Ga naar inhoud

Pc loopt willekeurig vast of uit

Dhr.Timmers

Door Dhr.Timmers
in Archief Windows Algemeen

 Delen

Aanbevolen berichten

Dhr.Timmers Leerling

Dhr.Timmers

Geplaatst:
  • Auteur
Geplaatst:

oeps sorry perongeluk twee keer de log van MBAM gekopieerd.

HijackThis:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 1:15:34 AM, on 10/8/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16450)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Clownfish\Clownfish.exe

C:\Program Files\MagicDisc\MagicDisc.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Internet Explorer\IELowutil.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Superman\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Superman\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Superman\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Superman\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Superman\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Superman\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Superman\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={FC37D111-7720-4167-B6FB-145BC16EA3E5}&mid=351ce48931e747d090f9d168c3d9dd70-b4ae9af8ca5d3c608fbea93faeb97125020c5efd〈=en&ds=rn011&pr=sa&d=2012-09-16 11:00:35&v=12.2.5.34&sap=hp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"

O4 - HKLM\..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT

O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart

O4 - HKCU\..\Run: [Google Update] "C:\Users\Superman\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [Clownfish] "C:\Program Files\Clownfish\Clownfish.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-858000360-580231295-373337961-1003\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-858000360-580231295-373337961-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: vToolbarUpdater12.2.6 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe

--

End of file - 5723 bytes

Link naar reactie
Delen op andere sites
  • Reacties 42
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

kape Grootmeester

kape

Geplaatst:
Geplaatst:

Dit lijntje is niet gefixed met HijackThis:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={FC37D111-7720-4167-B6FB-145BC16EA3E5}&mid=351ce48931e747d090f9d168c3d9dd70-b4ae9af8ca5d3c608fbea93faeb97125020c5efd〈=en&ds=rn011&pr=sa&d=2012-09-16 11:00:35&v=12.2.5.34&sap=hp

Wil je dat nog eens herhalen ?

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Dan nog eens Combofix er op loslaten.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Link naar reactie
Delen op andere sites
Dhr.Timmers Leerling

Dhr.Timmers

Geplaatst:
  • Auteur
Geplaatst:

ComboFix 12-10-08.03 - Superman 10/09/2012 1:57.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1534.763 [GMT 2:00]

Running from: c:\users\Superman\Downloads\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-09-09 to 2012-10-09 )))))))))))))))))))))))))))))))

.

.

2012-10-09 00:02 . 2012-10-09 00:02 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-10-07 23:16 . 2012-10-07 23:16 -------- d-----w- c:\programdata\Malwarebytes

2012-10-06 23:41 . 2012-10-06 23:41 -------- d-----w- c:\program files\MSXML 4.0

2012-10-06 22:33 . 2012-10-06 22:33 -------- d-----w- c:\program files\NirSoft

2012-10-06 13:14 . 2012-10-06 13:20 -------- d-----w- c:\programdata\Nero

2012-10-06 13:14 . 2012-10-06 13:14 -------- d-----w- c:\program files\Common Files\Nero

2012-10-06 13:13 . 2012-10-06 13:20 -------- d-----w- c:\program files\Nero

2012-10-06 13:11 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll

2012-10-06 13:10 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll

2012-10-06 13:10 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll

2012-10-06 13:09 . 2007-07-19 16:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll

2012-10-06 13:09 . 2007-05-16 14:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll

2012-10-05 18:22 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C57F612-34A9-4ADD-A8A2-9DAD051B39E4}\mpengine.dll

2012-10-05 00:32 . 2012-10-05 00:32 -------- d-----w- c:\windows\nl-NL

2012-10-05 00:32 . 2012-10-05 00:32 -------- d-----w- c:\windows\system32\nl

2012-10-05 00:32 . 2012-10-05 00:32 -------- d-----w- c:\windows\system32\0413

2012-10-05 00:32 . 2012-10-05 00:32 -------- d-----w- c:\windows\system32\XPSViewer

2012-10-05 00:32 . 2012-10-05 00:32 -------- d-----w- c:\windows\system32\drivers\nl-NL

2012-10-05 00:32 . 2012-10-05 00:32 -------- d-----w- c:\windows\system32\drivers\UMDF\nl-NL

2012-10-05 00:32 . 2012-10-05 00:32 -------- d-----w- c:\windows\system32\wbem\nl-NL

2012-10-05 00:27 . 2009-07-13 16:39 3584 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\nl-NL\LXKPTPRC.DLL.mui

