->C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup

AVG 2012-->"C:\Program Files\AVG\AVG2012\avgmfapx.exe" /AppMode=SETUP /Uninstall

AVG 2012-->MsiExec.exe /I{56839333-0802-40D6-9A50-EBB9EB2BF541}

AVG 2012-->MsiExec.exe /I{6DA0B8BE-3735-4287-AF4D-B8DE088D0AA7}

Broadcom 802.11 Wireless LAN Adapter-->C:\WINDOWS\system32\BCMWLU00.exe verbose /rootkey=Software\Broadcom\802.11\UninstallInfo

Broadcom NetXtreme Ethernet Controller-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033

Broadcom Wireless Utility-->C:\WINDOWS\system32\BCMWLU00.exe verbose /rootkey=Software\Broadcom\802.11_App\UninstallInfo

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

DivX-Setup-->C:\Documents and Settings\All Users\Application Data\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com

FREE Hi-Q Recorder 1.92-->"C:\Program Files\FREE Hi-Q Recorder\unins000.exe"

Google Talk Plugin-->MsiExec.exe /I{82705358-3BD6-3CD5-AA9A-B8F058BE3A29}

Guitar Pro 4 Demo-->MsiExec.exe /X{7DBC4070-DCE3-427E-AEFF-430ED013EC04}

Intel® Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592

Java 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022FF}

LucasArts' Curse of Monkey Island-->C:\WINDOWS\unin040c.exe -f"C:\Program Files\LucasArts\Curse\DeIsL1.isu"

Malwarebytes' Anti-Malware version 1.51.2.1300-->"C:\Documents and Settings\Administrator\Desktop\tegenmal\tegenmal\Malwarebytes' Anti-Malware\unins000.exe"

Micro Application - 2 000 Courriers Types-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Micro Application\2 000 Courriers Types\Uninst.isu"

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}

Monkey Island 2 LeChucks Revenge Special Edition-->"C:\Program Files\LucasArts\Monkey Island 2 LeChucks Revenge Special Edition\unins000.exe"

Mozilla Firefox 6.0.2 (x86 nl)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U

Prio v1.9.7-->C:\WINDOWS\prio197uninstall.exe

ReaJPEG Pro 4.0-->"C:\Program Files\ReaSoft\ReaJPEG Pro\unins000.exe"

Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}

Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}

SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly

SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\Uninstall.exe"

Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Program Files\InstallShield Installation Information\{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}\setup.exe -runfromtemp -l0x0409

Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"

VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}

Winamp-->"C:\Program Files\Winamp\UninstWA.exe"

Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

WinRAR-->C:\Program Files\WinRAR\uninstall.exe

YouTube Downloader 2.5.6-->"C:\Program Files\YouTube Downloader\uninstall.exe"

======Security center information======

AV: avast! Antivirus

======System event log======

Computer Name: REDDA

Event Code: 7023

Message: The Network Location Awareness (NLA) service terminated with the following error:

The specified procedure could not be found.

Record Number: 102130

Source Name: Service Control Manager

Time Written: 20111005205558.000000+120

Event Type: error

User:

Computer Name: REDDA

Event Code: 7000

Message: The AVGIDSAgent service failed to start due to the following error:

Access is denied.

Record Number: 102121

Source Name: Service Control Manager

Time Written: 20111005205558.000000+120

Event Type: error

User:

Computer Name: REDDA

Event Code: 7023

Message: The System Support service terminated with the following error:

The specified module could not be found.

Record Number: 102120

Source Name: Service Control Manager

Time Written: 20111005205558.000000+120

Event Type: error

User:

Computer Name: REDDA

Event Code: 10005

Message: DCOM got error "%1058" attempting to start the service BITS with arguments ""

in order to run the server:

{4991D34B-80A1-4291-83B6-3328366B9097}

Record Number: 102119

Source Name: DCOM

Time Written: 20111005205321.000000+120

Event Type: error

User: REDDA\Administrator

Computer Name: REDDA

Event Code: 4

Message: Broadcom NetXtreme Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 102118

Source Name: b57w2k

Time Written: 20111005205320.000000+120

Event Type: warning

User:

=====Application event log=====

Computer Name: REDDA

Event Code: 4609

Message: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BA from line 44 of f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Record Number: 4546

Source Name: EventSystem

Time Written: 20110413175059.000000+120

Event Type: error

User:

Computer Name: REDDA

Event Code: 4609

Message: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BA from line 44 of f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Record Number: 4545

Source Name: EventSystem

Time Written: 20110413175059.000000+120

Event Type: error

User:

Computer Name: REDDA

Event Code: 4609

Message: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BA from line 44 of f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Record Number: 4544

Source Name: EventSystem

Time Written: 20110413175059.000000+120

Event Type: error

User:

Computer Name: REDDA

Event Code: 4609

Message: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BA from line 44 of f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Record Number: 4543

Source Name: EventSystem

Time Written: 20110413175059.000000+120

Event Type: error

User:

Computer Name: REDDA

Event Code: 4609

Message: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BA from line 44 of f:\xpsp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Record Number: 4542

Source Name: EventSystem

Time Written: 20110413175059.000000+120

Event Type: error

User:

======Environment variables======

"DEVMGR_SHOW_DETAILS"=1

"ComSpec"=%SystemRoot%\system32\cmd.exe

"DEVMGR_SHOW_NONPRESENT_DEVICES"=1

"FP_NO_HOST_CHECK"=NO

"NUMBER_OF_PROCESSORS"=1

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel

"PROCESSOR_LEVEL"=6

"PROCESSOR_REVISION"=0d08

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"windir"=%SystemRoot%

-----------------EOF-----------------

______________________________________________________________________________________________

Logfile of random's system information tool 1.09 (written by random/random)

Run by Administrator at 2011-10-11 16:41:21

Microsoft Windows XP Professional Service Pack 3

System drive C: has 15 GB (26%) free of 57 GB

Total RAM: 1271 MB (61% free)

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-854245398-1177238915-500Core.job

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-854245398-1177238915-500UA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m0hfi793.default

prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, jqs@sun.com:1.0, {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18"

"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff

"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"=C:\Program Files\AVG\AVG2012\Firefox4\

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 10.1 Plugin

"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]

"Description"=Adobe Shockwave Player

"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]

"Description"=DivX Plus Web Player

"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd}

{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\

binary.manifest

browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\

npdeployJava1.dll

nppdf32.dll

npwachk.dll

C:\Program Files\Mozilla Firefox\searchplugins\

bing.xml

bolcom-nl.xml

google.xml

marktplaats-nl.xml

vandale-nl.xml

wikipedia-nl.xml

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m0hfi793.default\searchplugins\

avg-secure-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search - C:\Program Files\AVG\AVG2012\avgssie.dll [2011-09-27 2179936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]

avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-09-06 806456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

AVG Security Toolbar - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll [2011-10-07 1451336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]

Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-02-12 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll [2011-10-07 1451336]

{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-09-06 806456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2007-06-19 101144]

"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2007-06-19 84760]

"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2007-06-19 125720]

"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]

"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-11-16 88209]

"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\bcmntray []

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]

"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-16 1164584]

"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

"AVG_TRAY"=C:\Program Files\AVG\AVG2012\avgtray.exe [2011-09-23 2404704]

"vProt"=C:\Program Files\AVG Secure Search\vprot.exe [2011-10-07 218440]

"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-09-06 3722416]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2011-09-14 4611456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\WINDOWS\system32\prio.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04 551296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2007-06-19 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2011-07-19 113024]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"DisableStatusMessages"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=67108863

"NoDriveTypeAutoRun"=323

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"MemCheckBoxInRunDlg"=1

"StartMenuFavorites"=0

"Start_ShowMyComputer"=1

"Start_ShowMyDocs"=1

"Start_ShowMyMusic"=0

"Start_ShowRun"=1

"Start_ShowSearch"=0

"NoDriveAutoRun"=67108863

"NoDriveTypeAutoRun"=323

"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"

"C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"midimapper"=midimap.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msadpcm"=msadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.trspch"=tssoft32.acm

"vidc.cvid"=iccvid.dll

"vidc.I420"=msh263.drv

"vidc.iv31"=ir32_32.dll

"vidc.iv32"=ir32_32.dll

"vidc.iv41"=ir41_32.ax

"vidc.iyuv"=iyuv_32.dll

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvu9"=tsbyuv.dll

"vidc.yvyu"=msyuv.dll

"wavemapper"=msacm32.drv

"msacm.msg723"=msg723.acm

"vidc.M263"=msh263.drv

"vidc.M261"=msh261.drv

"msacm.msaudio1"=msaud32.acm

"msacm.sl_anet"=sl_anet.acm

"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax

"vidc.iv50"=ir50_32.dll

"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"vidc.DIVX"=DivX.dll

"vidc.yv12"=DivX.dll

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux"=wdmaud.drv

"wave2"=wdmaud.drv

"midi2"=wdmaud.drv

"mixer2"=wdmaud.drv

"aux1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-10-11 16:41:21 ----D---- C:\rsit

