Ga naar inhoud

Gen: Variant.Buzy.3548(B)

jan lambrechts
 Delen

Aanbevolen berichten

  • Reacties 20
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

jan lambrechts Leerling

jan lambrechts

Geplaatst:
  • Auteur
Geplaatst:

Hallo,

dit is het logbestand

Emsisoft Emergency Kit - Versie 3.0

Laatste Update: 20/11/2012 19:29:15

Scaninstellingen:

Scantype: Diepe scan

Objecten: Rootkits, Geheugen, Sporen, C:\, F:\

Detecteer riskware: Uit

Scan archieven: Aan

ADS Scan: Aan

Bestandsextensiefilter: Uit

Geavanceerde cache: Aan

Directe schijftoegang: Uit

Scan gestart: 20/11/2012 19:32:44

C:\WINDOWS\System32\Drivers\kthdexzs.sys Ontdekt: Gen:Variant.Buzy.3548 (B)

Gescand 415

Gevonden 1

Scan geëindigd: 20/11/2012 19:33:29

Scantijd: 0:00:45

In quarantaine 0

jan lambrechts

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

C:\WINDOWS\System32\Drivers\kthdexzs.sys

Driver::

kthdexzs.sys

Firefox::

FF - ProfilePath - c:\documents and settings\Corilus\Application Data\Mozilla\Firefox\Profiles\3patyt1l.default\

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites
jan lambrechts Leerling

jan lambrechts

Geplaatst:
  • Auteur
Geplaatst:

Hallo,

hier het logbestand

ComboFix 12-11-20.02 - Corilus 21/11/2012 9:01.6.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.2013.1169 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Corilus\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Corilus\Bureaublad\cfscript.txt

AV: Sophos Anti-Virus *Disabled/Outdated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}

.

FILE ::

"c:\windows\System32\Drivers\kthdexzs.sys"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\System32\Drivers\kthdexzs.sys

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-10-21 to 2012-11-21 ))))))))))))))))))))))))))))))

.

.

2012-11-16 02:32 . 2012-11-16 02:32 -------- d-----w- c:\documents and settings\Corilus\Local Settings\Application Data\PCHealth

2012-11-09 08:00 . 2012-11-09 08:00 -------- d-----w- c:\program files\iPod

2012-11-09 08:00 . 2012-11-09 08:01 -------- d-----w- c:\program files\iTunes

2012-11-09 08:00 . 2012-11-09 08:01 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

2012-11-08 10:34 . 2012-11-21 07:45 -------- d--h--r- c:\documents and settings\Corilus\Onlangs geopend

2012-10-31 07:48 . 2012-10-31 07:48 -------- d-----w- C:\found.001

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-24 16:07 . 2012-09-11 13:54 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2012-10-22 19:57 . 2004-08-04 00:56 1866496 ----a-w- c:\windows\system32\win32k.sys

2012-10-09 08:48 . 2012-04-03 06:40 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-09 08:48 . 2011-06-08 06:36 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-02 18:04 . 2004-08-04 01:03 58368 ------w- c:\windows\system32\synceng.dll

2012-09-29 18:54 . 2012-10-15 17:34 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-28 15:17 . 2004-08-04 01:03 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:17 . 2004-08-04 01:03 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-28 15:17 . 2004-08-04 01:03 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07 . 2004-08-04 00:55 385024 ----a-w- c:\windows\system32\html.iec

2012-08-24 13:53 . 2004-08-04 01:03 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-09-05 09:38 . 2012-03-06 10:42 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2010-09-20 . 389A0A55CF2EDF75586C1CF8AFA920A3 . 510464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe

[-] 2010-09-20 . 389A0A55CF2EDF75586C1CF8AFA920A3 . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[7] 2008-04-14 . 1247D4D5444E28519BBE31BE8AB4C029 . 510464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe

[7] 2004-08-04 . 732ED791711DF9C9DD15E5515BC681B8 . 504832 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\b4f5f4c053f3142fbf3ac885a934647c\backup\winlogon.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Corilus\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Corilus\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Corilus\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\documents and settings\Corilus\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-07 39408]

"DymoQuickPrint"="c:\program files\DYMO\DYMO Label Software\DymoQuickPrint.exe" [2009-10-29 1885944]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

"Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2011-01-05 439536]

"RTHDCPL"="RTHDCPL.EXE" [2008-06-27 16875008]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-12 141336]

"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-12 141336]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-12 173592]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\Corilus\Menu Start\Programma's\Opstarten\

Dropbox.lnk - c:\documents and settings\Corilus\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Sidexis\\Sidexis.exe"=