2012-10-03 19:37 . 2012-10-03 19:37 -------- d-----w- c:\program files\VideoLAN

2012-10-03 16:47 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll

2012-10-01 21:01 . 2012-10-01 21:01 -------- d-----w- c:\program files\Speccy

2012-09-25 17:58 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-09-22 01:33 . 2012-09-22 01:33 -------- d-----w- c:\program files\2K Games

2012-09-21 13:09 . 2012-09-22 01:31 -------- d-----w- c:\program files\MagicDisc

2012-09-21 13:09 . 2009-02-24 16:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys

2012-09-20 05:31 . 2008-07-31 08:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll

2012-09-20 05:31 . 2008-07-31 08:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll

2012-09-19 07:59 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-09-19 07:59 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys

2012-09-19 07:59 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-09-19 07:59 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys

2012-09-19 07:59 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-09-19 02:15 . 2012-09-19 02:15 -------- d-----w- c:\windows\system32\SPReview

2012-09-19 02:15 . 2012-09-19 02:15 -------- d-----w- c:\windows\system32\EventProviders

2012-09-19 01:48 . 2010-11-20 12:17 322048 ----a-w- c:\windows\system32\RMActivate.exe

2012-09-19 01:47 . 2010-11-20 12:21 51712 ----a-w- c:\windows\system32\wscapi.dll

2012-09-19 01:46 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll

2012-09-19 01:46 . 2010-11-20 12:21 189952 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll

2012-09-19 01:46 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll

2012-09-19 01:46 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\sqmapi.dll

2012-09-18 08:11 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll

2012-09-18 08:11 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll

2012-09-18 08:08 . 2012-10-06 13:11 -------- d-----w- c:\program files\Microsoft.NET

2012-09-18 08:05 . 2012-09-18 08:05 -------- d-----w- c:\windows\system32\Wat

2012-09-18 07:28 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-09-18 07:28 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-09-18 07:28 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll

2012-09-18 07:28 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll

2012-09-18 07:25 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe

2012-09-18 07:20 . 2011-11-17 05:35 314880 ----a-w- c:\windows\system32\webio.dll

2012-09-18 07:20 . 2012-04-28 04:41 919040 ----a-w- c:\windows\system32\rdpcorets.dll

2012-09-18 07:20 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-09-18 07:20 . 2010-11-20 10:24 134656 ----a-w- c:\windows\system32\rdpudd.dll

2012-09-18 07:20 . 2010-11-20 10:21 15872 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys

2012-09-18 07:18 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe

2012-09-18 07:17 . 2011-05-04 04:32 666624 ----a-w- c:\windows\system32\mssvp.dll

2012-09-18 07:16 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll

2012-09-18 07:16 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll

2012-09-18 07:16 . 2011-11-19 14:01 67072 ----a-w- c:\windows\system32\packager.dll

2012-09-18 07:16 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl

2012-09-18 07:16 . 2011-02-23 04:47 69632 ----a-w- c:\windows\system32\drivers\bowser.sys

2012-09-18 07:16 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-09-18 07:16 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-09-18 07:16 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-09-18 07:05 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2012-09-18 07:05 . 2010-11-20 12:29 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2012-09-18 07:05 . 2010-11-20 11:56 107520 ----a-w- c:\windows\system32\cdd.dll

2012-09-18 06:56 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-09-18 06:56 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-09-18 06:56 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-09-18 06:56 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-09-18 06:56 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-09-18 06:56 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-09-18 06:56 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-09-18 06:55 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-09-18 06:55 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-09-17 00:33 . 2012-09-17 00:33 -------- d-----w- c:\program files\Microsoft Silverlight

2012-09-17 00:33 . 2012-09-17 00:33 -------- d-----w- c:\program files\Conduit

2012-09-17 00:32 . 2012-10-04 21:43 -------- d-----w- c:\program files\BitTorrent

2012-09-17 00:26 . 2012-10-02 19:32 -------- d-----w- c:\windows\Panther

2012-09-17 00:16 . 2012-09-16 02:37 -------- d-----w- C:\Windows.old.000

2012-09-16 23:07 . 2008-07-12 06:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll

2012-09-16 23:07 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll

2012-09-16 23:07 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll

2012-09-16 23:07 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll

2012-09-16 23:07 . 2012-09-16 23:07 -------- d-----w- c:\programdata\PassMark

2012-09-16 23:07 . 2012-09-16 23:07 -------- d-----w- c:\program files\PerformanceTest