2011-10-11 13:37:23 ----A---- C:\WINDOWS\system32\drivers\i8042prt.sys

2011-10-11 12:38:28 ----SHD---- C:\RECYCLER

2011-10-11 12:35:14 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys

2011-10-11 12:35:14 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys

2011-10-11 12:35:10 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys

2011-10-11 12:35:09 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys

2011-10-11 12:35:09 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys

2011-10-11 12:35:08 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys

2011-10-11 12:35:08 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys

2011-10-11 12:35:06 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys

2011-10-11 12:34:43 ----A---- C:\WINDOWS\system32\aswBoot.exe

2011-10-11 12:34:43 ----A---- C:\WINDOWS\avastSS.scr

2011-10-11 11:46:51 ----A---- C:\ComboFix.txt

2011-10-11 11:40:00 ----D---- C:\ComboFix

2011-10-11 10:57:27 ----D---- C:\Program Files\xerox

2011-10-11 10:57:25 ----D---- C:\WINDOWS\system32\xircom

2011-10-11 10:57:25 ----D---- C:\Program Files\microsoft frontpage

2011-10-11 10:51:36 ----RASHD---- C:\cmdcons

2011-10-11 10:48:25 ----A---- C:\WINDOWS\zip.exe

2011-10-11 10:48:25 ----A---- C:\WINDOWS\SWXCACLS.exe

2011-10-11 10:48:25 ----A---- C:\WINDOWS\SWSC.exe

2011-10-11 10:48:25 ----A---- C:\WINDOWS\SWREG.exe

2011-10-11 10:48:25 ----A---- C:\WINDOWS\sed.exe

2011-10-11 10:48:25 ----A---- C:\WINDOWS\PEV.exe

2011-10-11 10:48:25 ----A---- C:\WINDOWS\NIRCMD.exe

2011-10-11 10:48:25 ----A---- C:\WINDOWS\MBR.exe

2011-10-11 10:48:25 ----A---- C:\WINDOWS\grep.exe

2011-10-11 08:43:05 ----D---- C:\Program Files\Trend Micro

2011-10-10 20:26:42 ----D---- C:\Documents and Settings\Administrator\Application Data\AVG Secure Search

2011-10-10 20:26:30 ----D---- C:\Program Files\AVG Secure Search

2011-10-10 20:26:05 ----D---- C:\Program Files\Common Files\AVG Secure Search

2011-10-10 20:23:13 ----D---- C:\Config.Msi

2011-10-10 14:34:38 ----DC---- C:\WINDOWS\$NtUninstallWdf01005$

2011-10-10 14:33:37 ----D---- C:\Program Files\Hewlett-Packard

2011-10-10 14:32:11 ----D---- C:\Program Files\Synaptics

2011-10-07 21:09:38 ----SHD---- C:\WINDOWS\CSC

2011-10-07 20:16:57 ----ASH---- C:\pagefile.sys

2011-10-07 20:01:03 ----A---- C:\WINDOWS\ntbtlog.txt

2011-10-07 18:06:16 ----D---- C:\Program Files\AVAST Software

2011-10-07 18:06:16 ----D---- C:\Documents and Settings\All Users\Application Data\AVAST Software

2011-10-07 16:34:34 ----A---- C:\Boot.bak

2011-10-07 16:33:23 ----D---- C:\ComboFix(2)

2011-10-07 16:23:20 ----D---- C:\WINDOWS\ERDNT

2011-10-07 16:23:10 ----D---- C:\Qoobox

2011-10-07 16:17:05 ----D---- C:\WINDOWS\system32\appmgmt

2011-10-07 16:05:11 ----D---- C:\Documents and Settings\Administrator\Application Data\AVG2012

2011-10-07 16:03:10 ----D---- C:\Documents and Settings\All Users\Application Data\AVG2012

2011-10-07 12:53:21 ----D---- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com

2011-10-07 12:52:42 ----D---- C:\Program Files\SUPERAntiSpyware

2011-10-07 12:52:42 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2011-10-07 12:35:53 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2011-10-07 12:28:52 ----A---- C:\WINDOWS\system32\drivers\mbam.sys

2011-10-06 18:39:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2011-10-06 18:36:55 ----HD---- C:\WINDOWS\PIF

2011-10-06 18:33:35 ----D---- C:\Program Files\beschermingNIEUW

2011-10-06 17:50:00 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

2011-10-06 17:49:44 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2011-10-05 17:45:09 ----SHD---- C:\WINDOWS\assembly

2011-09-19 18:15:14 ----A---- C:\WINDOWS\MICRO APPLICATION Expéditeur.dat

2011-09-19 18:15:14 ----A---- C:\WINDOWS\MICRO APPLICATION Destinataire.dat

2011-09-19 18:15:01 ----A---- C:\WINDOWS\INTER.INI

2011-09-19 18:14:47 ----A---- C:\WINDOWS\system32\MFC42FRA.DLL

2011-09-19 18:14:47 ----A---- C:\WINDOWS\system32\CTL3D95.DLL

2011-09-19 18:14:20 ----A---- C:\WINDOWS\system32\MSSTKPRP.DLL

2011-09-19 18:14:15 ----D---- C:\Program Files\Micro Application

2011-09-19 18:09:17 ----A---- C:\WINDOWS\IsUn040c.exe

2011-09-19 18:09:15 ----A---- C:\WINDOWS\Navigma.INI

2011-09-16 15:01:03 ----A---- C:\WINDOWS\system32\XAudio2_0.dll

2011-09-16 15:01:02 ----A---- C:\WINDOWS\system32\xactengine3_0.dll

2011-09-16 15:01:02 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll

2011-09-16 15:01:01 ----A---- C:\WINDOWS\system32\d3dx10_37.dll

2011-09-16 15:01:01 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll

2011-09-16 15:01:00 ----A---- C:\WINDOWS\system32\D3DX9_37.dll

2011-09-16 15:00:59 ----A---- C:\WINDOWS\system32\xactengine2_10.dll

2011-09-16 15:00:57 ----A---- C:\WINDOWS\system32\d3dx10_36.dll

2011-09-16 15:00:57 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll

2011-09-16 15:00:54 ----A---- C:\WINDOWS\system32\xactengine2_9.dll

2011-09-16 15:00:54 ----A---- C:\WINDOWS\system32\d3dx10_35.dll

2011-09-16 15:00:54 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll

2011-09-16 15:00:52 ----A---- C:\WINDOWS\system32\xactengine2_8.dll

2011-09-16 15:00:52 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll

2011-09-16 15:00:51 ----A---- C:\WINDOWS\system32\d3dx10_34.dll

2011-09-16 15:00:51 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll

2011-09-16 15:00:48 ----A---- C:\WINDOWS\system32\xactengine2_7.dll

2011-09-16 15:00:47 ----A---- C:\WINDOWS\system32\d3dx10_33.dll

2011-09-16 15:00:47 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll

2011-09-16 15:00:42 ----A---- C:\WINDOWS\system32\xactengine2_6.dll

2011-09-16 15:00:41 ----A---- C:\WINDOWS\system32\xactengine2_5.dll

2011-09-16 15:00:40 ----A---- C:\WINDOWS\system32\xactengine2_4.dll

2011-09-16 15:00:40 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll

2011-09-16 15:00:39 ----A---- C:\WINDOWS\system32\xinput1_2.dll

2011-09-16 15:00:39 ----A---- C:\WINDOWS\system32\xactengine2_3.dll

2011-09-16 15:00:38 ----A---- C:\WINDOWS\system32\xinput1_1.dll

2011-09-16 15:00:38 ----A---- C:\WINDOWS\system32\xactengine2_2.dll

2011-09-16 15:00:37 ----A---- C:\WINDOWS\system32\xactengine2_1.dll

2011-09-16 15:00:36 ----A---- C:\WINDOWS\system32\xactengine2_0.dll

2011-09-16 15:00:36 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll

2011-09-16 15:00:34 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll

2011-09-16 14:41:32 ----A---- C:\WINDOWS\unin040c.exe

2011-09-13 06:30:10 ----A---- C:\WINDOWS\system32\drivers\avgrkx86.sys

======List of files/folders modified in the last 1 month======

2011-10-11 16:41:28 ----D---- C:\WINDOWS\Prefetch

2011-10-11 14:42:59 ----D---- C:\WINDOWS\Temp

2011-10-11 13:37:29 ----D---- C:\WINDOWS\system32\dllcache

2011-10-11 13:37:24 ----D---- C:\WINDOWS\system32\drivers

2011-10-11 13:37:21 ----D---- C:\WINDOWS\system32\CatRoot

2011-10-11 13:37:20 ----D---- C:\WINDOWS\system32\CatRoot2

2011-10-11 13:33:06 ----SHD---- C:\WINDOWS\Installer

2011-10-11 13:30:55 ----D---- C:\WINDOWS

2011-10-11 13:27:22 ----A---- C:\WINDOWS\SchedLgU.Txt

2011-10-11 12:38:07 ----D---- C:\Program Files\Mozilla Firefox

2011-10-11 12:34:59 ----D---- C:\WINDOWS\WinSxS

2011-10-11 12:34:43 ----D---- C:\WINDOWS\system32

2011-10-11 11:45:48 ----A---- C:\WINDOWS\system.ini

2011-10-11 11:45:37 ----D---- C:\WINDOWS\system32\drivers\etc

2011-10-11 11:44:01 ----D---- C:\WINDOWS\AppPatch

2011-10-11 11:43:57 ----D---- C:\Program Files\Common Files

2011-10-11 10:57:27 ----RD---- C:\Program Files

2011-10-11 10:57:26 ----D---- C:\WINDOWS\system32\wbem

2011-10-11 10:57:25 ----D---- C:\WINDOWS\ime

2011-10-11 10:56:22 ----D---- C:\WINDOWS\system32\config

2011-10-11 10:51:42 ----RASH---- C:\boot.ini

2011-10-10 23:23:53 ----D---- C:\Documents and Settings\Administrator\Application Data\Skype