"c:\\Sidexis\\SiConst\\SIDEXIS.exe"=

"c:\\Sidexis\\SiXABCon.exe"=

"c:\\Sidexis\\SiRescue.exe"=

"c:\\DBSWIN\\bin\\DBSWIN.exe"=

"c:\\DBSWIN\\bin\\DBSLOG.EXE"=

"\\??\\c:\\WINDOWS\\system32\\winlogon.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Documents and Settings\\Corilus\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\WINDOWS\\system32\\msiexec.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [20/09/2010 10:27 153344]

R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [20/09/2010 10:23 24064]

R2 AXIS Camera Station;AXIS Camera Station;c:\program files\Axis Communications\AXIS Camera Station 3\ACSService.exe [11/09/2009 15:07 40960]

R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [11/09/2012 14:46 12184]

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [30/10/2012 17:51 399432]

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27/01/2010 3:09 50704]

R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [5/01/2011 20:00 163056]

R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [5/01/2011 20:01 97520]

R2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [5/01/2011 20:04 1541360]

R3 VistaRayScanner;VistaRay Scanner System Services;c:\windows\system32\drivers\VistaRayScanner-EPP.sys [3/09/2009 13:58 17606]

S2 ProntoDataService;Pronto Data Server;c:\documents and settings\All Users\Application Data\Philips\Common Database\ProntoDataService.exe [23/07/2009 14:41 20480]

S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [25/04/2008 7:18 362992]

S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [25/04/2008 7:16 309744]

S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [25/04/2008 7:15 166384]

S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [25/04/2008 7:18 313840]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [25/04/2008 7:15 1120752]

S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [20/09/2010 10:27 14976]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

yigfsrul

.

Inhoud van de 'Gedeelde Taken' map

.

2012-11-21 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 08:48]

.

2012-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]

.

2012-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 08:40]

.

2012-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 08:40]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/webhp?sourceid=navclient&hl=nl&ie=UTF-8&rlz=1T4ADFA_nlBE348BE348

uInternet Settings,ProxyOverride = *.local

Trusted Zone: microsoft.com\update

Trusted Zone: microsoft.com\www.update

TCP: Interfaces\{2362D3E9-DEC8-478E-B328-F15A54F133C3}: NameServer = 195.238.2.21,195.238.2.22

FF - ProfilePath - c:\documents and settings\Corilus\Application Data\Mozilla\Firefox\Profiles\3patyt1l.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: !HIDDEN! 2009-10-19 21:03; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-11-21 09:07

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1c,75,88,c2,44,fb,00,48,aa,30,33,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1c,75,88,c2,44,fb,00,48,aa,30,33,\

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]

"3140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(744)

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

.

Voltooingstijd: 2012-11-21 09:08:59

ComboFix-quarantined-files.txt 2012-11-21 08:08

ComboFix2.txt 2012-11-20 08:14

ComboFix3.txt 2012-11-19 19:07

ComboFix4.txt 2012-11-06 15:03

.

Pre-Run: 85.552.689.152 bytes beschikbaar

Post-Run: 85.820.456.960 bytes beschikbaar

.

- - End Of File - - ADB8969D54EB20D67A386F6DB9060950

groeten

jan lambrechts

Link naar reactie
Delen op andere sites
jan lambrechts Leerling

jan lambrechts

Geplaatst:
  • Auteur
Geplaatst:

hallo,

hier het logbestand van emsisoft en sophos

****************** Sophos Anti-Virus Log - 23/11/2012 8:25:40 **************

20121105 183207 User (KABINET1\Corilus) has stopped on-access scanning for this machine.

20121105 192554 Using detection data version 4.67G (detection engine 3.21.0). This version can detect 2703186 items.

20121105 192555 User (NT AUTHORITY\Lokale service) has stopped on-access scanning for this machine.

20121105 194854 User (KABINET1\Corilus) has started on-access scanning for this machine.

20121106 072935 Using detection data version 4.67G (detection engine 3.21.0). This version can detect 2703186 items.

20121106 072936 User (NT AUTHORITY\Lokale service) has started on-access scanning for this machine.

20121106 093802 User (KABINET1\Corilus) has stopped on-access scanning for this machine.

20121106 125425 User (KABINET1\Corilus) has started on-access scanning for this machine.

20121106 145344 User (KABINET1\Corilus) has stopped on-access scanning for this machine.

20121106 150513 User (KABINET1\Corilus) has started on-access scanning for this machine.

20121107 090732 User (KABINET1\Corilus) has stopped on-access scanning for this machine.

20121107 090918 User (KABINET1\Corilus) has started on-access scanning for this machine.

