Arkvoodle

Lid

Bekijk profiel Bekijk hun activiteit

Items
5
Registratiedatum
6 mei 2010
Laatst bezocht
8 mei 2010

Inhoudstype

Alle activiteit

Profielen

Forums

Store

Product Reviews

Alles dat geplaatst werd door Arkvoodle

doctor mallware

Arkvoodle reageerde op Arkvoodle's topic in Archief Bestrijding malware & virussen

bedankt!
- 8 mei 2010
- 9 antwoorden
doctor mallware

Arkvoodle reageerde op Arkvoodle's topic in Archief Bestrijding malware & virussen

ik kan weer gewoon opstarten! bedankt. hier heb je de twee logjes: ComboFix 10-05-07.07 - Eelke 08-05-2010 11:42:48.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1457 [GMT 2:00] Running from: c:\documents and settings\Eelke\My Documents\Downloads\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\system volume information\Whistler c:\system volume information\Whistler\smss.exe c:\system volume information\Whistler\svchost.exe c:\windows\system32\sunqgtmpquohmh.exe . ((((((((((((((((((((((((( Files Created from 2010-04-08 to 2010-05-08 ))))))))))))))))))))))))))))))) . 2010-05-06 10:46 . 2010-05-06 10:46 388096 ----a-r- c:\documents and settings\Eelke\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-05-06 10:46 . 2010-05-06 10:46 -------- d-----w- c:\program files\Trend Micro 2010-05-05 20:27 . 2010-05-05 20:27 63488 ----a-w- c:\documents and settings\Eelke\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-05-05 20:27 . 2010-05-05 20:27 52224 ----a-w- c:\documents and settings\Eelke\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-05-05 20:27 . 2010-05-05 20:27 117760 ----a-w- c:\documents and settings\Eelke\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-05-05 20:26 . 2010-05-05 20:26 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-05-05 20:25 . 2010-05-07 21:08 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-05-05 20:25 . 2010-05-05 20:25 -------- d-----w- c:\documents and settings\Eelke\Application Data\SUPERAntiSpyware.com 2010-05-05 20:24 . 2010-05-05 20:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-05-04 12:20 . 2008-11-13 06:02 296960 ----a-w- c:\documents and settings\All Users\Application Data\EPSON\EPSON SX410 Series\Language\0413.E_DIX0RE.DLL 2010-05-04 12:08 . 2008-12-24 04:02 55296 ----a-w- c:\documents and settings\All Users\Application Data\EPSON\EPSON SX410 Series\Language\0413.E_SBE0C7.DLL 2010-05-04 12:08 . 2007-12-17 22:00 143872 ----a-w- c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE 2010-05-04 12:08 . 2007-01-11 22:02 113664 ----a-w- c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE 2010-05-04 12:08 . 2008-11-13 06:02 211968 ----a-w- c:\documents and settings\All Users\Application Data\EPSON\EPSON SX410 Series\Language\0413.E_DI0FAE.DLL 2010-05-04 12:08 . 2007-04-10 19:06 8192 ----a-w- c:\windows\system32\E_DCINST.DLL 2010-05-04 12:08 . 2008-08-08 20:09 86528 ----a-w- c:\windows\system32\E_FLBFCE.DLL 2010-05-04 12:08 . 2007-12-07 20:01 78848 ----a-w- c:\windows\system32\E_FD4BFCE.DLL 2010-05-04 12:08 . 2008-04-13 17:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys 2010-05-04 12:08 . 2008-04-13 17:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2010-05-04 12:05 . 2010-05-04 12:05 -------- d-----w- c:\documents and settings\All Users\Application Data\UDL 2010-05-04 12:04 . 2010-05-04 12:04 -------- d-----w- c:\program files\Epson Software 2010-05-04 12:03 . 2010-05-04 12:04 -------- d-----w- c:\program files\ABBYY FineReader 6.0 Sprint 2010-05-04 12:01 . 2010-05-04 12:08 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON 2010-05-04 12:01 . 2008-11-16 22:00 342016 ----a-w- c:\windows\system32\eswiaud.dll 2010-05-04 12:01 . 2010-05-04 12:02 -------- d-----w- c:\program files\epson 2010-04-30 22:27 . 2010-05-06 22:02 -------- d-----w- C:\StarCraft II Beta 2010-04-30 22:27 . 2010-04-30 22:33 -------- d-----w- c:\documents and settings\Eelke\Local Settings\Application Data\Blizzard Entertainment 2010-04-30 22:27 . 2010-04-30 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment 2010-04-30 22:26 . 2010-04-30 22:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard 2010-04-18 23:29 . 2010-04-18 23:29 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys 2010-04-18 23:29 . 2010-04-18 23:29 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys 2010-04-18 23:27 . 2007-07-19 22:57 267112 ----a-w- c:\windows\system32\xactengine2_9.dll 2010-04-18 22:32 . 2010-04-18 22:32 697328 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-04-18 22:32 . 2010-04-18 22:37 -------- d-----w- c:\documents and settings\Eelke\Application Data\DAEMON Tools Pro 2010-04-18 22:32 . 2010-04-18 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro 2010-04-16 09:17 . 2009-08-05 20:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys 2010-04-16 09:17 . 2010-04-16 09:17 -------- d-----w- c:\program files\Microsoft Sync Framework 2010-04-16 09:16 . 2010-04-16 09:16 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2010-04-14 21:47 . 2010-04-14 21:47 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-04-14 21:44 . 2010-04-14 21:39 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll 2010-04-14 21:44 . 2010-04-14 21:39 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe 2010-04-14 21:44 . 2009-10-22 17:33 530158 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe 2010-04-14 21:44 . 2009-10-22 17:33 530158 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe 2010-04-14 21:44 . 2010-04-14 21:44 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe 2010-04-14 21:44 . 2010-04-14 21:44 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe 2010-04-14 21:44 . 2010-04-14 21:44 57679 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe 2010-04-14 21:44 . 