2011-10-10 23:21:44 ----D---- C:\Documents and Settings\Administrator\Application Data\skypePM

2011-10-10 20:32:51 ----D---- C:\WINDOWS\Registration

2011-10-10 20:26:44 ----HD---- C:\WINDOWS\inf

2011-10-10 20:24:13 ----D---- C:\Documents and Settings\All Users\Application Data\MFAData

2011-10-10 20:21:53 ----D---- C:\WINDOWS\system32\Restore

2011-10-10 14:33:37 ----HD---- C:\Program Files\InstallShield Installation Information

2011-10-10 14:33:08 ----D---- C:\SWSetup

2011-10-07 17:50:11 ----D---- C:\WINDOWS\system32\drivers\AVG

2011-10-07 16:23:30 ----SHD---- C:\System Volume Information

2011-10-07 16:02:42 ----D---- C:\Program Files\AVG

2011-10-07 14:01:51 ----D---- C:\WINDOWS\system32\NtmsData

2011-10-07 13:52:11 ----D---- C:\Program Files\Spybot - Search & Destroy

2011-10-07 13:50:45 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2011-10-06 17:25:37 ----D---- C:\Program Files\Jnes

2011-10-06 17:23:15 ----D---- C:\WINDOWS\repair

2011-10-06 17:19:25 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

2011-10-04 19:54:55 ----AC---- C:\WINDOWS\tabled32.ini

2011-09-19 18:14:20 ----RSD---- C:\WINDOWS\Fonts

2011-09-16 15:49:11 ----D---- C:\Program Files\LucasArts

2011-09-16 15:01:08 ----D---- C:\WINDOWS\system32\DirectX

2011-09-14 18:37:12 ----D---- C:\WINDOWS\Minidump

2011-09-13 09:06:59 ----D---- C:\Documents and Settings\Administrator\Application Data\Mozilla

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648]

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-09-06 30808]

R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-09-06 34392]

R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-09-06 442200]

R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-09-06 320856]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-09-06 52568]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2011-08-08 40016]

R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-05-03 36352]

R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []

R1 SAS***IL;SAS***IL; \??\C:\Program Files\SUPERAntiSpyware\SAS***IL.SYS []

R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-03-20 8832]

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-09-06 20568]

R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-09-06 110552]

R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-03-20 88192]

R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-11-08 127744]

R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-11-16 1066278]

R3 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134608]

R3 AVGIDSFilter;AVGIDSFilter; C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]

R3 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys [2011-07-11 16720]

R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-11-16 190592]

R3 BCM43XX;Treiber Broadcom 802.11 Netzwerkadapter; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-09-28 376320]

R3 GTIPCI21;GTIPCI21; C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2006-09-14 88192]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2007-06-19 1169980]

R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]

R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-05-03 79232]

R3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2004-12-09 46592]

R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-10-13 259840]

R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2007-05-02 290816]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-05-03 20608]

S1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2011-07-11 229840]

S3 b48b7117;b48b7117; C:\WINDOWS\393317300:1265929960.exe []

S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-03-20 10368]

S3 massfilter;ZTE Mass Storage Filter Driver; C:\WINDOWS\system32\drivers\massfilter.sys []

S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]

S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-03-20 22016]

S3 RT73;RT73 USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys []

S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2007-07-18 264576]

S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-05-03 12288]

S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-03-20 60032]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-03-20 32128]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-03-20 26368]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys []

S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys []

S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2011-08-12 116608]

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-09-06 44768]

R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2011-04-13 14336]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-02-12 153376]

R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]

R2 vToolbarUpdater;vToolbarUpdater; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-10-07 246600]

R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\wltrysvc.exe [2005-05-11 65536]

S2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [2011-09-12 5265248]

S2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2011-04-13 14336]

-----------------EOF-----------------

[kape]

OK ... en krijg je nu nog Trojan-meldingen ?

[Pajaso]

Ik heb nog geen trojan melding gehad (die varieeren ook, soms een tijdje niets.. en daarna worden verschillende processen geblokeerd door antivirus prog)

Als ik mijn als ik wifi opstart en er is verbinding, begint na een minuut ofzo allerlei gedoe.

Taakbeheer> svchost.exe SYSTEM begint heel druk te doen en bij het TCP tabje zie ik dat hij enorm veel connecties aan het maken is met verschillende adressen

uiteindelijk blijft hij hangen

12 oktober 2011 aangepast door Pajaso
typo

[Pajaso]

De situatie nu,

avg virus scanner doet het niet.

avast wel, vind en blokeerd wel (verschillende) acties (wanneer hij waakt).

Bij de volledige systeem scan vind hij een rootkit in C:\WINDOWS\system32\drivers\trz1F.tmp ik kan er alleen niets mee doen. "FOUT: there are no more endpoints" krijg ik te lezen als ik wil verplaatsen naar kluis of herstellen of wat dan ook.

als ik een grondige scan opstart blijft hij hangen.

Na deze acties herstart ik de comp op verzoek van avast. eenmaal opgestart is avast uitgeschakeld "X u bent niet beveiligd" herstellen lukt ook niet.

12 oktober 2011 aangepast door Pajaso

[kape]

Download TDSSKiller en plaats het op je bureaublad.

Pak de bestanden in tdsskiller.zip uit.

Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.

Windows 7 en Windows Vista gebruikers:

Rechtsklik op TDSSKiller.exe -> Uitvoeren als Administrator om de tool te starten.

Als TDSSKiller bericht geeft van een beschikbare update, dan voer je deze eerst uit.

Klik op de knop "Start Scan" en volg de instructies.

Wanneer de scan klaar is klik je op de knop "Report".

Er opent een kladblokbestand. Post de inhoud van dit bestand.

Herstart de pc als TDSSKiller die optie geeft. (Reboot now)

Wanneer er een herstart nodig was, vind je de logfile in C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt

En laat daarna Combofix nog eens scannen. Hang ook dit log in een volgende bericht.

[Pajaso]

19:07:03.0968 3236 TDSS rootkit removing tool 2.6.8.0 Oct 12 2011 07:30:54

19:07:04.0140 3236 ============================================================

19:07:04.0140 3236 Current date / time: 2011/10/12 19:07:04.0140

19:07:04.0140 3236 SystemInfo:

19:07:04.0140 3236

19:07:04.0140 3236 OS Version: 5.1.2600 ServicePack: 3.0

19:07:04.0140 3236 Product type: Workstation

19:07:04.0140 3236 ComputerName: REDDA

19:07:04.0140 3236 UserName: Administrator

19:07:04.0140 3236 Windows directory: C:\WINDOWS

19:07:04.0140 3236 System windows directory: C:\WINDOWS

19:07:04.0140 3236 Processor architecture: Intel x86

19:07:04.0140 3236 Number of processors: 1

19:07:04.0140 3236 Page size: 0x1000

19:07:04.0140 3236 Boot type: Normal boot

19:07:04.0140 3236 ============================================================

19:07:05.0859 3236 Initialize success

19:07:09.0109 3548 ============================================================

19:07:09.0109 3548 Scan started

19:07:09.0109 3548 Mode: Manual;

19:07:09.0109 3548 ============================================================

19:07:11.0187 3548 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys

19:07:11.0187 3548 Aavmker4 - ok

19:07:12.0093 3548 Abiosdsk - ok

19:07:13.0031 3548 abp480n5 - ok

19:07:14.0015 3548 ACPI (7517e9b5fe4811cbd7712af820028cc4) C:\WINDOWS\system32\DRIVERS\ACPI.sys

19:07:14.0015 3548 ACPI - ok

19:07:15.0015 3548 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

19:07:15.0031 3548 ACPIEC - ok

19:07:16.0062 3548 adpu160m - ok

19:07:17.0046 3548 aeaudio (ad707942e4ccb28d77cee5ed989c9e55) C:\WINDOWS\system32\drivers\aeaudio.sys

19:07:17.0062 3548 aeaudio - ok

19:07:18.0171 3548 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

19:07:18.0171 3548 aec - ok

19:07:19.0156 3548 AFD (4329004269d30273ac51f93d7834263c) C:\WINDOWS\System32\drivers\afd.sys