2012-09-16 09:00 . 2012-09-16 09:00 -------- d-----w- c:\programdata\AVG Secure Search

2012-09-16 09:00 . 2012-09-16 09:00 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2012-09-16 09:00 . 2012-09-16 09:00 -------- d-----w- c:\program files\AVG Secure Search

2012-09-16 09:00 . 2012-09-16 09:00 -------- d-----w- c:\program files\Common Files\AVG Secure Search

2012-09-16 08:59 . 2012-09-16 08:59 -------- d--h--w- c:\programdata\Common Files

2012-09-16 05:26 . 2012-09-25 21:27 -------- d-----w- c:\program files\Guild Wars 2

2012-09-16 05:01 . 2012-09-16 05:01 -------- d-----w- c:\program files\Common Files\Java

2012-09-16 05:01 . 2012-09-16 05:00 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-09-16 05:01 . 2012-09-16 05:00 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-09-16 05:00 . 2012-09-16 05:00 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-09-16 05:00 . 2012-09-16 05:00 -------- d-----w- c:\program files\Java

2012-09-16 04:41 . 2012-08-30 15:57 3487434 ----a-w- c:\windows\system32\nvcoproc.bin

2012-09-16 04:00 . 2012-10-01 16:31 -------- d-----w- c:\program files\SpeedFan

2012-09-16 03:16 . 2012-10-07 23:13 -------- d-----w- c:\users\UpdatusUser

2012-09-16 03:15 . 2012-09-16 03:15 16896 ----a-w- c:\windows\AsTaskSched.dll

2012-09-16 03:15 . 2011-05-10 09:41 865896 ----a-w- c:\windows\system32\nvhdagenco322040.dll

2012-09-16 03:15 . 2012-09-20 05:23 -------- d--h--w- c:\program files\InstallShield Installation Information

2012-09-16 03:15 . 2012-10-08 23:51 -------- d-----w- c:\programdata\NVIDIA

2012-09-16 03:14 . 2012-08-30 15:57 645992 ----a-w- c:\windows\system32\nvvsvc.exe

2012-09-16 03:14 . 2012-08-30 15:57 62312 ----a-w- c:\windows\system32\nvshext.dll

2012-09-16 03:14 . 2012-08-30 15:57 108392 ----a-w- c:\windows\system32\nvmctray.dll

2012-09-16 03:14 . 2012-08-30 15:57 3963240 ----a-w- c:\windows\system32\nvcpl.dll

2012-09-16 03:14 . 2012-08-30 15:57 2836840 ----a-w- c:\windows\system32\nvsvc.dll

2012-09-16 03:14 . 2011-08-03 11:50 2560616 ----a-r- c:\windows\system32\nvsvcr.dll

2012-09-16 03:14 . 2012-09-16 03:14 -------- d-----w- c:\programdata\NVIDIA Corporation

2012-09-16 03:14 . 2012-08-30 19:13 1009512 ----a-w- c:\windows\system32\nvdispco32.dll

2012-09-16 03:14 . 2011-08-03 11:50 875112 ----a-w- c:\windows\system32\nvgenco32.dll

2012-09-16 03:13 . 2011-08-03 11:50 57960 ----a-w- c:\windows\system32\OpenCL.dll

2012-09-16 03:13 . 2012-08-30 19:13 15291752 ----a-w- c:\windows\system32\nvd3dum.dll

2012-09-16 03:13 . 2012-08-30 19:13 2422120 ----a-w- c:\windows\system32\nvapi.dll

2012-09-16 03:12 . 2012-09-16 04:43 -------- d-----w- c:\program files\NVIDIA Corporation

2012-09-16 02:48 . 2012-10-08 14:23 -------- d-----w- c:\programdata\PMB Files

2012-09-16 02:48 . 2012-09-16 02:48 -------- d-----w- c:\program files\Pando Networks

2012-09-16 02:42 . 2012-09-16 02:42 -------- d-----w- c:\program files\Common Files\Skype

2012-09-16 02:42 . 2012-09-16 02:42 -------- d-----r- c:\program files\Skype

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-19 02:20 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll

2012-08-30 08:40 . 2012-08-30 08:40 429416 ----a-w- c:\windows\system32\nvStreaming.exe

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2012-09-21 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll

[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-09-16 09:00 1734240 ----a-w- c:\program files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll" [2012-09-16 1734240]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-09-16 947808]

"ROC_ROC_NT"="c:\program files\AVG Secure Search\ROC_ROC_NT.exe" [2012-09-16 856160]

"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]

.

c:\users\Superman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2012-9-21 576000]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub; [x]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]

S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-10-08 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-16 01:57]

.