2010-04-14 21:44 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe 2010-04-14 21:44 . 2010-04-14 21:44 84040 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe 2010-04-14 21:44 . 2010-04-14 21:44 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe 2010-04-09 20:17 . 2010-04-09 20:17 -------- d-----w- c:\program files\GrabIt 2010-04-09 07:46 . 2010-04-09 07:46 -------- d-----w- c:\documents and settings\All Users\Application Data\SupportSoft 2010-04-09 07:45 . 2010-04-09 07:45 -------- d-----w- c:\program files\KPN 2010-04-09 07:43 . 2010-04-09 07:43 -------- d-----w- c:\documents and settings\Eelke\Local Settings\Application Data\SupportSoft 2010-04-09 07:43 . 2010-04-09 07:43 -------- d-----w- c:\program files\Common Files\SupportSoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-08 09:38 . 2009-02-04 08:41 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2010-05-06 10:23 . 2009-02-04 19:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-04 12:04 . 2009-02-01 13:35 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-05-03 22:10 . 2009-07-20 21:58 -------- d-----w- c:\program files\Windows Live Safety Center 2010-05-03 14:31 . 2010-03-07 16:57 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-05-02 20:53 . 2010-01-17 17:36 -------- d-----w- c:\documents and settings\Eelke\Application Data\GrabIt 2010-05-02 19:54 . 2009-02-10 11:30 -------- d-----w- c:\program files\uTorrent 2010-05-01 22:17 . 2009-02-10 11:30 -------- d-----w- c:\documents and settings\Eelke\Application Data\uTorrent 2010-04-30 22:33 . 2009-08-31 10:26 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2010-04-29 13:39 . 2009-02-04 19:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 13:39 . 2009-02-04 19:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-21 15:45 . 2009-03-28 13:26 -------- d-----w- c:\program files\Rockstar Games 2010-04-16 13:43 . 2009-02-14 15:19 -------- d-----w- c:\program files\CCleaner 2010-04-16 09:17 . 2009-02-11 12:51 -------- d-----w- c:\program files\Windows Live 2010-04-14 21:44 . 2009-10-22 17:33 -------- d-----w- c:\program files\DivX 2010-04-14 21:44 . 2010-04-14 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX 2010-04-14 21:44 . 2010-04-14 21:44 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe 2010-04-14 21:44 . 2010-04-14 21:43 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe 2010-04-14 21:43 . 2010-04-14 21:43 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe 2010-04-14 21:43 . 2010-04-14 21:43 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe 2010-04-14 21:43 . 2010-04-14 21:43 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe 2010-04-14 21:43 . 2010-04-14 21:43 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe 2010-04-14 21:43 . 2010-04-14 21:43 54629 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe 2010-04-14 21:43 . 2010-04-14 21:43 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe 2010-04-14 21:43 . 2010-04-14 21:43 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe 2010-04-14 21:43 . 2010-04-14 21:43 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe 2010-04-14 21:41 . 2010-04-14 21:41 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe 2010-04-14 21:41 . 2010-04-14 21:41 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe 2010-04-14 21:41 . 2009-10-22 17:33 -------- d-----w- c:\program files\Common Files\DivX Shared 2010-04-09 18:16 . 2009-11-15 12:55 56264 ---ha-w- c:\windows\system32\mlfcache.dat 2010-04-01 15:50 . 2010-02-02 15:40 -------- d-----w- c:\documents and settings\Eelke\Application Data\Nero 2010-03-31 01:58 . 2009-10-22 17:33 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys 2010-03-31 01:58 . 2009-10-22 17:33 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys 2010-03-31 01:58 . 2009-10-22 17:33 44944 ----a-w- c:\windows\system32\drivers\PxHelp20.sys 2010-03-31 01:58 . 2009-10-22 17:33 125424 ------w- c:\windows\system32\pxinsi64.exe 2010-03-31 01:58 . 2009-10-22 17:33 123888 ------w- c:\windows\system32\pxcpyi64.exe 2010-03-31 01:58 . 2009-10-22 17:33 133616 ------w- c:\windows\system32\pxafs.dll 2010-03-30 20:59 . 2009-02-04 08:39 68536 ----a-w- c:\documents and settings\Eelke\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-30 20:54 . 2009-02-04 13:01 -------- d-----w- c:\program files\MSBuild 2010-03-30 20:54 . 2010-03-10 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-03-27 08:52 . 2010-03-27 08:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2010-03-27 08:52 . 2010-03-27 08:52 -------- d-----w- c:\documents and settings\Eelke\Application Data\Office Genuine Advantage 2010-03-13 20:38 . 2009-05-26 13:50 -------- d-----w- c:\documents and settings\Eelke\Application Data\dvdcss 2010-03-11 19:55 . 2010-03-11 19:55 -------- d-----w- c:\documents and settings\Eelke\Application Data\Texthelp Systems 2010-03-11 19:55 . 2010-03-11 19:55 -------- d-----w- c:\program files\Xenocode 2010-03-11 12:38 . 2009-02-04 09:22 832512 ----a-w- c:\windows\system32\wininet.dll 2010-03-11 12:38 . 2009-02-04 09:22 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-03-11 12:38 . 2009-02-04 09:22 17408 ------w- c:\windows\system32\corpol.dll 2010-03-09 11:09 . 2009-02-04 09:22 430080 ----a-w- c:\windows\system32\vbscript.dll 2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll 2010-02-24 13:11 . 2009-02-04 09:22 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-24 08:16 . 2009-10-03 00:19 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-19 20:07 . 