micheldesmedt
-
Items
9 -
Registratiedatum
-
Laatst bezocht
micheldesmedt's prestaties
-
Dank U wel! Gelukt! Probleempje opgelost! Michel
-
Kan iemand me helpen? na installatie van Windows 7 x64 probeer ik mijn printer te installeren en ik krijg de melding dat ik een 64bits compatibele versie van de installatieschijf moet vragen aan HP... Hoe los ik dit op?
-
Isass.exe.DLL geïnfecteerd
micheldesmedt reageerde op micheldesmedt's topic in Archief Bestrijding malware & virussen
OPGELOST! Alle gekheid op een stokje: ik ben heel blij en opgelucht dat alle problemen opgelost zijn. Ik heb Ccleaner doorlopen en alle herstelpunten verwijderd. Zou ik Ccleaner ook best verwijderen? Of is dat nog een handig programma voor in de toekomst? In ieder geval: HARTELIJK BEDANKT voor de snelle, duidelijke, gratis onlinehulp. Dit is de redding voor de vele leken in PC-land. Het beste, Michel :ciao::ciao::ciao::ciao::ciao::ciao::ciao::ciao::ciao: -
Isass.exe.DLL geïnfecteerd
micheldesmedt reageerde op micheldesmedt's topic in Archief Bestrijding malware & virussen
SCHITTEREND! Alles is opgelost! Nen dikke merci! Het beste, Michel -
Isass.exe.DLL geïnfecteerd
micheldesmedt reageerde op micheldesmedt's topic in Archief Bestrijding malware & virussen
GELUKT! Combofix log: ComboFix 10-04-26.05 - Michel 28/04/2010 10:17:12.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.454 [GMT 2:00] Running from: c:\program files\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Johan\Application Data\Mozilla\Firefox\Profiles\xpaffi18.default\extensions\{b1ccdae1-3506-4f05-91c5-8f7d0fc459ed} c:\documents and settings\Johan\Application Data\Mozilla\Firefox\Profiles\xpaffi18.default\extensions\{b1ccdae1-3506-4f05-91c5-8f7d0fc459ed}\chrome.manifest c:\documents and settings\Johan\Application Data\Mozilla\Firefox\Profiles\xpaffi18.default\extensions\{b1ccdae1-3506-4f05-91c5-8f7d0fc459ed}\chrome\xulcache.jar c:\documents and settings\Johan\Application Data\Mozilla\Firefox\Profiles\xpaffi18.default\extensions\{b1ccdae1-3506-4f05-91c5-8f7d0fc459ed}\defaults\preferences\xulcache.js c:\documents and settings\Johan\Application Data\Mozilla\Firefox\Profiles\xpaffi18.default\extensions\{b1ccdae1-3506-4f05-91c5-8f7d0fc459ed}\install.rdf c:\documents and settings\Michel\Application Data\Mozilla\Firefox\Profiles\5rcbfauh.default\extensions\{b1ccdae1-3506-4f05-91c5-8f7d0fc459ed} c:\documents and settings\Michel\Application Data\Mozilla\Firefox\Profiles\5rcbfauh.default\extensions\{b1ccdae1-3506-4f05-91c5-8f7d0fc459ed}\chrome.manifest c:\documents and settings\Michel\Application Data\Mozilla\Firefox\Profiles\5rcbfauh.default\extensions\{b1ccdae1-3506-4f05-91c5-8f7d0fc459ed}\chrome\xulcache.jar c:\documents and settings\Michel\Application Data\Mozilla\Firefox\Profiles\5rcbfauh.default\extensions\{b1ccdae1-3506-4f05-91c5-8f7d0fc459ed}\defaults\preferences\xulcache.js c:\documents and settings\Michel\Application Data\Mozilla\Firefox\Profiles\5rcbfauh.default\extensions\{b1ccdae1-3506-4f05-91c5-8f7d0fc459ed}\install.rdf c:\documents and settings\Michel\System c:\documents and settings\Michel\System\win_qs8.jqx c:\documents and settings\Simon\Application Data\2D15C61EEE71B2CF45FD5F291B92BDF1 c:\documents and settings\Simon\Application Data\2D15C61EEE71B2CF45FD5F291B92BDF1\enemies-names.txt c:\documents and settings\Simon\Application Data\2D15C61EEE71B2CF45FD5F291B92BDF1\lsrslt.ini c:\documents and settings\Simon\Application Data\Mozilla\Firefox\Profiles\uxj8wz87.default\extensions\{b1ccdae1-3506-4f05-91c5-8f7d0fc459ed} c:\documents and settings\Simon\Application Data\Mozilla\Firefox\Profiles\uxj8wz87.default\extensions\{b1ccdae1-3506-4f05-91c5-8f7d0fc459ed}\chrome.manifest c:\documents and settings\Simon\Application Data\Mozilla\Firefox\Profiles\uxj8wz87.default\extensions\{b1ccdae1-3506-4f05-91c5-8f7d0fc459ed}\chrome\xulcache.jar c:\documents and settings\Simon\Application Data\Mozilla\Firefox\Profiles\uxj8wz87.default\extensions\{b1ccdae1-3506-4f05-91c5-8f7d0fc459ed}\defaults\preferences\xulcache.js c:\documents and settings\Simon\Application Data\Mozilla\Firefox\Profiles\uxj8wz87.default\extensions\{b1ccdae1-3506-4f05-91c5-8f7d0fc459ed}\install.rdf c:\program files\Trend Micro\HiJackThis\backups\backup-20100427-220650-258.dll c:\program files\Trend Micro\HiJackThis\backups\backup-20100427-220650-880.dll c:\windows\system32\chvgacgg.dll c:\windows\system32\drivers\mwgnrkio.sys c:\windows\system32\drivers\woihloll.sys c:\windows\system32\lofnryb.dll c:\windows\system32\ltquokfy.dll c:\windows\system32\xeoqmnsfakr.dll c:\windows\system32\zcieuia.dll c:\windows\Tasks\At1.job . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MWGNRKIO -------\Legacy_SSHNAS -------\Legacy_YAHQMCCB -------\Service_mwgnrkio -------\Service_yahqmccb ((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-28 ))))))))))))))))))))))))))))))) . 2010-04-27 20:10 . 2010-04-27 20:10 -------- d-----w- c:\documents and settings\Michel\Application Data\Malwarebytes 2010-04-27 20:10 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-27 20:10 . 2010-04-27 20:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-04-27 20:10 . 2010-04-27 20:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-27 20:10 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-26 19:06 . 2010-04-26 19:06 -------- d-----w- c:\documents and settings\Michel\Application Data\Office Genuine Advantage 2010-04-26 19:04 . 2010-04-26 19:04 -------- d-----w- c:\windows\system32\KB905474 2010-04-26 19:04 . 2009-03-10 20:26 1403264 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe 2010-04-26 19:04 . 2009-03-10 20:18 453512 ----a-w- c:\windows\system32\KB905474\wgasetup.exe 2010-04-26 15:07 . 2010-04-26 15:07 -------- d-----w- c:\documents and settings\Simon\Application Data\Office Genuine Advantage 2010-04-26 14:30 . 2009-10-20 14:41 265728 -c----w- c:\windows\system32\dllcache\http.sys 2010-04-26 14:30 . 2009-11-27 17:04 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll 2010-04-26 14:30 . 2009-11-27 16:37 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll 2010-04-26 14:30 . 2009-11-27 16:37 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll 2010-04-26 14:27 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2010-04-26 14:23 . 2010-04-26 14:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2010-04-26 09:52 . 2010-04-26 09:52 388096 ----a-r- c:\documents and settings\Michel\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-04-26 09:52 . 2010-04-26 09:52 -------- d-----w- c:\program files\Trend Micro 2010-04-26 09:09 . 2010-04-26 09:09 -------- d-----w- c:\windows\ServicePackFiles 2010-04-26 09:09 . 2010-04-26 09:09 -------- d-----w- c:\program files\MSXML 6.0 2010-04-26 09:08 . 2004-08-03 23:56 221184 ----a-w- c:\windows\system32\wmpns.dll 2010-04-26 09:02 . 2010-04-26 09:02 -------- d-----w- c:\program files\MSXML 4.0 2010-04-26 08:59 . 2010-04-26 08:59 -------- d-----w- c:\windows\system32\LogFiles 2010-04-25 10:40 . 2010-04-26 09:35 -------- d-----w- c:\windows\system32\CatRoot_bak 2010-04-25 10:34 . 2010-04-25 10:34 10752 ----a-w- c:\windows\DCEBoot.exe 2010-04-25 10:28 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2010-04-25 09:40 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2010-04-25 09:40 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys 2010-04-25 09:39 . 2009-06-09 14:53 53248 -c----w- c:\windows\system32\dllcache\tsgqec.dll 2010-04-25 09:39 . 2009-06-09 14:53 290816 -c----w- c:\windows\system32\dllcache\rhttpaa.dll 2010-04-25 09:39 . 2009-06-09 14:53 136192 -c----w- c:\windows\system32\dllcache\aaclient.dll 2010-04-25 09:38 . 2010-02-24 12:48 457216 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2010-04-25 09:34 . 2010-02-16 17:37 2186880 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2010-04-25 09:34 . 2010-02-16 17:35 2143744 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2010-04-25 09:34 . 2010-02-17 09:57 2063744 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe 2010-04-25 09:34 . 2010-02-16 16:57 2021888 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2010-04-25 08:22 . 2010-04-25 09:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software 2010-04-24 21:14 . 2010-04-24 21:26 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-04-24 20:47 . 2010-04-24 20:47 -------- d-----w- C:\$AVG 2010-04-24 20:46 . 