2012-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-858000360-580231295-373337961-1001Core.job

- c:\users\Superman\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-16 02:02]

.

2012-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-858000360-580231295-373337961-1001UA.job

- c:\users\Superman\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-16 02:02]

.

.

------- Supplementary Scan -------

.

uStart Page = https://isearch.avg.com/?cid={FC37D111-7720-4167-B6FB-145BC16EA3E5}&mid=351ce48931e747d090f9d168c3d9dd70-b4ae9af8ca5d3c608fbea93faeb97125020c5efd〈=en&ds=rn011&pr=sa&d=2012-09-16 11:00&v=12.2.5.34&sap=hp

TCP: DhcpNameServer = 192.168.2.254

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-10-09 02:04:28

ComboFix-quarantined-files.txt 2012-10-09 00:04

.

Pre-Run: 441,616,052,224 bytes beschikbaar

Post-Run: 443,376,238,592 bytes beschikbaar

.

- - End Of File - - D553EF12C3E2DE881E3A5F406A844F5E

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\drivers\avgtpx86.sys

Folder::

c:\program files\Conduit

c:\programdata\AVG Secure Search

c:\program files\AVG Secure Search

c:\program files\Common Files\AVG Secure Search

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

[-HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[-HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[-HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

Driver::

Avgtp

DDS::

uStart Page = https://isearch.avg.com/?cid={FC37D111-7720-4167-B6FB-145BC16EA3E5}&mid=351ce48931e747d090f9d168c3d9dd70-b4ae9af8ca5d3c608fbea93faeb97125020c5efd〈=en&ds=rn011&pr=sa&d=2012-09-16 11:00&v=12.2.5.34&sap=hp

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites
Dhr.Timmers Leerling

Dhr.Timmers

Geplaatst:
  • Auteur
Geplaatst:

ComboFix 12-10-08.03 - Superman 10/09/2012 11:17:00.2.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1534.628 [GMT 2:00]

Running from: c:\users\Superman\Desktop\ComboFix.exe

Command switches used :: c:\users\Superman\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\system32\drivers\avgtpx86.sys"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\AVG Secure Search