2010-02-19 20:07 117427 ----a-w- c:\documents and settings\Eelke\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions\digitaleditions.exe 2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll 2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll 2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll 2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll 2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll 2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll 2010-02-19 18:40 . 2010-02-19 18:40 292878 ----a-r- c:\documents and settings\Eelke\Application Data\Microsoft\Installer\{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}\ARPPRODUCTICON.exe 2010-02-16 14:08 . 2009-02-04 09:22 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 13:25 . 2009-02-04 09:22 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 10:03 . 2010-03-05 21:41 293376 ------w- c:\windows\system32\browserchoice.exe 2010-02-12 04:33 . 2009-02-04 09:22 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2009-02-04 09:22 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-11-25 12:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-07 2017280] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DSLAGENTEXE"="dslagent.exe USB" [X] "GSICONEXE"="gsicon.exe" [2003-09-07 90112] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-28 8466432] "nwiz"="nwiz.exe" [2007-08-28 1626112] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-21 2046816] "RTHDCPL"="RTHDCPL.EXE" [2008-09-30 16864768] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-28 81920] "Gainward"="c:\program files\VDOTool\TBPanel.exe" [2007-02-01 2154496] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600] "eBook Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2009-11-24 906640] "KPN"="c:\program files\KPN\bin\sprtcmd.exe" [2008-06-06 198184] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-08-27 09:45 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Documents and Settings\\Eelke\\Desktop\\utorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\KPN\\agent\\bin\\bcont.exe"= "c:\\Warcraft III\\Frozen Throne.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\StarCraft II Beta\\StarCraft II.exe"= "c:\\StarCraft II Beta\\Versions\\Base15133\\SC2.exe"= "c:\\StarCraft II Beta\\Versions\\Base15250\\SC2.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6112:UDP"= 6112:UDP:warcrafty "6112:TCP"= 6112:TCP:warcraft R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4-2-2009 10:47 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4-2-2009 10:47 108552] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17-2-2010 11:25 12872] R1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [27-4-2010 17:30 68168] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [4-2-2009 10:47 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4-2-2009 10:47 297752] R2 sprtsvc_KPN;SupportSoft Sprocket Service (KPN);c:\program files\KPN\bin\sprtsvc.exe [6-6-2008 16:08 202016] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8-4-2009 12:38 92008] S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [21-5-2008 13:42 64000] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19-4-2010 0:32 697328] S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 20:19 13592] . Contents of the 'Scheduled Tasks' folder 2010-05-04 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2010-05-05 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20] 2010-05-06 c:\windows\Tasks\Norton Security Scan for Eelke.job - c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-03-07 10:48] 2010-05-08 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-04-08 20:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.nl/ IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Eelke\Application Data\Mozilla\Firefox\Profiles\g1imvqff.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo! Search FF - prefs.js: keyword.URL - hxxp://nl.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_nl&p= FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - component: c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\components\adproFfx.dll FF - plugin: c:\program files\Sony\Reader\Data\bin\npebldetectmoz.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(736) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll . Completion time: 2010-05-08 11:50:06 ComboFix-quarantined-files.txt 2010-05-08 09:50 ComboFix2.txt 2010-05-07 21:38 Pre-Run: 142.436.532.224 bytes free Post-Run: 142.399.430.656 bytes free - - End Of File - - D9FF60280BBC2E3BB6C7D44860735504 Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:51:04, on 8-5-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17023) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Creative\Shared Files\CTDevSrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\system32\gsicon.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\RTHDCPL.EXE C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\VDOTool\TBPanel.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\KPN\bin\sprtsvc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe C:\Program Files\KPN\bin\sprtcmd.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\iPod\bin\iPodService.exe C:\ComboFix\CF7265.cfxxe C:\ComboFix\mbr.cfxxe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [eBook Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe O4 - HKLM\..\Run: [KPN] "C:\Program Files\KPN\bin\sprtcmd.exe" /P KPN O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233495774406 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233738188812 O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe O23 - Service: SupportSoft Sprocket Service (KPN) (sprtsvc_KPN) - SupportSoft, Inc. - C:\Program Files\KPN\bin\sprtsvc.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 10383 bytes
- 8 mei 2010
- 9 antwoorden
doctor mallware