19:07:19.0156 3548 AFD - ok

19:07:20.0218 3548 AgereSoftModem (029e01cb2938bec5af31bf47b6af0159) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

19:07:20.0281 3548 AgereSoftModem - ok

19:07:21.0250 3548 Aha154x - ok

19:07:22.0218 3548 aic78u2 - ok

19:07:23.0156 3548 aic78xx - ok

19:07:24.0187 3548 AliIde - ok

19:07:25.0187 3548 amsint - ok

19:07:26.0125 3548 asc - ok

19:07:27.0046 3548 asc3350p - ok

19:07:28.0000 3548 asc3550 - ok

19:07:29.0093 3548 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys

19:07:29.0093 3548 aswFsBlk - ok

19:07:30.0140 3548 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys

19:07:30.0140 3548 aswMon2 - ok

19:07:31.0203 3548 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys

19:07:31.0218 3548 aswRdr - ok

19:07:32.0296 3548 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys

19:07:32.0296 3548 aswSnx - ok

19:07:33.0390 3548 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys

19:07:33.0406 3548 aswSP - ok

19:07:34.0437 3548 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys

19:07:34.0437 3548 aswTdi - ok

19:07:35.0437 3548 AsyncMac (34c951228c152a248357409cb680ce13) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

19:07:35.0437 3548 AsyncMac - ok

19:07:36.0437 3548 atapi (65ea06f8711fb3a64ec7d323e350f456) C:\WINDOWS\system32\DRIVERS\atapi.sys

19:07:36.0437 3548 atapi - ok

19:07:37.0390 3548 Atdisk - ok

19:07:38.0390 3548 Atmarpc (ce372a820e4f4e808b574050ec35c049) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

19:07:38.0390 3548 Atmarpc - ok

19:07:39.0406 3548 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

19:07:39.0406 3548 audstub - ok

19:07:40.0421 3548 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

19:07:40.0421 3548 AVGIDSDriver - ok

19:07:41.0406 3548 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

19:07:41.0406 3548 AVGIDSEH - ok

19:07:42.0390 3548 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

19:07:42.0390 3548 AVGIDSFilter - ok

19:07:43.0390 3548 AVGIDSShim (07eba0c11fa1d73b82ecc3255ddfe34d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

19:07:43.0390 3548 AVGIDSShim - ok

19:07:44.0437 3548 Avgldx86 (f4dbbc8d3c5338693da23c59a50f8abc) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

19:07:44.0437 3548 Avgldx86 - ok

19:07:45.0421 3548 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

19:07:45.0421 3548 Avgmfx86 - ok

19:07:46.0406 3548 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

19:07:46.0406 3548 Avgrkx86 - ok

19:07:47.0390 3548 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

19:07:47.0406 3548 Avgtdix - ok

19:07:47.0531 3548 b48b7117 (19fef0c4ceb8210dda372e3ddb591541) C:\WINDOWS\393317300:1265929960.exe

19:07:47.0531 3548 Suspicious file (Hidden): C:\WINDOWS\393317300:1265929960.exe. md5: 19fef0c4ceb8210dda372e3ddb591541

19:07:47.0531 3548 b48b7117 ( HiddenFile.Multi.Generic ) - warning

19:07:47.0531 3548 b48b7117 - detected HiddenFile.Multi.Generic (1)

19:07:48.0406 3548 b57w2k (2fa609c3411ec5f77f42d0b04d304ae5) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

19:07:48.0421 3548 b57w2k - ok

19:07:49.0468 3548 BCM43XX (fa4a4a50b4b2647afedc676cc68c69cc) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

19:07:49.0484 3548 BCM43XX - ok

19:07:50.0437 3548 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

19:07:50.0437 3548 Beep - ok

19:07:51.0390 3548 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

19:07:51.0390 3548 cbidf2k - ok

19:07:52.0328 3548 cd20xrnt - ok

19:07:53.0328 3548 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

19:07:53.0328 3548 Cdaudio - ok

19:07:54.0343 3548 Cdfs (3a8d04c6533a344973ba5cce5be2609b) C:\WINDOWS\system32\drivers\Cdfs.sys

19:07:54.0343 3548 Cdfs - ok

19:07:55.0703 3548 Cdrom (0cc13b7fe6d2f64efc82cebfe9d2b8f0) C:\WINDOWS\system32\DRIVERS\cdrom.sys

19:07:55.0703 3548 Cdrom - ok

19:07:57.0750 3548 Changer - ok

19:07:59.0234 3548 CmBatt (e2f21d3533aa974bc0e065dacf41a423) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

19:07:59.0234 3548 CmBatt - ok

19:08:00.0562 3548 CmdIde - ok

19:08:01.0750 3548 Compbatt (259fbcc7da88edc311d377976ea33720) C:\WINDOWS\system32\DRIVERS\compbatt.sys

19:08:01.0750 3548 Compbatt - ok

19:08:03.0031 3548 Cpqarray - ok

19:08:04.0265 3548 dac2w2k - ok

19:08:05.0359 3548 dac960nt - ok

19:08:07.0421 3548 Disk (db7ba51015765db476457bedd53d3cfe) C:\WINDOWS\system32\DRIVERS\disk.sys

19:08:07.0484 3548 Disk - ok

19:08:10.0078 3548 dmboot (ba1f9637c50d105fb8ebe334d57bc16e) C:\WINDOWS\system32\drivers\dmboot.sys

19:08:10.0109 3548 dmboot - ok

19:08:11.0406 3548 dmio (a29d408f65291721091bc21a48ceed00) C:\WINDOWS\system32\drivers\dmio.sys

19:08:11.0437 3548 dmio - ok

19:08:13.0718 3548 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

19:08:13.0734 3548 dmload - ok

19:08:15.0828 3548 DMusic (0fdc464e960b5c9665d89fe00bc972a3) C:\WINDOWS\system32\drivers\DMusic.sys

19:08:15.0843 3548 DMusic - ok

19:08:19.0796 3548 dpti2o - ok

19:08:21.0625 3548 drmkaud (6d5ca8474cf00a2765b6d6b35a57e89c) C:\WINDOWS\system32\drivers\drmkaud.sys

19:08:21.0640 3548 drmkaud - ok

19:08:23.0312 3548 Fastfat (bb9c87cc84a747f68c4d0e24d5841e61) C:\WINDOWS\system32\drivers\Fastfat.sys

19:08:23.0312 3548 Fastfat - ok

19:08:26.0171 3548 Fdc (bafd3cc668a29f5070da63469c273127) C:\WINDOWS\system32\drivers\Fdc.sys

19:08:26.0171 3548 Fdc - ok

19:08:28.0218 3548 Fips (cd7388a0e1f2585d0300c9533f4de221) C:\WINDOWS\system32\drivers\Fips.sys

19:08:28.0218 3548 Fips - ok

19:08:29.0468 3548 Flpydisk (50cd9634d0d4e6c9c6e2e8ea27f8e2f6) C:\WINDOWS\system32\drivers\Flpydisk.sys

19:08:29.0468 3548 Flpydisk - ok

19:08:30.0593 3548 FltMgr (d1338fb4160e250ae8a9202f8ac3860f) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

19:08:30.0593 3548 FltMgr - ok

19:08:31.0734 3548 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

19:08:31.0750 3548 Fs_Rec - ok

19:08:32.0781 3548 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

19:08:32.0781 3548 Ftdisk - ok

19:08:34.0484 3548 Gpc (8c7faa02a68d9eef68287a2842bb4f71) C:\WINDOWS\system32\DRIVERS\msgpc.sys

19:08:34.0484 3548 Gpc - ok

19:08:35.0515 3548 GTIPCI21 (f3c9f09aa3eda29a1c841877e7e39158) C:\WINDOWS\system32\DRIVERS\gtipci21.sys

19:08:35.0531 3548 GTIPCI21 - ok

19:08:36.0578 3548 HidUsb (81d2ffea0965a205f257160f1328f18e) C:\WINDOWS\system32\DRIVERS\hidusb.sys

19:08:36.0578 3548 HidUsb - ok

19:08:37.0687 3548 hpn - ok

19:08:38.0890 3548 HTTP (34b3296ad3c624daaaf1884681633c82) C:\WINDOWS\system32\Drivers\HTTP.sys

19:08:38.0906 3548 HTTP - ok

19:08:39.0937 3548 i2omgmt - ok

19:08:40.0906 3548 i2omp - ok

19:08:41.0984 3548 i8042prt (7eb9317a28c4592dee01877286c11bc3) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

19:08:41.0984 3548 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\i8042prt.sys. Real md5: 7eb9317a28c4592dee01877286c11bc3, Fake md5: f641d64e8fd069d91e60511bb5cf4a2d

19:08:41.0984 3548 i8042prt ( Rootkit.Win32.ZAccess.j ) - infected

19:08:41.0984 3548 i8042prt - detected Rootkit.Win32.ZAccess.j (0)

19:08:43.0140 3548 ialm (9e52a1c2e2d7660612c52bc282259852) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