c:\program files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll

c:\program files\AVG Secure Search\about.gif

c:\program files\AVG Secure Search\active-threats18.gif

c:\program files\AVG Secure Search\avguidx.dll

c:\program files\AVG Secure Search\calc.gif

c:\program files\AVG Secure Search\CleanHistory.gif

c:\program files\AVG Secure Search\configuration.xml

c:\program files\AVG Secure Search\current.gif

c:\program files\AVG Secure Search\currently-safe18.gif

c:\program files\AVG Secure Search\Facebook.gif

c:\program files\AVG Secure Search\favicon.ico

c:\program files\AVG Secure Search\feedback.gif

c:\program files\AVG Secure Search\help.gif

c:\program files\AVG Secure Search\icon18.gif

c:\program files\AVG Secure Search\labs.gif

c:\program files\AVG Secure Search\Licenses\Encoding_decoding_base64.txt

c:\program files\AVG Secure Search\Licenses\hmac.txt

c:\program files\AVG Secure Search\Licenses\LICENSE-bsdiff.txt

c:\program files\AVG Secure Search\Licenses\LICENSE-bzip.txt

c:\program files\AVG Secure Search\Licenses\LICENSE-JasonCpp.txt

c:\program files\AVG Secure Search\Licenses\LICENSE-MPL-NPAPI.txt

c:\program files\AVG Secure Search\Licenses\LICENSE-sparsehash.txt

c:\program files\AVG Secure Search\Licenses\PassthruApp.txt

c:\program files\AVG Secure Search\lip.exe

c:\program files\AVG Secure Search\note.gif

c:\program files\AVG Secure Search\PostInstall.exe

c:\program files\AVG Secure Search\PostInstaller.ini

c:\program files\AVG Secure Search\radio\bg.gif

c:\program files\AVG Secure Search\radio\play.gif

c:\program files\AVG Secure Search\radio\play_hover.gif

c:\program files\AVG Secure Search\radio\stop.gif

c:\program files\AVG Secure Search\radio\stop_hover.gif

c:\program files\AVG Secure Search\radio\v_minus.gif

c:\program files\AVG Secure Search\radio\v_minus_1.gif

c:\program files\AVG Secure Search\radio\v_plus.gif

c:\program files\AVG Secure Search\radio\v_plus_1.gif

c:\program files\AVG Secure Search\radio\vol_line_emp.gif

c:\program files\AVG Secure Search\radio\vol_line_full.gif

c:\program files\AVG Secure Search\radio\vol_line_half.gif

c:\program files\AVG Secure Search\remote_configuration.xml

c:\program files\AVG Secure Search\roc_nt.exe

c:\program files\AVG Secure Search\ROC_ROC_NT.exe

c:\program files\AVG Secure Search\search.gif

c:\program files\AVG Secure Search\SecuredSearch.gif

c:\program files\AVG Secure Search\setup.bmp

c:\program files\AVG Secure Search\speed-test.gif

c:\program files\AVG Secure Search\surf-with-caution18.gif

c:\program files\AVG Secure Search\toolbar.zip

c:\program files\AVG Secure Search\Uninstall.exe

c:\program files\AVG Secure Search\uninstall.gif

c:\program files\AVG Secure Search\updating18.gif

c:\program files\AVG Secure Search\vprot.exe

c:\program files\AVG Secure Search\weather.gif

c:\program files\AVG Secure Search\windows.gif

c:\program files\Common Files\AVG Secure Search

c:\program files\Common Files\AVG Secure Search\CommonInstaller\12.2.6\CommonInstaller.exe

c:\program files\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll

c:\program files\Common Files\AVG Secure Search\DriverInstaller\12.2.6\DriverInstaller.exe