Arkvoodle reageerde op Arkvoodle's topic in Archief Bestrijding malware & virussen

Hier is hij, zelfde verhaal ik kon niet meer op windows komen. ComboFix 10-05-07.01 - Eelke 07-05-2010 23:22:01.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1412 [GMT 2:00] Running from: c:\documents and settings\Eelke\My Documents\Downloads\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Eelke\Application Data\A44B90BF8BBD27CE9959837E86574EE8 c:\documents and settings\Eelke\Application Data\A44B90BF8BBD27CE9959837E86574EE8\enemies-names.txt c:\documents and settings\Eelke\Application Data\A44B90BF8BBD27CE9959837E86574EE8\gotnewupdate000.exe c:\documents and settings\Eelke\Application Data\A44B90BF8BBD27CE9959837E86574EE8\lsrslt.ini c:\program files\Mozilla Firefox\components\npclntax.xpt c:\recycler\S-1-5-21-5633846093-3344222351-558086716-4506 Infected copy of c:\windows\system32\drivers\isapnp.sys was found and disinfected Restored copy from - Kitty had a snack . ((((((((((((((((((((((((( Files Created from 2010-04-07 to 2010-05-07 ))))))))))))))))))))))))))))))) . 2010-05-06 10:46 . 2010-05-06 10:46 -------- d-----w- c:\program files\Trend Micro 2010-05-05 20:26 . 2010-05-05 20:26 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-05-05 20:25 . 2010-05-07 21:08 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-05-05 20:25 . 2010-05-05 20:25 -------- d-----w- c:\documents and settings\Eelke\Application Data\SUPERAntiSpyware.com 2010-05-05 20:24 . 2010-05-05 20:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-05-05 19:51 . 2010-05-05 19:51 50990 ----a-w- c:\windows\system32\sunqgtmpquohmh.exe 2010-05-04 12:08 . 2007-04-10 19:06 8192 ----a-w- c:\windows\system32\E_DCINST.DLL 2010-05-04 12:08 . 2008-08-08 20:09 86528 ----a-w- c:\windows\system32\E_FLBFCE.DLL 2010-05-04 12:08 . 2007-12-07 20:01 78848 ----a-w- c:\windows\system32\E_FD4BFCE.DLL 2010-05-04 12:08 . 2008-04-13 17:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys 2010-05-04 12:08 . 2008-04-13 17:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2010-05-04 12:05 . 2010-05-04 12:05 -------- d-----w- c:\documents and settings\All Users\Application Data\UDL 2010-05-04 12:04 . 2010-05-04 12:04 -------- d-----w- c:\program files\Epson Software 2010-05-04 12:03 . 2010-05-04 12:04 -------- d-----w- c:\program files\ABBYY FineReader 6.0 Sprint 2010-05-04 12:01 . 2010-05-04 12:08 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON 2010-05-04 12:01 . 2008-11-16 22:00 342016 ----a-w- c:\windows\system32\eswiaud.dll 2010-05-04 12:01 . 2010-05-04 12:02 -------- d-----w- c:\program files\epson 2010-04-30 22:27 . 2010-05-06 22:02 -------- d-----w- C:\StarCraft II Beta 2010-04-30 22:27 . 2010-04-30 22:33 -------- d-----w- c:\documents and settings\Eelke\Local Settings\Application Data\Blizzard Entertainment 2010-04-30 22:27 . 2010-04-30 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment 2010-04-30 22:26 . 2010-04-30 22:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard 2010-04-18 23:29 . 2010-04-18 23:29 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys 2010-04-18 23:29 . 2010-04-18 23:29 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys 2010-04-18 23:27 . 2007-07-19 22:57 267112 ----a-w- c:\windows\system32\xactengine2_9.dll 2010-04-18 22:32 . 2010-04-18 22:32 697328 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-04-18 22:32 . 2010-04-18 22:32 -------- d-----w- c:\program files\DAEMON Tools Pro 2010-04-18 22:32 . 2010-04-18 22:37 -------- d-----w- c:\documents and settings\Eelke\Application Data\DAEMON Tools Pro 2010-04-18 22:32 . 2010-04-18 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro 2010-04-16 09:17 . 2009-08-05 20:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys 2010-04-16 09:17 . 2010-04-16 09:17 -------- d-----w- c:\program files\Microsoft Sync Framework 2010-04-16 09:16 . 2010-04-16 09:16 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2010-04-14 21:37 . 2010-04-14 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX 2010-04-09 20:17 . 2010-04-09 20:17 -------- d-----w- c:\program files\GrabIt 2010-04-09 07:46 . 2010-04-09 07:46 -------- d-----w- c:\documents and settings\All Users\Application Data\SupportSoft 2010-04-09 07:45 . 2010-04-09 07:45 -------- d-----w- c:\program files\KPN 2010-04-09 07:43 . 2010-04-09 07:43 -------- d-----w- c:\documents and settings\Eelke\Local Settings\Application Data\SupportSoft 2010-04-09 07:43 . 2010-04-09 07:43 -------- d-----w- c:\program files\Common Files\SupportSoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-07 10:00 . 2009-02-04 08:41 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2010-05-06 10:46 . 2010-05-06 10:46 388096 ----a-r- c:\documents and settings\Eelke\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-05-06 10:23 . 2009-02-04 19:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-05 20:27 . 2010-05-05 20:27 63488 ----a-w- c:\documents and settings\Eelke\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-05-05 20:27 . 