2010-04-24 20:46 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-04-24 20:46 . 2010-04-24 20:46 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-04-24 20:46 . 2010-04-24 20:46 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-04-24 20:46 . 2010-04-24 20:46 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-04-24 20:45 . 2010-04-28 06:51 -------- d-----w- c:\windows\system32\drivers\Avg 2010-04-24 20:43 . 2010-04-28 07:22 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-04-24 18:17 . 2009-06-30 07:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys 2010-04-24 18:16 . 2010-04-24 18:16 -------- d-----w- c:\program files\Panda Security 2010-04-24 18:07 . 2010-04-24 18:07 -------- d-----w- c:\windows\McAfee.com 2010-04-24 17:33 . 2010-04-24 17:33 -------- d-----w- c:\documents and settings\Michel\Application Data\SMART Technologies Inc 2010-04-24 17:14 . 2010-04-24 17:14 -------- d-----w- c:\documents and settings\Simon\Application Data\SMART Technologies Inc 2010-04-24 17:07 . 2010-04-24 17:07 -------- d-----w- c:\documents and settings\Simon\Application Data\AccurateRip 2010-04-24 15:53 . 2010-04-24 15:53 163328 ----a-w- c:\windows\Unyhea.exe 2010-04-19 07:04 . 2010-04-19 07:04 -------- d-----w- c:\documents and settings\Johan\Local Settings\Application Data\WMTools Downloaded Files 2010-04-16 20:06 . 2010-04-16 20:06 1190379 ----a-w- c:\program files\calrepwin1.6.1.zip 2010-03-31 16:53 . 2010-03-31 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-28 08:07 . 2010-04-28 08:07 3920093 ----a-r- c:\program files\ComboFix.exe 2010-04-27 16:15 . 2010-04-27 16:15 -------- d-----w- c:\program files\MSBuild 2010-04-27 16:15 . 2010-04-27 16:15 -------- d-----w- c:\program files\Reference Assemblies 2010-04-26 19:22 . 2008-12-09 07:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-04-25 08:22 . 2009-06-26 06:52 -------- d-----w- c:\program files\Alwil Software 2010-04-24 20:43 . 2008-12-13 19:40 -------- d-----w- c:\program files\AVG 2010-04-24 17:46 . 2009-11-17 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SMART Technologies 2010-04-23 09:54 . 2009-03-24 08:55 -------- d-----w- c:\documents and settings\Johan\Application Data\U3 2010-04-20 22:00 . 2008-12-09 07:37 -------- d-----w- c:\program files\Google 2010-04-18 16:07 . 2009-03-24 15:45 -------- d-----w- c:\documents and settings\Simon\Application Data\U3 2010-04-15 15:17 . 2008-12-04 16:29 -------- d-----w- c:\program files\Aldfaer 2010-04-08 19:49 . 2010-03-21 11:12 -------- d-----w- c:\program files\MyHeritage 2010-04-08 19:49 . 2010-03-21 11:13 -------- d-----w- c:\program files\Family Toolbar 2010-03-31 16:54 . 2009-11-21 23:00 -------- d-----w- c:\program files\QuickTime 2010-03-24 09:47 . 2009-03-14 21:53 -------- d-----w- c:\documents and settings\Michel\Application Data\U3 2010-03-21 12:39 . 2010-03-21 11:17 -------- d-----w- c:\documents and settings\All Users\Application Data\MyHeritage 2010-03-21 11:30 . 2010-03-21 11:30 -------- d-----w- c:\documents and settings\Simon\Application Data\MyHeritage 2010-03-21 11:17 . 2010-03-21 11:17 -------- d-----w- c:\documents and settings\Michel\Application Data\MyHeritage 2010-03-16 20:09 . 2009-01-30 19:31 -------- d-----w- c:\documents and settings\Judith\Application Data\U3 2010-03-11 11:49 . 2007-05-21 10:27 841216 ----a-w- c:\windows\system32\wininet.dll 2010-03-11 11:49 . 2007-05-21 10:28 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-03-11 11:49 . 2007-05-21 10:35 17408 ----a-w- c:\windows\system32\corpol.dll 2010-03-10 21:17 . 2008-12-03 20:33 -------- d-----w- c:\program files\Common Files\Adobe 2010-03-09 11:09 . 2007-05-21 10:27 430080 ----a-w- c:\windows\system32\vbscript.dll 2010-02-24 12:48 . 2007-05-21 10:26 457216 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-16 17:35 . 2007-05-21 10:26 2143744 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 16:57 . 2007-02-28 11:16 2021888 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 04:36 . 2007-05-21 10:25 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 11:08 . 2007-05-21 10:27 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2009-03-18 10:37 . 