c:\program files\Common Files\AVG Secure Search\InstalledProducts.ini

c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\12.2.6\ScriptHelper.exe

c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\npsitesafety.dll

c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll

c:\program files\Common Files\AVG Secure Search\ToolBandTlb\12.2.6\toolband

c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll

c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe

c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\UpdaterConfig.ini

c:\program files\Conduit

c:\program files\Conduit\Community Alerts\Alert.dll

c:\programdata\AVG Secure Search

c:\programdata\AVG Secure Search\12.2.5.34\chrome.manifest

c:\programdata\AVG Secure Search\12.2.5.34\chrome\avg.jar

c:\programdata\AVG Secure Search\12.2.5.34\components\avg-dnt-policy.js

c:\programdata\AVG Secure Search\12.2.5.34\components\toolbarhomeApi.js

c:\programdata\AVG Secure Search\12.2.5.34\icon.png

c:\programdata\AVG Secure Search\12.2.5.34\install.rdf

c:\programdata\AVG Secure Search\12.2.5.34\locale\en-US\global.dtd

c:\programdata\AVG Secure Search\12.2.5.34\locale\en-US\global.properties

c:\programdata\AVG Secure Search\12.2.5.34\modules\avg-dnt-adapter.js

c:\programdata\AVG Secure Search\12.2.5.34\modules\avg.xml

c:\programdata\AVG Secure Search\12.2.5.34\modules\avgJsm.js

c:\programdata\AVG Secure Search\12.2.5.34\modules\Bindings.xml

c:\programdata\AVG Secure Search\12.2.5.34\modules\configuration.js

c:\programdata\AVG Secure Search\12.2.5.34\modules\configuration_0.css

c:\programdata\AVG Secure Search\12.2.5.34\modules\configuration_0.xul

c:\programdata\AVG Secure Search\12.2.5.34\modules\HistoryCleaner.js

c:\programdata\AVG Secure Search\12.2.5.34\modules\IOJsm.js

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\cs\global.dtd

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\cs\global.properties

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\da\global.dtd

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\da\global.properties

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\de\global.dtd

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\de\global.properties

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\en\global.dtd

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\en\global.properties

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\es-es\global.dtd

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\es-es\global.properties

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\es\global.dtd

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\es\global.properties

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\fr\global.dtd

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\fr\global.properties

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\hu\global.dtd

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\hu\global.properties

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\id\global.dtd

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\id\global.properties

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\it\global.dtd

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\it\global.properties

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\ja\global.dtd

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\ja\global.properties

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\ko\global.dtd

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\ko\global.properties

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\ms\global.dtd

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\ms\global.properties

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\nl\global.dtd

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\nl\global.properties

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\pl\global.dtd

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\pl\global.properties

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\pt-br\global.dtd

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\pt-br\global.properties

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\pt\global.dtd

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\pt\global.properties

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\ru\global.dtd

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\ru\global.properties

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\sk\global.dtd

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\sk\global.properties

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\sr\global.dtd

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\sr\global.properties

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\tr\global.dtd

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\tr\global.properties

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\zh-cn\global.dtd

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\zh-cn\global.properties

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\zh-tw\global.dtd

c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\zh-tw\global.properties

c:\programdata\AVG Secure Search\12.2.5.34\modules\Preferences.js

c:\programdata\AVG Secure Search\12.2.5.34\modules\propertiesJsm.js

c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\about.png

c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\active-threats18.png

c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\ajax-loader.gif

c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\calc.png

c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\CleanHistory.png

c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\close.png

c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\current.png

c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\currently-safe18.png

c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\dnt.png

c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\Facebook.gif

c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\feedback.png

c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\feedicon.png

c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\help.png

c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\icon_search.png

c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\icon18.png

c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\information-24.png

c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\labs.png

c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\loader.gif

c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\note.png

c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\questionmarkIcon.png

c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\search.png

c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\SecuredSearch.png

c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\speed-test.png

c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\surf-with-caution18.png

c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\uninstall.png

c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\updating18.png

c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\weather.gif

c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\window-close.png

c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\windows.png

c:\programdata\AVG Secure Search\ChromeExt\12.2.5.34\avg.crx

c:\windows\system32\drivers\avgtpx86.sys

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_AVGTP

-------\Service_avgtp

-------\Service_vToolbarUpdater12.2.6

-------\Service_vToolbarUpdater12.2.6

.

.

((((((((((((((((((((((((( Files Created from 2012-09-09 to 2012-10-09 )))))))))))))))))))))))))))))))

.

.

2012-10-07 23:16 . 2012-10-07 23:16 -------- d-----w- c:\programdata\Malwarebytes

2012-10-06 23:41 . 2012-10-06 23:41 -------- d-----w- c:\program files\MSXML 4.0

2012-10-06 22:33 . 2012-10-06 22:33 -------- d-----w- c:\program files\NirSoft

2012-10-06 13:14 . 2012-10-06 13:20 -------- d-----w- c:\programdata\Nero

2012-10-06 13:14 . 2012-10-06 13:14 -------- d-----w- c:\program files\Common Files\Nero

2012-10-06 13:13 . 2012-10-06 13:20 -------- d-----w- c:\program files\Nero

2012-10-06 13:11 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll

2012-10-06 13:10 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll

2012-10-06 13:10 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll

2012-10-06 13:09 . 2007-07-19 16:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll

2012-10-06 13:09 . 2007-05-16 14:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll

2012-10-05 18:22 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C57F612-34A9-4ADD-A8A2-9DAD051B39E4}\mpengine.dll

2012-10-05 00:32 . 2012-10-05 00:32 -------- d-----w- c:\windows\nl-NL

2012-10-05 00:32 . 2012-10-05 00:32 -------- d-----w- c:\windows\system32\nl

2012-10-05 00:32 . 2012-10-05 00:32 -------- d-----w- c:\windows\system32\0413

2012-10-05 00:32 . 2012-10-05 00:32 -------- d-----w- c:\windows\system32\XPSViewer

2012-10-05 00:32 . 2012-10-05 00:32 -------- d-----w- c:\windows\system32\drivers\nl-NL

2012-10-05 00:32 . 2012-10-05 00:32 -------- d-----w- c:\windows\system32\drivers\UMDF\nl-NL

2012-10-05 00:32 . 2012-10-05 00:32 -------- d-----w- c:\windows\system32\wbem\nl-NL

2012-10-05 00:27 . 2009-07-13 16:39 3584 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\nl-NL\LXKPTPRC.DLL.mui

2012-10-03 19:37 . 2012-10-03 19:37 -------- d-----w- c:\program files\VideoLAN

2012-10-03 16:47 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll

2012-10-01 21:01 . 2012-10-01 21:01 -------- d-----w- c:\program files\Speccy

2012-09-25 17:58 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-09-22 01:33 . 2012-09-22 01:33 -------- d-----w- c:\program files\2K Games

2012-09-21 13:09 . 2012-09-22 01:31 -------- d-----w- c:\program files\MagicDisc

2012-09-21 13:09 . 2009-02-24 16:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys

2012-09-20 05:31 . 2008-07-31 08:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll

2012-09-20 05:31 . 2008-07-31 08:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll

2012-09-19 07:59 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-09-19 07:59 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys

2012-09-19 07:59 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-09-19 07:59 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys

2012-09-19 07:59 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-09-19 02:15 . 2012-09-19 02:15 -------- d-----w- c:\windows\system32\SPReview

2012-09-19 02:15 . 2012-09-19 02:15 -------- d-----w- c:\windows\system32\EventProviders