2010-05-05 20:27 52224 ----a-w- c:\documents and settings\Eelke\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-05-05 20:27 . 2010-05-05 20:27 117760 ----a-w- c:\documents and settings\Eelke\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-05-04 12:04 . 2009-02-01 13:35 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-05-03 22:10 . 2009-07-20 21:58 -------- d-----w- c:\program files\Windows Live Safety Center 2010-05-03 14:31 . 2010-03-07 16:57 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-05-02 20:53 . 2010-01-17 17:36 -------- d-----w- c:\documents and settings\Eelke\Application Data\GrabIt 2010-05-02 19:54 . 2009-02-10 11:30 -------- d-----w- c:\program files\uTorrent 2010-05-01 22:17 . 2009-02-10 11:30 -------- d-----w- c:\documents and settings\Eelke\Application Data\uTorrent 2010-04-30 22:33 . 2009-08-31 10:26 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2010-04-29 13:39 . 2009-02-04 19:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 13:39 . 2009-02-04 19:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-21 15:45 . 2009-03-28 13:26 -------- d-----w- c:\program files\Rockstar Games 2010-04-16 13:43 . 2009-02-14 15:19 -------- d-----w- c:\program files\CCleaner 2010-04-16 09:17 . 2009-02-11 12:51 -------- d-----w- c:\program files\Windows Live 2010-04-14 21:47 . 2010-04-14 21:47 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-04-14 21:44 . 2009-10-22 17:33 -------- d-----w- c:\program files\DivX 2010-04-14 21:44 . 2010-04-14 21:44 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe 2010-04-14 21:44 . 2010-04-14 21:44 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe 2010-04-14 21:44 . 2010-04-14 21:44 57679 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe 2010-04-14 21:44 . 2010-04-14 21:44 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe 2010-04-14 21:44 . 2010-04-14 21:44 84040 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe 2010-04-14 21:44 . 2010-04-14 21:44 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe 2010-04-14 21:44 . 2010-04-14 21:44 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe 2010-04-09 18:16 . 2009-11-15 12:55 56264 ---ha-w- c:\windows\system32\mlfcache.dat 2010-04-01 15:50 . 2010-02-02 15:40 -------- d-----w- c:\documents and settings\Eelke\Application Data\Nero 2010-03-31 01:58 . 2009-10-22 17:33 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys 2010-03-31 01:58 . 2009-10-22 17:33 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys 2010-03-31 01:58 . 2009-10-22 17:33 44944 ----a-w- c:\windows\system32\drivers\PxHelp20.sys 2010-03-31 01:58 . 2009-10-22 17:33 125424 ------w- c:\windows\system32\pxinsi64.exe 2010-03-31 01:58 . 2009-10-22 17:33 123888 ------w- c:\windows\system32\pxcpyi64.exe 2010-03-31 01:58 . 2009-10-22 17:33 133616 ------w- c:\windows\system32\pxafs.dll 2010-03-30 20:59 . 2009-02-04 08:39 68536 ----a-w- c:\documents and settings\Eelke\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-30 20:54 . 2009-02-04 13:01 -------- d-----w- c:\program files\MSBuild 2010-03-30 20:54 . 2010-03-10 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-03-27 08:52 . 2010-03-27 08:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2010-03-27 08:52 . 2010-03-27 08:52 -------- d-----w- c:\documents and settings\Eelke\Application Data\Office Genuine Advantage 2010-03-13 20:38 . 2009-05-26 13:50 -------- d-----w- c:\documents and settings\Eelke\Application Data\dvdcss 2010-03-11 19:55 . 2010-03-11 19:55 -------- d-----w- c:\documents and settings\Eelke\Application Data\Texthelp Systems 2010-03-11 19:55 . 2010-03-11 19:55 -------- d-----w- c:\program files\Xenocode 2010-03-11 12:38 . 2009-02-04 09:22 832512 ----a-w- c:\windows\system32\wininet.dll 2010-03-11 12:38 . 2009-02-04 09:22 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-03-11 12:38 . 2009-02-04 09:22 17408 ------w- c:\windows\system32\corpol.dll 2010-03-09 11:09 . 2009-02-04 09:22 430080 ----a-w- c:\windows\system32\vbscript.dll 2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll 2010-02-24 13:11 . 2009-02-04 09:22 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-24 08:16 . 2009-10-03 00:19 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-19 20:07 . 2010-02-19 20:07 117427 ----a-w- c:\documents and settings\Eelke\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions\digitaleditions.exe 2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll 2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll 2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll 2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll 2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll 2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll 2010-02-19 18:40 . 2010-02-19 18:40 292878 ----a-r- c:\documents and settings\Eelke\Application Data\Microsoft\Installer\{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}\ARPPRODUCTICON.exe 2010-02-16 14:08 . 2009-02-04 09:22 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 13:25 . 2009-02-04 09:22 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 10:03 . 2010-03-05 21:41 293376 ------w- c:\windows\system32\browserchoice.exe 2010-02-12 04:33 . 