2009-03-18 10:37 6122809 -c--a-w- c:\program files\myphotobook-Setup.exe 2009-05-01 21:02 . 2009-05-01 21:02 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "g:\\games\\AC\\AssassinsCreed_Dx9.exe"= "g:\\games\\AC\\AssassinsCreed_Dx10.exe"= "g:\\games\\AC\\AssassinsCreed_Launcher.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "16611:TCP"= 16611:TCP:BitComet 16611 TCP "16611:UDP"= 16611:UDP:BitComet 16611 UDP R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [24/04/2010 20:17 28552] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [24/04/2010 22:46 216200] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [24/04/2010 22:46 242896] R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [20/10/2004 5:47 98304] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [24/04/2010 22:44 308064] R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [20/10/2004 4:40 118784] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/01/2010 17:43 135664] S3 itexadsla2;ITeX ADSL PCI NIC Service;c:\windows\system32\drivers\itexwana.sys [11/09/2001 11:15 432640] S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [23/04/2007 14:54 83208] S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [23/04/2007 14:54 15112] S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [23/04/2007 14:54 108680] S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [23/04/2007 14:54 100488] S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [23/04/2007 14:54 98568] --- Other Services/Drivers In Memory --- *NewlyCreated* - MWGNRKIO *Deregistered* - mwgnrkio . Contents of the 'Scheduled Tasks' folder 2010-04-28 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-09 13:45] 2010-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-02 15:43] 2010-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-02 15:43] 2010-04-28 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07] 2010-04-28 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2010-04-26 20:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://ecosia.org/ IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: dexia.be Trusted Zone: google.be\www Trusted Zone: informatsoftware.be Trusted Zone: informatsoftware.be\www FF - ProfilePath - c:\documents and settings\Michel\Application Data\Mozilla\Firefox\Profiles\5rcbfauh.default\ FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "Firefox web browser | Faster, more secure, & customizable"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - ORPHANS REMOVED - - - - WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file) ShellIconOverlayIdentifiers-{EA38C044-22C9-4BF0-AC29-C8473353BB22} - (no file) AddRemove-SmartDraw 2009 - c:\program files\SmartDraw 2009\Unwise.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-04-28 10:23 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|é•A~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\(–€|ÿÿÿÿg•€|é•A~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2232) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgcsrvx.exe . ************************************************************************** . Completion time: 2010-04-28 10:25:58 - machine was rebooted ComboFix-quarantined-files.txt 2010-04-28 08:25 Pre-Run: 39.291.269.120 bytes free Post-Run: 40.601.546.752 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 3F3957F45426B910618A1CA9A61FC278 HJT log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:29:55, on 28/04/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.21228) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Ecosia R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263370399906 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263370354468 O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5962/mcfscan.cab O17 - HKLM\System\CS1\Services\Tcpip\..\{2BAB888F-205D-4DD8-84BB-D3A07FDD4E94}: NameServer = 193.74.208.65 194.119.228.67 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- End of file - 5881 bytes Hopelijk is het nu in orde? -
Isass.exe.DLL geïnfecteerd
micheldesmedt reageerde op micheldesmedt's topic in Archief Bestrijding malware & virussen