19:08:43.0234 3548 ialm - ok

19:08:44.0312 3548 Imapi (df47d4e6ed89cd0ad7248a7604af706e) C:\WINDOWS\system32\DRIVERS\imapi.sys

19:08:44.0312 3548 Imapi - ok

19:08:45.0718 3548 ini910u - ok

19:08:46.0781 3548 IntelIde - ok

19:08:47.0953 3548 intelppm (09a4677efbe5a0a14e9a090421d851df) C:\WINDOWS\system32\DRIVERS\intelppm.sys

19:08:47.0968 3548 intelppm - ok

19:08:49.0593 3548 Ip6Fw (0f2a14149b767cd62559a4e060d63e0a) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

19:08:49.0609 3548 Ip6Fw - ok

19:08:51.0250 3548 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

19:08:51.0250 3548 IpFilterDriver - ok

19:08:53.0625 3548 IpInIp (f6e4f5f17ead48851b2ca24faf595693) C:\WINDOWS\system32\DRIVERS\ipinip.sys

19:08:53.0625 3548 IpInIp - ok

19:08:54.0859 3548 IpNat (04191cc82eda72c44f9c154bc094ea0d) C:\WINDOWS\system32\DRIVERS\ipnat.sys

19:08:54.0875 3548 IpNat - ok

19:08:56.0312 3548 IPSec (84f6866f355c4c2185eb68206d55c591) C:\WINDOWS\system32\DRIVERS\ipsec.sys

19:08:56.0328 3548 IPSec - ok

19:08:57.0812 3548 irda (4d7852799e5f25b780d5a2b14d010199) C:\WINDOWS\system32\DRIVERS\irda.sys

19:08:57.0828 3548 irda - ok

19:08:58.0890 3548 IRENUM (ca98b430387b7d73d9b52eb4e0ab9d92) C:\WINDOWS\system32\DRIVERS\irenum.sys

19:08:58.0921 3548 IRENUM - ok

19:08:59.0968 3548 isapnp (5a59964bfb9dca86af0c4ae8cc1d6a32) C:\WINDOWS\system32\DRIVERS\isapnp.sys

19:08:59.0968 3548 isapnp - ok

19:09:01.0078 3548 Kbdclass (4780a418e0fa859b09311c87980d0f7e) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

19:09:01.0078 3548 Kbdclass - ok

19:09:02.0140 3548 kmixer (e30be31b27e6fd0c3ab65e87f794e5df) C:\WINDOWS\system32\drivers\kmixer.sys

19:09:02.0140 3548 kmixer - ok

19:09:03.0265 3548 KSecDD (1e8c0c5ac7c40529961bd60451666932) C:\WINDOWS\system32\drivers\KSecDD.sys

19:09:03.0265 3548 KSecDD - ok

19:09:04.0437 3548 lbrtfdc - ok

19:09:05.0593 3548 massfilter - ok

19:09:07.0062 3548 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

19:09:07.0062 3548 mnmdd - ok

19:09:08.0640 3548 Modem (8c0f9f5a284b1db052c31ed629c2a5c3) C:\WINDOWS\system32\drivers\Modem.sys

19:09:08.0640 3548 Modem - ok

19:09:10.0500 3548 Mouclass (06515a5d8482b44e55bab35981888a0e) C:\WINDOWS\system32\DRIVERS\mouclass.sys

19:09:10.0500 3548 Mouclass - ok

19:09:11.0734 3548 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

19:09:11.0734 3548 mouhid - ok

19:09:12.0984 3548 MountMgr (8b64fa7814ed005e57d43155de88398a) C:\WINDOWS\system32\drivers\MountMgr.sys

19:09:13.0000 3548 MountMgr - ok

19:09:14.0140 3548 mraid35x - ok

19:09:15.0906 3548 MRxDAV (53cb9e3b300f4ea15d5b2679b102d09f) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

19:09:15.0921 3548 MRxDAV - ok

19:09:17.0218 3548 MRxSmb (c48d29e1719dedc1a2815b3bd98e780b) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

19:09:17.0234 3548 MRxSmb - ok

19:09:18.0734 3548 Msfs (79e4458da04664b431e6728a18199300) C:\WINDOWS\system32\drivers\Msfs.sys

19:09:18.0750 3548 Msfs - ok

19:09:20.0000 3548 MSIRCOMM (8919a83a813a2292214b7f40eb3867d7) C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys

19:09:20.0015 3548 MSIRCOMM - ok

19:09:21.0718 3548 MSKSSRV (241e77138dee16d546080a794b80284b) C:\WINDOWS\system32\drivers\MSKSSRV.sys

19:09:21.0718 3548 MSKSSRV - ok

19:09:22.0843 3548 MSPCLOCK (f46de5b07ea15e0727f12eb12e710f71) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

19:09:22.0843 3548 MSPCLOCK - ok

19:09:24.0687 3548 MSPQM (c53927217ac0834dc547b396ffc495d9) C:\WINDOWS\system32\drivers\MSPQM.sys

19:09:24.0687 3548 MSPQM - ok

19:09:27.0015 3548 mssmbios (146e70915c378f02476a10bcec3a95c2) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

19:09:27.0015 3548 mssmbios - ok

19:09:28.0109 3548 Mup (254717fc83220bdc790f6c2e57c620bf) C:\WINDOWS\system32\drivers\Mup.sys

19:09:28.0109 3548 Mup - ok

19:09:29.0296 3548 NDIS (aff1aed224d17c8bc38174ed932f68b6) C:\WINDOWS\system32\drivers\NDIS.sys

19:09:29.0296 3548 NDIS - ok

19:09:30.0390 3548 NdisTapi (eaeecd0001f1d43bb3e81b77e8b8483e) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

19:09:30.0421 3548 NdisTapi - ok

19:09:31.0765 3548 Ndisuio (077c330d7e12669d57ed16e4dfabf700) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

19:09:31.0765 3548 Ndisuio - ok

19:09:33.0171 3548 NdisWan (36a503c26f7c81fe7ce71b0b467605dd) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

19:09:33.0171 3548 NdisWan - ok

19:09:34.0562 3548 NDProxy (21769bbeb1b70ddad968002390100b3a) C:\WINDOWS\system32\drivers\NDProxy.sys

19:09:34.0578 3548 NDProxy - ok

19:09:35.0890 3548 NetBIOS (4977fd4bad4b94188e7b101df0e017ef) C:\WINDOWS\system32\DRIVERS\netbios.sys

19:09:35.0890 3548 NetBIOS - ok

19:09:36.0968 3548 NetBT (3294dc900631ee18c86f49e7c26e416b) C:\WINDOWS\system32\DRIVERS\netbt.sys

19:09:36.0968 3548 NetBT - ok

19:09:38.0296 3548 Npfs (bff3844722d795df4c5066aaae957ec8) C:\WINDOWS\system32\drivers\Npfs.sys

19:09:38.0296 3548 Npfs - ok

19:09:38.0296 3548 Suspicious service (NoAccess): nqytr

19:09:39.0921 3548 Ntfs (d7f8a3f743c54c13d78954176ad483a2) C:\WINDOWS\system32\drivers\Ntfs.sys

19:09:39.0937 3548 Ntfs - ok

19:09:42.0078 3548 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

19:09:42.0078 3548 Null - ok

19:09:43.0546 3548 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

19:09:43.0562 3548 NwlnkFlt - ok

19:09:44.0765 3548 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

19:09:44.0765 3548 NwlnkFwd - ok

19:09:46.0625 3548 Parport (9f84cffa068c474084a99bc68bf3ea63) C:\WINDOWS\system32\DRIVERS\parport.sys

19:09:46.0640 3548 Parport - ok

19:09:47.0734 3548 PartMgr (64fc948a8387d3a5fba3cdeb539b1514) C:\WINDOWS\system32\drivers\PartMgr.sys

19:09:47.0734 3548 PartMgr - ok

19:09:48.0796 3548 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

19:09:48.0796 3548 ParVdm - ok

19:09:49.0906 3548 PCI (ef6876118575c85ca4ad39ac6490656c) C:\WINDOWS\system32\DRIVERS\pci.sys

19:09:49.0921 3548 PCI - ok

19:09:51.0156 3548 PCIDump - ok

19:09:52.0734 3548 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

19:09:52.0734 3548 PCIIde - ok

19:09:54.0156 3548 Pcmcia (c1bc00b2c7a782cf5207f1a13745ab65) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

19:09:54.0203 3548 Pcmcia - ok

19:09:55.0640 3548 PDCOMP - ok

19:09:57.0031 3548 PDFRAME - ok

19:09:58.0125 3548 PDRELI - ok

19:09:59.0781 3548 PDRFRAME - ok

19:10:01.0093 3548 perc2 - ok

19:10:02.0296 3548 perc2hib - ok

19:10:03.0437 3548 PptpMiniport (7065eaef0b12cc5339425d575e5a71d3) C:\WINDOWS\system32\DRIVERS\raspptp.sys