2009-02-04 09:22 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2009-02-04 09:22 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-11-25 12:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-07 2017280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DSLAGENTEXE"="dslagent.exe USB" [X] "GSICONEXE"="gsicon.exe" [2003-09-07 90112] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-28 8466432] "nwiz"="nwiz.exe" [2007-08-28 1626112] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-21 2046816] "RTHDCPL"="RTHDCPL.EXE" [2008-09-30 16864768] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-28 81920] "Gainward"="c:\program files\VDOTool\TBPanel.exe" [2007-02-01 2154496] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600] "eBook Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2009-11-24 906640] "KPN"="c:\program files\KPN\bin\sprtcmd.exe" [2008-06-06 198184] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-08-27 09:45 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Documents and Settings\\Eelke\\Desktop\\utorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\KPN\\agent\\bin\\bcont.exe"= "c:\\Warcraft III\\Frozen Throne.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\StarCraft II Beta\\StarCraft II.exe"= "c:\\StarCraft II Beta\\Versions\\Base15133\\SC2.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6112:UDP"= 6112:UDP:warcrafty "6112:TCP"= 6112:TCP:warcraft R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4-2-2009 10:47 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4-2-2009 10:47 108552] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17-2-2010 11:25 12872] R1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [27-4-2010 17:30 68168] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [4-2-2009 10:47 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4-2-2009 10:47 297752] R2 sprtsvc_KPN;SupportSoft Sprocket Service (KPN);c:\program files\KPN\bin\sprtsvc.exe [6-6-2008 16:08 202016] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8-4-2009 12:38 92008] S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [21-5-2008 13:42 64000] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19-4-2010 0:32 697328] S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 20:19 13592] . Contents of the 'Scheduled Tasks' folder 2010-05-04 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2010-05-05 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20] 2010-05-06 c:\windows\Tasks\Norton Security Scan for Eelke.job - c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-03-07 10:48] 2010-05-07 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-04-08 20:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.nl/ IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Eelke\Application Data\Mozilla\Firefox\Profiles\g1imvqff.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo! Search FF - prefs.js: keyword.URL - hxxp://nl.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_nl&p= FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - component: c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\components\adproFfx.dll FF - plugin: c:\program files\Sony\Reader\Data\bin\npebldetectmoz.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - ORPHANS REMOVED - - - - AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-05-07 23:31 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(724) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll - - - - - - - > 'explorer.exe'(3032) c:\windows\system32\WININET.dll c:\windows\system32\nview.dll c:\windows\system32\NVWRSNL.DLL c:\windows\system32\ieframe.dll c:\program files\Common Files\Nero\SMC\NeroDigitalExt.dll c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.NLD c:\windows\system32\nvwddi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\program files\Epson Software\Easy Photo Print\EPTBL.dll c:\program files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll . ------------------------ Other Running Processes ------------------------ . c:\system volume information\Whistler\svchost.exe c:\system volume information\Whistler\smss.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Creative\Shared Files\CTDevSrv.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\progra~1\AVG\AVG8\avgrsx.exe c:\windows\system32\nvsvc32.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\windows\system32\gsicon.exe c:\windows\system32\dslagent.exe c:\windows\system32\rundll32.exe c:\windows\RTHDCPL.EXE c:\windows\system32\RUNDLL32.EXE c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Internet Explorer\IEXPLORE.EXE c:\program files\Windows Live\Toolbar\wltuser.exe . ************************************************************************** . Completion time: 2010-05-07 23:38:49 - machine was rebooted ComboFix-quarantined-files.txt 2010-05-07 21:38 Pre-Run: 142.190.981.120 bytes free Post-Run: 142.298.759.168 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 16ADD9C30AC70A6839EE7DB0E6A4256A
- 7 mei 2010
- 9 antwoorden
doctor mallware