Eerst heb ik Hijackthis uitgevoerd en de items verwijderd zoals beschreven. Dit ging prima. Dan heb ik Combo.fix gedownload. Maar ik kreeg geen meldingen dat ik mijn antivirus moest afzetten. Ik starte Combofix.exe door op run te klikken op de Run of Save vraag. ik kreeg een kleine grijze balk centraal op mijn scherm met een blauw voortgangsbalkje. Toen deze ten einde liep, kreeg ik geen txt van Combofix... dus heb ik ook geen Log. Wel kreeg ik een Error-melding: You cannot rename comboFix as ComboFix[1]. Please use another name, preferbaly made of alphanumeric characters. OK. Als ik de PC heropstart krijg ik van AVG melding dat het trojaanse paard PSW.Agent.AFFO nog steeds Windows\system32\lofnryb.dll infecteert. Heb ik een fout gemaakt bij het downloaden van ComboFix? -
Isass.exe.DLL geïnfecteerd
micheldesmedt reageerde op micheldesmedt's topic in Archief Bestrijding malware & virussen
Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 4043 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.13 27/04/2010 22:23:24 mbam-log-2010-04-27 (22-23-24).txt Scan type: Quick scan Objects scanned: 141857 Time elapsed: 9 minute(s), 6 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 11 Registry Values Infected: 0 Registry Data Items Infected: 3 Folders Infected: 14 Files Infected: 6 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{a9722a0d-365f-47d2-b70b-37d046316d99} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\epxyalfhjritjvoen (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\.fsharproj (Trojan.Tracur) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adhlpr.adhlpr (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adhlpr.adhlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\Documents and Settings\Michel\Application Data\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Documents and Settings\Michel\Application Data\Smart-Ads-Solutions\SmartAds (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Documents and Settings\Johan\Application Data\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Documents and Settings\Johan\Application Data\Smart-Ads-Solutions\SmartAds (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Documents and Settings\Judith\Application Data\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Documents and Settings\Judith\Application Data\Smart-Ads-Solutions\SmartAds (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Documents and Settings\Lieve\Application Data\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Documents and Settings\Lieve\Application Data\Smart-Ads-Solutions\SmartAds (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Documents and Settings\Simon\Application Data\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Documents and Settings\Simon\Application Data\Smart-Ads-Solutions\SmartAds (Adware.SmartAds) -> Quarantined and deleted successfully. C:\Documents and Settings\Simon\Application Data\ezLife (Adware.EzLife) -> Quarantined and deleted successfully. C:\Documents and Settings\Simon\Application Data\ezLife\ezLife (Adware.EzLife) -> Quarantined and deleted successfully. C:\Program Files\ezLife (Adware.EzLife) -> Quarantined and deleted successfully. C:\Program Files\ezLife\ezLife (Adware.EzLife) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\epxyalfhjritjvoen.exe (Adware.Adrotator) -> Quarantined and deleted successfully. C:\Documents and Settings\Simon\Application Data\ezLife\ezLife\log.xml (Adware.EzLife) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Simon\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:33:04, on 27/04/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.21228) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ecosia.org/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: (no name) - {EA38C044-22C9-4BF0-AC29-C8473353BB22} - c:\windows\system32\lofnryb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263370399906 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263370354468 O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5962/mcfscan.cab O17 - HKLM\System\CS1\Services\Tcpip\..\{2BAB888F-205D-4DD8-84BB-D3A07FDD4E94}: NameServer = 193.74.208.65 194.119.228.67 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- End of file - 6417 bytes Ziehier het resultaat van beide scans: MBAM eerst en High Jack This als 2de. Beste Kape: dit vind ik als PC-leek straffen toebak... RESPECT! Wat doen deze twee programma's? Kan ik hiervan leren? Hoe, wie, wat... -