19:10:03.0437 3548 PptpMiniport - ok

19:10:04.0468 3548 PSched (7c8c04b524b0823a29ee6b0818ecbbb3) C:\WINDOWS\system32\DRIVERS\psched.sys

19:10:04.0468 3548 PSched - ok

19:10:06.0453 3548 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

19:10:06.0453 3548 Ptilink - ok

19:10:07.0656 3548 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

19:10:07.0656 3548 PxHelp20 - ok

19:10:08.0828 3548 ql1080 - ok

19:10:10.0109 3548 Ql10wnt - ok

19:10:12.0000 3548 ql12160 - ok

19:10:14.0734 3548 ql1240 - ok

19:10:16.0296 3548 ql1280 - ok

19:10:17.0625 3548 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

19:10:17.0640 3548 RasAcd - ok

19:10:19.0265 3548 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys

19:10:19.0265 3548 Rasirda - ok

19:10:21.0250 3548 Rasl2tp (1d0743f4b97fd729511ad5022e0bcbc1) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

19:10:21.0265 3548 Rasl2tp - ok

19:10:22.0640 3548 RasPppoe (04a17ced474f4444d6eff7a1ba169a2e) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

19:10:22.0640 3548 RasPppoe - ok

19:10:23.0656 3548 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

19:10:23.0656 3548 Raspti - ok

19:10:24.0703 3548 Rdbss (d2fd6bd47a5ad252745c96b61b55d7be) C:\WINDOWS\system32\DRIVERS\rdbss.sys

19:10:24.0718 3548 Rdbss - ok

19:10:25.0750 3548 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

19:10:25.0750 3548 RDPCDD - ok

19:10:27.0250 3548 rdpdr (00f5b19217f0ea9a513789dd8214c79b) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

19:10:27.0250 3548 rdpdr - ok

19:10:28.0625 3548 RDPWD (e92dd0b4ab8d73f72fef85282f8dd2e2) C:\WINDOWS\system32\drivers\RDPWD.sys

19:10:28.0640 3548 RDPWD - ok

19:10:29.0656 3548 redbook (bf1bfdad19fd920cc0856886ce91b208) C:\WINDOWS\system32\DRIVERS\redbook.sys

19:10:29.0656 3548 redbook - ok

19:10:30.0812 3548 RT73 - ok

19:10:32.0593 3548 RTL8187B (fe999b16e967c84790be6dc1b4e78f2d) C:\WINDOWS\system32\DRIVERS\RTL8187B.sys

19:10:32.0656 3548 RTL8187B - ok

19:10:32.0828 3548 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

19:10:32.0828 3548 SASDIFSV - ok

19:10:32.0875 3548 SAS***IL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SAS***IL.SYS

19:10:32.0875 3548 SAS***IL - ok

19:10:34.0265 3548 sdbus (75e2c5885b1674ece6ce392f03686a97) C:\WINDOWS\system32\DRIVERS\sdbus.sys

19:10:34.0265 3548 sdbus - ok

19:10:36.0281 3548 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

19:10:36.0281 3548 Secdrv - ok

19:10:37.0968 3548 serenum (19f5a2b382c281ea02525566e8fe6980) C:\WINDOWS\system32\DRIVERS\serenum.sys

19:10:37.0968 3548 serenum - ok

19:10:39.0921 3548 Serial (3dae0c3747f4065d18617ca36f63f104) C:\WINDOWS\system32\DRIVERS\serial.sys

19:10:39.0937 3548 Serial - ok

19:10:41.0093 3548 Sfloppy (0e0d508c42ed31e0ce4877bcbd1dac7e) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

19:10:41.0093 3548 Sfloppy - ok

19:10:42.0078 3548 Simbad - ok

19:10:43.0531 3548 SMCIRDA (62556d170f22c43a544481e4ee16d2e2) C:\WINDOWS\system32\DRIVERS\smcirda.sys

19:10:43.0531 3548 SMCIRDA - ok

19:10:44.0703 3548 smwdm (858934c454bdc6664c752bf0cd3eaeae) C:\WINDOWS\system32\drivers\smwdm.sys

19:10:44.0703 3548 smwdm - ok

19:10:46.0593 3548 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

19:10:46.0593 3548 SONYPVU1 - ok

19:10:47.0843 3548 Sparrow - ok

19:10:49.0171 3548 splitter (d15d4f064889adae4ef9a44797361a95) C:\WINDOWS\system32\drivers\splitter.sys

19:10:49.0187 3548 splitter - ok

19:10:51.0796 3548 sr (b0a078e4f5c4b11ddca9fe48e860687f) C:\WINDOWS\system32\DRIVERS\sr.sys

19:10:51.0812 3548 sr - ok

19:10:52.0843 3548 Srv (9bdb2e5f2c6cebeee1d75ff2eadacafa) C:\WINDOWS\system32\DRIVERS\srv.sys

19:10:52.0859 3548 Srv - ok

19:10:54.0187 3548 swenum (52ca69522d2780008679f486ff2d16a9) C:\WINDOWS\system32\DRIVERS\swenum.sys

19:10:54.0187 3548 swenum - ok

19:10:56.0062 3548 swmidi (d9f7f799db20ce348d2c7f374aae5133) C:\WINDOWS\system32\drivers\swmidi.sys

19:10:56.0062 3548 swmidi - ok

19:11:00.0671 3548 symc810 - ok

19:11:06.0812 3548 symc8xx - ok

19:11:08.0953 3548 sym_hi - ok

19:11:09.0906 3548 sym_u3 - ok

19:11:11.0093 3548 sysaudio (ac17b7e3da6fc911466962bbe1596239) C:\WINDOWS\system32\drivers\sysaudio.sys

19:11:11.0093 3548 sysaudio - ok

19:11:12.0234 3548 Tcpip (37d8387cbd4437c55f454209be10ef11) C:\WINDOWS\system32\DRIVERS\tcpip.sys

19:11:12.0265 3548 Tcpip - ok

19:11:13.0937 3548 TDPIPE (acbb991ba7710ca13e3f7c581365eec0) C:\WINDOWS\system32\drivers\TDPIPE.sys

19:11:13.0937 3548 TDPIPE - ok

19:11:15.0187 3548 TDTCP (b4b829f1accaa80686a9f9264f2050d0) C:\WINDOWS\system32\drivers\TDTCP.sys

19:11:15.0187 3548 TDTCP - ok

19:11:16.0609 3548 TermDD (9357984830dc4f40c3c82489b56ec95b) C:\WINDOWS\system32\DRIVERS\termdd.sys

19:11:16.0609 3548 TermDD - ok

19:11:17.0828 3548 tifm21 (78213f01ce781f93180bef5eb5b3ad81) C:\WINDOWS\system32\drivers\tifm21.sys

19:11:17.0828 3548 tifm21 - ok

19:11:20.0593 3548 TosIde - ok

19:11:23.0625 3548 tunmp (7dfeb4edcd8635eb74f5a08bd67c00bb) C:\WINDOWS\system32\DRIVERS\tunmp.sys

19:11:23.0656 3548 tunmp - ok

19:11:28.0140 3548 Udfs (007c5857eca3624845005d800986e400) C:\WINDOWS\system32\drivers\Udfs.sys

19:11:28.0156 3548 Udfs - ok

19:11:29.0296 3548 ultra - ok

19:11:30.0296 3548 Update (4b633414b8231060c8ceac4575fcb00e) C:\WINDOWS\system32\DRIVERS\update.sys

19:11:30.0328 3548 Update - ok

19:11:31.0328 3548 usbaudio (c17a732c423b3e27072c79e3bc880347) C:\WINDOWS\system32\drivers\usbaudio.sys

19:11:31.0328 3548 usbaudio - ok

19:11:32.0375 3548 usbccgp (7d9ac2328255cb506a9b74fdf2977ce1) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

19:11:32.0390 3548 usbccgp - ok

19:11:33.0750 3548 usbehci (8e9d9764dd8030160fc42e183001113d) C:\WINDOWS\system32\DRIVERS\usbehci.sys

19:11:33.0765 3548 usbehci - ok

19:11:35.0281 3548 usbhub (32889e8b3bb890d5dbcdf866598a2b45) C:\WINDOWS\system32\DRIVERS\usbhub.sys

19:11:35.0281 3548 usbhub - ok

19:11:36.0734 3548 USBSTOR (4c11e52f58b8f691099f9c1b0432a6a6) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

19:11:36.0734 3548 USBSTOR - ok

19:11:38.0734 3548 usbuhci (b4fbc865ce1311f671c18388df73eb80) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

19:11:38.0734 3548 usbuhci - ok

19:11:39.0937 3548 VgaSave (27573609ed1a48065a7174fa6b7f36e5) C:\WINDOWS\System32\drivers\vga.sys

19:11:39.0937 3548 VgaSave - ok

19:11:40.0984 3548 ViaIde - ok

19:11:42.0296 3548 VolSnap (999a7ab63b8f364f4df130d48ba7e972) C:\WINDOWS\system32\drivers\VolSnap.sys

19:11:42.0296 3548 VolSnap - ok

19:11:43.0625 3548 Wanarp (4d91cdfecb032a34c550080b62720e15) C:\WINDOWS\system32\DRIVERS\wanarp.sys