Arkvoodle reageerde op Arkvoodle's topic in Archief Bestrijding malware & virussen

doctor mallware is eraf maar ik heb wel moeite op windows te komen. nadat het windows pictogrammetje klaar is met laden komt er een zwart scherm en herstart hij. op een of andere manier doet hij dat een paar keer en dan start windows normaal op Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4072 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 6-5-2010 18:35:12 mbam-log-2010-05-06 (18-35-12).txt Scan type: Quick scan Objects scanned: 124046 Time elapsed: 8 minute(s), 36 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:48:08, on 7-5-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17023) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\System Volume Information\Whistler\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\System Volume Information\Whistler\smss.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Creative\Shared Files\CTDevSrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\Explorer.EXE C:\Program Files\KPN\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\gsicon.exe C:\WINDOWS\system32\dslagent.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\rundll32.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\VDOTool\TBPanel.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe C:\Program Files\KPN\bin\sprtcmd.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [eBook Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe O4 - HKLM\..\Run: [KPN] "C:\Program Files\KPN\bin\sprtcmd.exe" /P KPN O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233495774406 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233738188812 O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe O23 - Service: SupportSoft Sprocket Service (KPN) (sprtsvc_KPN) - SupportSoft, Inc. - C:\Program Files\KPN\bin\sprtsvc.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 10592 bytes
- 7 mei 2010
- 9 antwoorden
doctor mallware