2012-09-19 01:48 . 2010-11-20 12:17 322048 ----a-w- c:\windows\system32\RMActivate.exe

2012-09-19 01:47 . 2010-11-20 12:21 51712 ----a-w- c:\windows\system32\wscapi.dll

2012-09-19 01:46 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll

2012-09-19 01:46 . 2010-11-20 12:21 189952 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll

2012-09-19 01:46 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll

2012-09-19 01:46 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\sqmapi.dll

2012-09-18 08:11 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll

2012-09-18 08:11 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll

2012-09-18 08:08 . 2012-10-06 13:11 -------- d-----w- c:\program files\Microsoft.NET

2012-09-18 08:05 . 2012-09-18 08:05 -------- d-----w- c:\windows\system32\Wat

2012-09-18 07:28 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-09-18 07:28 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-09-18 07:28 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll

2012-09-18 07:28 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll

2012-09-18 07:25 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe

2012-09-18 07:20 . 2011-11-17 05:35 314880 ----a-w- c:\windows\system32\webio.dll

2012-09-18 07:20 . 2012-04-28 04:41 919040 ----a-w- c:\windows\system32\rdpcorets.dll

2012-09-18 07:20 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-09-18 07:20 . 2010-11-20 10:24 134656 ----a-w- c:\windows\system32\rdpudd.dll

2012-09-18 07:20 . 2010-11-20 10:21 15872 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys

2012-09-18 07:18 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe

2012-09-18 07:17 . 2011-05-04 04:32 666624 ----a-w- c:\windows\system32\mssvp.dll

2012-09-18 07:16 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll

2012-09-18 07:16 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll

2012-09-18 07:16 . 2011-11-19 14:01 67072 ----a-w- c:\windows\system32\packager.dll

2012-09-18 07:16 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl

2012-09-18 07:16 . 2011-02-23 04:47 69632 ----a-w- c:\windows\system32\drivers\bowser.sys

2012-09-18 07:16 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-09-18 07:16 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-09-18 07:16 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-09-18 07:05 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2012-09-18 07:05 . 2010-11-20 12:29 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2012-09-18 07:05 . 2010-11-20 11:56 107520 ----a-w- c:\windows\system32\cdd.dll

2012-09-18 06:56 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-09-18 06:56 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-09-18 06:56 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-09-18 06:56 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-09-18 06:56 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-09-18 06:56 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-09-18 06:56 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-09-18 06:55 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-09-18 06:55 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-09-17 00:33 . 2012-09-17 00:33 -------- d-----w- c:\program files\Microsoft Silverlight

2012-09-17 00:32 . 2012-10-04 21:43 -------- d-----w- c:\program files\BitTorrent

2012-09-17 00:26 . 2012-10-02 19:32 -------- d-----w- c:\windows\Panther

2012-09-17 00:16 . 2012-09-16 02:37 -------- d-----w- C:\Windows.old.000

2012-09-16 23:07 . 2008-07-12 06:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll

2012-09-16 23:07 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll

2012-09-16 23:07 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll

2012-09-16 23:07 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll

2012-09-16 23:07 . 2012-09-16 23:07 -------- d-----w- c:\programdata\PassMark

2012-09-16 23:07 . 2012-09-16 23:07 -------- d-----w- c:\program files\PerformanceTest

2012-09-16 08:59 . 2012-09-16 08:59 -------- d--h--w- c:\programdata\Common Files

2012-09-16 05:26 . 2012-09-25 21:27 -------- d-----w- c:\program files\Guild Wars 2

2012-09-16 05:01 . 2012-09-16 05:01 -------- d-----w- c:\program files\Common Files\Java

2012-09-16 05:01 . 2012-09-16 05:00 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-09-16 05:01 . 2012-09-16 05:00 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-09-16 05:00 . 2012-09-16 05:00 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-09-16 05:00 . 2012-09-16 05:00 -------- d-----w- c:\program files\Java

2012-09-16 04:41 . 2012-08-30 15:57 3487434 ----a-w- c:\windows\system32\nvcoproc.bin

2012-09-16 04:00 . 2012-10-01 16:31 -------- d-----w- c:\program files\SpeedFan

2012-09-16 03:16 . 2012-10-09 01:39 -------- d-----w- c:\users\UpdatusUser

2012-09-16 03:15 . 2012-09-16 03:15 16896 ----a-w- c:\windows\AsTaskSched.dll

2012-09-16 03:15 . 2011-05-10 09:41 865896 ----a-w- c:\windows\system32\nvhdagenco322040.dll