Isass.exe.DLL geïnfecteerd
micheldesmedt reageerde op micheldesmedt's topic in Archief Bestrijding malware & virussen
Na het doorlopen van de procedure was dit het resultaat: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:53:34, on 26/04/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.21183) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\regsvr32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Ecosia R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com O2 - BHO: (no name) - {0D3FBB5D-AF15-4912-A132-364BB9BB73A3} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: hotrevenue browser enhancer - {3EE55854-09DF-9E72-31A9-74ECB0C23212} - C:\WINDOWS\system32\xeoqmnsfakr.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: Ecosia Plugin - {7E783154-F54B-4af6-8C01-0A3E744B5DC8} - C:\Program Files\Ecosia\ecosia.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: (no name) - {EA38C044-22C9-4BF0-AC29-C8473353BB22} - c:\windows\system32\lofnryb.dll O2 - BHO: SmartAds browser enhancer ltquokfy - {F1F0EA1B-F9BB-4EEB-9939-99F1E32366CD} - C:\WINDOWS\system32\ltquokfy.dll O3 - Toolbar: Ecosia Search - {C8F48FC8-3CA1-42B9-8609-F75D7C8B4493} - C:\Program Files\Ecosia\ecosia.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [himlciillvic] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\xeoqmnsfakr.dll" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263370399906 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263370354468 O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5962/mcfscan.cab O17 - HKLM\System\CS1\Services\Tcpip\..\{2BAB888F-205D-4DD8-84BB-D3A07FDD4E94}: NameServer = 193.74.208.65 194.119.228.67 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: IpSect service (darkness) - Unknown owner - C:\WINDOWS\system\lsm.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- End of file - 7538 bytes -
Isass.exe.DLL geïnfecteerd
micheldesmedt plaatste een topic in Archief Bestrijding malware & virussen
mijn pc is geïnfecteerd met een trojaans paard in de Windows file Isass.exe.DLL. Ik heb verschillende scans gelopen (AVG, Avast) maar krijg deze infectie niet verwijderd.. Kan iemand mij helpen? Dank u wel. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:53:34, on 26/04/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.21183) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\regsvr32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ecosia.org/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: (no name) - {0D3FBB5D-AF15-4912-A132-364BB9BB73A3} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: hotrevenue browser enhancer - {3EE55854-09DF-9E72-31A9-74ECB0C23212} - C:\WINDOWS\system32\xeoqmnsfakr.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: Ecosia Plugin - {7E783154-F54B-4af6-8C01-0A3E744B5DC8} - C:\Program Files\Ecosia\ecosia.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: (no name) - {EA38C044-22C9-4BF0-AC29-C8473353BB22} - c:\windows\system32\lofnryb.dll O2 - BHO: SmartAds browser enhancer ltquokfy - {F1F0EA1B-F9BB-4EEB-9939-99F1E32366CD} - C:\WINDOWS\system32\ltquokfy.dll O3 - Toolbar: Ecosia Search - {C8F48FC8-3CA1-42B9-8609-F75D7C8B4493} - C:\Program Files\Ecosia\ecosia.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [himlciillvic] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\xeoqmnsfakr.dll" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263370399906 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263370354468 O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5962/mcfscan.cab O17 - HKLM\System\CS1\Services\Tcpip\..\{2BAB888F-205D-4DD8-84BB-D3A07FDD4E94}: NameServer = 193.74.208.65 194.119.228.67 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: IpSect service (darkness) - Unknown owner - C:\WINDOWS\system\lsm.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- End of file - 7538 bytes