Arkvoodle plaatste een topic in Archief Bestrijding malware & virussen

Ik word lastig gevallen door doctor mallware, ik heb geprobeerd et eraf te halen met superantispyware maar werkte niet. Ik heb op jullie forum gelezen om hijackthis te gebruiken. maar ik ben zelf onervaren met computers, Hopelijk kunnen jullie hier wat mee. hier is de hijack log: Scan saved at 13:42:57, on 6-5-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17023) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\System Volume Information\Whistler\svchost.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\System Volume Information\Whistler\smss.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Creative\Shared Files\CTDevSrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\Explorer.EXE C:\Program Files\KPN\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\gsicon.exe C:\WINDOWS\system32\dslagent.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\RTHDCPL.EXE C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\VDOTool\TBPanel.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe C:\Program Files\KPN\bin\sprtcmd.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [eBook Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe O4 - HKLM\..\Run: [KPN] "C:\Program Files\KPN\bin\sprtcmd.exe" /P KPN O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKCU\..\Run: [gotnewupdate000.exe] C:\Documents and Settings\Eelke\Application Data\A44B90BF8BBD27CE9959837E86574EE8\gotnewupdate000.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB
- 6 mei 2010
- 9 antwoorden

Inloggen

Arkvoodle

Items

Registratiedatum

Laatst bezocht

Inhoudstype

Profielen

Forums

Store

Alles dat geplaatst werd door Arkvoodle

doctor mallware

doctor mallware

doctor mallware

doctor mallware

doctor mallware

OVER ONS

SITEMAP

Home

Info

Handleidingen & Tips

Activiteit

Belangrijke informatie