2012-09-16 03:15 . 2012-09-20 05:23 -------- d--h--w- c:\program files\InstallShield Installation Information

2012-09-16 03:15 . 2012-10-09 09:23 -------- d-----w- c:\programdata\NVIDIA

2012-09-16 03:14 . 2012-08-30 15:57 645992 ----a-w- c:\windows\system32\nvvsvc.exe

2012-09-16 03:14 . 2012-08-30 15:57 62312 ----a-w- c:\windows\system32\nvshext.dll

2012-09-16 03:14 . 2012-08-30 15:57 108392 ----a-w- c:\windows\system32\nvmctray.dll

2012-09-16 03:14 . 2012-08-30 15:57 3963240 ----a-w- c:\windows\system32\nvcpl.dll

2012-09-16 03:14 . 2012-08-30 15:57 2836840 ----a-w- c:\windows\system32\nvsvc.dll

2012-09-16 03:14 . 2011-08-03 11:50 2560616 ----a-r- c:\windows\system32\nvsvcr.dll

2012-09-16 03:14 . 2012-09-16 03:14 -------- d-----w- c:\programdata\NVIDIA Corporation

2012-09-16 03:14 . 2012-08-30 19:13 1009512 ----a-w- c:\windows\system32\nvdispco32.dll

2012-09-16 03:14 . 2011-08-03 11:50 875112 ----a-w- c:\windows\system32\nvgenco32.dll

2012-09-16 03:13 . 2011-08-03 11:50 57960 ----a-w- c:\windows\system32\OpenCL.dll

2012-09-16 03:13 . 2012-08-30 19:13 15291752 ----a-w- c:\windows\system32\nvd3dum.dll

2012-09-16 03:13 . 2012-08-30 19:13 2422120 ----a-w- c:\windows\system32\nvapi.dll

2012-09-16 03:12 . 2012-09-16 04:43 -------- d-----w- c:\program files\NVIDIA Corporation

2012-09-16 02:48 . 2012-10-08 14:23 -------- d-----w- c:\programdata\PMB Files

2012-09-16 02:48 . 2012-09-16 02:48 -------- d-----w- c:\program files\Pando Networks

2012-09-16 02:42 . 2012-09-16 02:42 -------- d-----w- c:\program files\Common Files\Skype

2012-09-16 02:42 . 2012-09-16 02:42 -------- d-----r- c:\program files\Skype

2012-09-16 02:42 . 2012-10-06 23:41 -------- d-sh--w- c:\windows\Installer

2012-09-16 02:42 . 2012-09-16 02:42 -------- d-----w- c:\programdata\Skype

2012-09-16 02:10 . 2012-05-31 10:25 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-09-16 01:57 . 2012-09-16 01:57 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-16 01:57 . 2012-09-16 01:57 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-09-16 01:57 . 2012-09-16 01:57 -------- d-----w- c:\windows\system32\Macromed

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-19 02:20 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll

2012-08-30 08:40 . 2012-08-30 08:40 429416 ----a-w- c:\windows\system32\nvStreaming.exe

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2012-09-21 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll

[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]

.

c:\users\Superman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2012-9-21 576000]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub; [x]

S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-10-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-16 01:57]

.

2012-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-858000360-580231295-373337961-1001Core.job

- c:\users\Superman\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-16 02:02]

.

2012-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-858000360-580231295-373337961-1001UA.job

- c:\users\Superman\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-16 02:02]

.

.

------- Supplementary Scan -------

.

TCP: DhcpNameServer = 192.168.2.254

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe

HKLM-Run-ROC_ROC_NT - c:\program files\AVG Secure Search\ROC_ROC_NT.exe

AddRemove-AVG Secure Search - c:\program files\AVG Secure Search\UNINSTALL.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\AUDIODG.EXE

c:\program files\NVIDIA Corporation\Display\nvxdsync.exe

c:\windows\system32\nvvsvc.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\conhost.exe

c:\program files\NVIDIA Corporation\Display\nvtray.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Completion time: 2012-10-09 11:26:50 - machine was rebooted

ComboFix-quarantined-files.txt 2012-10-09 09:26

ComboFix2.txt 2012-10-09 00:04

.

Pre-Run: 443,389,526,016 bytes beschikbaar

Post-Run: 443,256,975,360 bytes beschikbaar

.

- - End Of File - - 4C609411942CC954081104BBB220C173

Link naar reactie
Delen op andere sites
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.