19:11:43.0625 3548 Wanarp - ok

19:11:44.0640 3548 WDICA - ok

19:11:46.0171 3548 wdmaud (971260ff2bdf0371c11e811fa9c64bd8) C:\WINDOWS\system32\drivers\wdmaud.sys

19:11:46.0187 3548 wdmaud - ok

19:11:47.0921 3548 WmiAcpi (b4a2386ce6577a213032a9e25398a398) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

19:11:47.0937 3548 WmiAcpi - ok

19:11:50.0015 3548 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

19:11:50.0062 3548 WudfPf - ok

19:11:51.0953 3548 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

19:11:51.0953 3548 WudfRd - ok

19:11:53.0140 3548 ZTEusbmdm6k - ok

19:11:55.0031 3548 ZTEusbnmea - ok

19:11:56.0718 3548 ZTEusbser6k - ok

19:11:56.0765 3548 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

19:11:56.0953 3548 \Device\Harddisk0\DR0 - ok

19:11:56.0968 3548 Boot (0x1200) (71177a91d835ae3a8dcf60dd069e7e28) \Device\Harddisk0\DR0\Partition0

19:11:56.0968 3548 \Device\Harddisk0\DR0\Partition0 - ok

19:11:56.0968 3548 ============================================================

19:11:56.0968 3548 Scan finished

19:11:56.0968 3548 ============================================================

19:11:56.0984 2744 Detected object count: 2

19:11:56.0984 2744 Actual detected object count: 2

19:12:41.0968 2744 C:\WINDOWS\393317300:1265929960.exe - copied to quarantine

19:12:41.0968 2744 b48b7117 ( HiddenFile.Multi.Generic ) - User select action: Quarantine

19:12:45.0890 2744 Backup copy found, using it..

19:12:45.0906 2744 C:\WINDOWS\system32\DRIVERS\i8042prt.sys - will be cured on reboot

19:12:45.0906 2744 i8042prt ( Rootkit.Win32.ZAccess.j ) - User select action: Cure

19:12:54.0687 3216 Deinitialize success

_________________________________________________________________________________________

ComboFix 11-10-12.01 - Administrator 12/10/2011 19:37:19.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1271.932 [GMT 2:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

ADS - svchost.exe: deleted 88 bytes in 2 streams.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\WINDOWS

C:\Recycle.Bin

C:\RECYCLER(2)

c:\recycler(2)\S-1-5-21-1960408961-854245398-1177238915-500(2)\INFO2

c:\windows\393317300

c:\windows\system32\d3d9caps.dat

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_b48b7117

.

.

((((((((((((((((((((((((( Files Created from 2011-09-12 to 2011-10-12 )))))))))))))))))))))))))))))))

.

.

2011-10-12 17:47 . 2011-10-12 17:47 -------- d-----w- c:\windows\system32\xircom

2011-10-12 17:47 . 2011-10-12 17:47 -------- d-----w- c:\windows\system32\wbem\snmp

2011-10-12 17:12 . 2011-10-12 17:12 -------- d-----w- C:\TDSSKiller_Quarantine

2011-10-12 13:35 . 2011-10-12 13:35 784 ----a-w- c:\windows\trz13.tmp

2011-10-12 13:33 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-10-12 13:33 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-10-12 13:33 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-10-12 13:33 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-10-12 13:33 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-10-12 13:33 . 2011-09-06 20:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-10-12 13:33 . 2011-09-06 20:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-10-12 13:33 . 2011-09-06 20:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-10-12 13:32 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr

2011-10-12 13:32 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-10-11 17:42 . 2011-10-11 17:42 -------- d-----w- c:\windows\system32\wbem\Repository

2011-10-11 14:41 . 2011-10-11 14:41 -------- d-----w- C:\rsit

2011-10-11 06:43 . 2011-10-11 17:41 -------- d-----w- c:\program files\Trend Micro

2011-10-10 18:26 . 2011-10-10 18:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG Secure Search

2011-10-10 18:26 . 2011-10-10 18:26 -------- d-----w- c:\program files\AVG Secure Search

2011-10-10 18:26 . 2011-10-10 18:26 -------- d-----w- c:\program files\Common Files\AVG Secure Search

2011-10-10 12:33 . 2011-10-10 18:22 -------- d-----w- c:\program files\Hewlett-Packard

2011-10-10 12:32 . 2011-10-10 12:32 -------- d-----w- c:\program files\Synaptics

2011-10-07 16:06 . 2011-10-07 16:06 -------- d-----w- c:\program files\AVAST Software

2011-10-07 16:06 . 2011-10-07 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2011-10-07 14:05 . 2011-10-07 14:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG2012

2011-10-07 14:03 . 2011-10-07 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012

2011-10-07 10:53 . 2011-10-07 10:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com

2011-10-07 10:52 . 2011-10-07 10:53 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-10-07 10:52 . 2011-10-07 10:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-10-07 10:35 . 2011-10-07 10:35 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-07 10:28 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-06 17:12 . 2011-10-06 17:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities

2011-10-06 16:39 . 2011-10-06 16:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-06 16:36 . 2011-10-06 16:36 -------- d--h--w- c:\windows\PIF

2011-10-06 16:33 . 2011-10-06 16:38 -------- d-----w- c:\program files\beschermingNIEUW

2011-10-06 15:50 . 2011-10-06 15:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2011-10-06 15:49 . 2011-10-06 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-09-19 16:14 . 1996-06-19 08:08 49664 ----a-w- c:\windows\system32\MFC42FRA.DLL

2011-09-19 16:14 . 1995-12-04 12:08 26624 ----a-w- c:\windows\system32\CTL3D95.DLL

2011-09-19 16:14 . 1997-07-19 15:00 604432 ----a-w- c:\windows\system32\COMCTL32.OCX

2011-09-19 16:14 . 1997-01-13 22:00 49664 ----a-w- c:\windows\system32\MSSTKPRP.DLL

2011-09-19 16:14 . 2011-09-19 16:14 -------- d-----w- c:\program files\Micro Application

2011-09-19 16:09 . 1998-10-07 11:08 327168 ----a-w- c:\windows\IsUn040c.exe

2011-09-16 13:01 . 2008-03-05 14:03 479752 ----a-w- c:\windows\system32\XAudio2_0.dll

2011-09-16 13:01 . 2008-03-05 14:03 238088 ----a-w- c:\windows\system32\xactengine3_0.dll

2011-09-16 13:01 . 2008-03-05 14:00 25608 ----a-w- c:\windows\system32\X3DAudio1_3.dll

2011-09-16 13:01 . 2008-03-05 13:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll

2011-09-16 13:01 . 2008-02-05 21:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll

2011-09-16 13:01 . 2008-03-05 13:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll

2011-09-16 12:41 . 1996-11-06 10:04 302592 ----a-w- c:\windows\unin040c.exe

2011-09-13 04:30 . 2011-09-13 04:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-12 17:13 . 2008-05-03 12:00 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys

2011-08-08 04:08 . 2011-08-08 04:08 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2011-09-06 19:59 . 2011-06-23 06:44 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-05-03 . 37D8387CBD4437C55F454209BE10EF11 . 361344 . . [5.1.2600.5508] . . c:\windows\system32\drivers\tcpip.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2011-10-07 14:03 1451336 ----a-w- c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll" [2011-10-07 1451336]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-09-14 4611456]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Broadcom Wireless Manager UI"="c:\windows\system32\bcmntray" [X]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2007-06-19 101144]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2007-06-19 84760]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2007-06-19 125720]

"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]

"AGRSMMSG"="AGRSMMSG.exe" [2005-11-16 88209]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-10-07 218440]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=NzctNjE0Njc1MzE3LVRCOSsyLUZMKzktUUlYMSs0LUYxME0rNS1YMjAxMCsyLUxJQys3Ny1GTDEwKzEtU1AxKzEtU1AxVEIrMS1TVUQrMS1TMUkrMS1TVTMrMS1ERFQrMjk5MTktREQxMEYrMS1TVDEwRkFQUCsx∏=90&ver=10.0.1410" [?]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2007-08-13 123904]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"MemCheckBoxInRunDlg"= 1 (0x1)

"StartMenuFavorites"= 0 (0x0)

"Start_ShowMyComputer"= 1 (0x1)

"Start_ShowMyDocs"= 1 (0x1)

"Start_ShowMyMusic"= 0 (0x0)

"Start_ShowRun"= 1 (0x1)

"Start_ShowSearch"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"MemCheckBoxInRunDlg"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\prio.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1832:TCP"= 1832:TCP:xrcle

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/12/2011 3:33 PM 442200]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/12/2011 3:33 PM 320856]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 6:27 PM 12880]

R1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [7/12/2011 11:55 PM 67664]

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/12/2011 1:38 AM 116608]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/12/2011 3:33 PM 20568]

R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [10/7/2011 4:04 PM 246600]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [7/11/2011 1:14 AM 16720]

R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [12/24/2009 12:04 AM 88192]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/11/2011 1:13 AM 229840]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [9/12/2011 6:23 AM 5265248]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]

S2 nqytr;System Support;c:\windows\system32\svchost.exe -k netsvcs [5/3/2008 2:00 PM 14336]

S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]

S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [4/6/2010 8:40 PM 264576]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

nqytr

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-854245398-1177238915-500Core.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-14 23:46]

.

2011-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-854245398-1177238915-500UA.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-14 23:46]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=google

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

TCP: DhcpNameServer = 192.168.1.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m0hfi793.default\

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-02800813.sys

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-10-12 19:49

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nqytr]

"ServiceDll"="c:\windows\system32\sgnfzen.dll"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(928)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

- - - - - - - > 'explorer.exe'(3896)

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\OneX.DLL

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\wltrysvc.exe

c:\windows\System32\bcmwltry.exe

c:\windows\System32\SCardSvr.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\AGRSMMSG.exe

c:\windows\system32\bcmntray.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Analog Devices\SoundMAX\SMAgent.exe

.

**************************************************************************

.

Completion time: 2011-10-12 19:51:49 - machine was rebooted

ComboFix-quarantined-files.txt 2011-10-12 17:51

ComboFix2.txt 2011-10-11 09:46

ComboFix3.txt 2011-10-11 09:01

ComboFix4.txt 2011-10-07 14:46

.

Pre-Run: 14 649 196 544 bytes free

Post-Run: 14 843 670 528 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - C04999C383900C2FD47B09ADE613C140

[kape]

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\trz13.tmp

c:\windows\system32\drivers\i8042prt.sys

Folder::

C:\rsit

Driver::

i8042prt.sys

Registry::

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

[Pajaso]

ComboFix 11-10-12.01 - Administrator 12/10/2011 20:13:18.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1271.915 [GMT 2:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

FILE ::

"c:\windows\system32\drivers\i8042prt.sys"

"c:\windows\trz13.tmp"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\rsit

c:\rsit\info.txt

c:\rsit\log.txt

c:\windows\trz13.tmp

.

.

((((((((((((((((((((((((( Files Created from 2011-09-12 to 2011-10-12 )))))))))))))))))))))))))))))))

.

.

2011-10-12 17:47 . 2011-10-12 17:47 -------- d-----w- c:\windows\system32\xircom

2011-10-12 17:47 . 2011-10-12 17:47 -------- d-----w- c:\windows\system32\wbem\snmp

2011-10-12 17:47 . 2011-10-12 17:47 -------- d-----w- c:\program files\microsoft frontpage

2011-10-12 17:12 . 2011-10-12 17:12 -------- d-----w- C:\TDSSKiller_Quarantine

2011-10-12 13:33 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-10-12 13:33 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-10-12 13:33 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-10-12 13:33 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-10-12 13:33 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-10-12 13:33 . 2011-09-06 20:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-10-12 13:33 . 2011-09-06 20:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-10-12 13:33 . 2011-09-06 20:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-10-12 13:32 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr

2011-10-12 13:32 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-10-11 17:42 . 2011-10-11 17:42 -------- d-----w- c:\windows\system32\wbem\Repository

2011-10-11 06:43 . 2011-10-11 17:41 -------- d-----w- c:\program files\Trend Micro

2011-10-10 18:26 . 2011-10-10 18:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG Secure Search

2011-10-10 18:26 . 2011-10-10 18:26 -------- d-----w- c:\program files\AVG Secure Search

2011-10-10 18:26 . 2011-10-10 18:26 -------- d-----w- c:\program files\Common Files\AVG Secure Search

2011-10-10 12:33 . 2011-10-10 18:22 -------- d-----w- c:\program files\Hewlett-Packard

2011-10-10 12:32 . 2011-10-10 12:32 -------- d-----w- c:\program files\Synaptics

2011-10-07 16:06 . 2011-10-07 16:06 -------- d-----w- c:\program files\AVAST Software

2011-10-07 16:06 . 2011-10-07 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2011-10-07 14:05 . 2011-10-07 14:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG2012

2011-10-07 14:03 . 2011-10-07 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012

2011-10-07 10:53 . 2011-10-07 10:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com

2011-10-07 10:52 . 2011-10-07 10:53 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-10-07 10:52 . 2011-10-07 10:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-10-07 10:35 . 2011-10-07 10:35 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-07 10:28 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-06 17:12 . 2011-10-06 17:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities

2011-10-06 16:39 . 2011-10-06 16:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-06 16:36 . 2011-10-06 16:36 -------- d--h--w- c:\windows\PIF

2011-10-06 16:33 . 2011-10-06 16:38 -------- d-----w- c:\program files\beschermingNIEUW

2011-10-06 15:50 . 2011-10-06 15:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2011-10-06 15:49 . 2011-10-06 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-09-19 16:14 . 1996-06-19 08:08 49664 ----a-w- c:\windows\system32\MFC42FRA.DLL

2011-09-19 16:14 . 1995-12-04 12:08 26624 ----a-w- c:\windows\system32\CTL3D95.DLL

2011-09-19 16:14 . 1997-07-19 15:00 604432 ----a-w- c:\windows\system32\COMCTL32.OCX

2011-09-19 16:14 . 1997-01-13 22:00 49664 ----a-w- c:\windows\system32\MSSTKPRP.DLL

2011-09-19 16:14 . 2011-09-19 16:14 -------- d-----w- c:\program files\Micro Application

2011-09-19 16:09 . 1998-10-07 11:08 327168 ----a-w- c:\windows\IsUn040c.exe

2011-09-16 13:01 . 2008-03-05 14:03 479752 ----a-w- c:\windows\system32\XAudio2_0.dll

2011-09-16 13:01 . 2008-03-05 14:03 238088 ----a-w- c:\windows\system32\xactengine3_0.dll

2011-09-16 13:01 . 2008-03-05 14:00 25608 ----a-w- c:\windows\system32\X3DAudio1_3.dll

2011-09-16 13:01 . 2008-03-05 13:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll

2011-09-16 13:01 . 2008-02-05 21:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll

2011-09-16 13:01 . 2008-03-05 13:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll

2011-09-16 12:41 . 1996-11-06 10:04 302592 ----a-w- c:\windows\unin040c.exe

2011-09-13 04:30 . 2011-09-13 04:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-12 17:13 . 2008-05-03 12:00 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys

2011-08-08 04:08 . 2011-08-08 04:08 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2011-09-06 19:59 . 2011-06-23 06:44 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-10-12_17.47.43 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-10-12 17:49 . 2011-10-12 17:49 16384 c:\windows\Temp\Perflib_Perfdata_c0.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2011-10-07 14:03 1451336 ----a-w- c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll" [2011-10-07 1451336]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-09-14 4611456]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Broadcom Wireless Manager UI"="c:\windows\system32\bcmntray" [X]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2007-06-19 101144]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2007-06-19 84760]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2007-06-19 125720]

"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]

"AGRSMMSG"="AGRSMMSG.exe" [2005-11-16 88209]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-10-07 218440]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2007-08-13 123904]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"MemCheckBoxInRunDlg"= 1 (0x1)

"StartMenuFavorites"= 0 (0x0)

"Start_ShowMyComputer"= 1 (0x1)

"Start_ShowMyDocs"= 1 (0x1)

"Start_ShowMyMusic"= 0 (0x0)

"Start_ShowRun"= 1 (0x1)

"Start_ShowSearch"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"MemCheckBoxInRunDlg"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\prio.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1832:TCP"= 1832:TCP:xrcle

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/12/2011 3:33 PM 442200]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/12/2011 3:33 PM 320856]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 6:27 PM 12880]

R1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [7/12/2011 11:55 PM 67664]

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/12/2011 1:38 AM 116608]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/12/2011 3:33 PM 20568]

R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [10/7/2011 4:04 PM 246600]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [7/11/2011 1:14 AM 16720]

R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [12/24/2009 12:04 AM 88192]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/11/2011 1:13 AM 229840]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [9/12/2011 6:23 AM 5265248]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]

S2 nqytr;System Support;c:\windows\system32\svchost.exe -k netsvcs [5/3/2008 2:00 PM 14336]

S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]

S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [4/6/2010 8:40 PM 264576]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

nqytr

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-854245398-1177238915-500Core.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-14 23:46]

.

2011-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-854245398-1177238915-500UA.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-14 23:46]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=google

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

TCP: DhcpNameServer = 192.168.1.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m0hfi793.default\

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-10-12 20:20

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nqytr]

"ServiceDll"="c:\windows\system32\sgnfzen.dll"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(928)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

Completion time: 2011-10-12 20:23:31

ComboFix-quarantined-files.txt 2011-10-12 18:23

ComboFix2.txt 2011-10-12 17:51

ComboFix3.txt 2011-10-11 09:46

ComboFix4.txt 2011-10-11 09:01

ComboFix5.txt 2011-10-12 18:12

.

Pre-Run: 14 844 645 376 bytes free

Post-Run: 14 833 225 728 bytes free

.

- - End Of File - - EBF6D770199F078122C607EBBB4B2ABB