20121107 113028 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000159.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121107 113028 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000159.exe" for user KABINET1\Corilus

20121107 113029 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000169.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121107 113029 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000169.exe" for user KABINET1\Corilus

20121107 113033 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000215.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121107 113033 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000215.exe" for user KABINET1\Corilus

20121107 113034 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000248.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121107 113034 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000248.exe" for user KABINET1\Corilus

20121107 113037 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000287.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121107 113037 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000287.exe" for user KABINET1\Corilus

20121107 113038 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000323.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121107 113038 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000323.exe" for user KABINET1\Corilus

20121107 113042 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000363.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121107 113042 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000363.exe" for user KABINET1\Corilus

20121107 113045 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000414.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121107 113045 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000414.exe" for user KABINET1\Corilus

20121107 113045 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000422.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121107 113045 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000422.exe" for user KABINET1\Corilus

20121107 113051 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000499.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121107 113051 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000499.exe" for user KABINET1\Corilus

20121107 113052 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000507.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121107 113052 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000507.exe" for user KABINET1\Corilus

20121107 113953 File "C:\WINDOWS\NIRCMD.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121107 113953 On-access scanner has denied access to location "C:\WINDOWS\NIRCMD.exe" for user KABINET1\Corilus

20121107 125911 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000215.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121107 125911 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000414.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121107 125911 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000422.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121107 125911 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000499.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121107 125911 File "C:\WINDOWS\NIRCMD.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121107 125911 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000159.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121107 125911 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000248.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121107 125912 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000507.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121107 125912 Scanning "C:\Documents and Settings\Corilus\Local Settings\Temp\20.tmp\z9.scf" returned SAV Interface error 0xa0040210: The file could not be accessed.

20121107 125912 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000169.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121107 125912 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000287.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121107 125912 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000323.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121107 125912 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000363.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121107 125912 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000215.exe" has been cleaned up.

20121107 125912 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000414.exe" has been cleaned up.

20121107 125912 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000422.exe" has been cleaned up.

20121107 125912 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000499.exe" has been cleaned up.

20121107 125912 File "C:\WINDOWS\NIRCMD.exe" has been cleaned up.

20121107 125912 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000159.exe" has been cleaned up.

20121107 125912 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000248.exe" has been cleaned up.

20121107 125912 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000507.exe" has been cleaned up.

20121107 125912 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000169.exe" has been cleaned up.

20121107 125912 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000287.exe" has been cleaned up.

20121107 125912 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000323.exe" has been cleaned up.

20121107 125912 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP2\A0000363.exe" has been cleaned up.

20121107 125912 Adware or PUA 'NirCmd' has been removed.

20121107 145257 Using detection data version 4.67G (detection engine 3.21.0). This version can detect 2703186 items.

20121107 145257 User (NT AUTHORITY\Lokale service) has started on-access scanning for this machine.

20121107 150734 Using detection data version 4.67G (detection engine 3.21.0). This version can detect 2703186 items.

20121107 150734 User (NT AUTHORITY\Lokale service) has started on-access scanning for this machine.

20121107 184650 File "C:\32788R22FWJFW\iexplore.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121107 184650 On-access scanner has denied access to location "C:\32788R22FWJFW\iexplore.exe" for user NT AUTHORITY\SYSTEM

20121107 184650 File "C:\32788R22FWJFW\firefox.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121107 184650 On-access scanner has denied access to location "C:\32788R22FWJFW\firefox.exe" for user NT AUTHORITY\SYSTEM

20121107 184650 File "C:\32788R22FWJFW\firefox.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121107 184650 On-access scanner has denied access to location "C:\32788R22FWJFW\firefox.exe" for user KABINET1\Corilus

20121107 184651 File "C:\32788R22FWJFW\NirCmd.3XE" belongs to adware or PUA 'NirCmd' (of type 5).

20121107 184651 On-access scanner has denied access to location "C:\32788R22FWJFW\NirCmd.3XE" for user NT AUTHORITY\SYSTEM

20121107 184656 File "C:\32788R22FWJFW\NirCmd.3XE" belongs to adware or PUA 'NirCmd' (of type 5).

20121107 184656 On-access scanner has denied access to location "C:\32788R22FWJFW\NirCmd.3XE" for user KABINET1\Corilus

20121107 184659 File "C:\32788R22FWJFW\NirCmd.3XE" belongs to adware or PUA 'NirCmd' (of type 5).

20121107 184659 On-access scanner has denied access to location "C:\32788R22FWJFW\NirCmd.3XE" for user KABINET1\Corilus

20121107 184700 File "C:\32788R22FWJFW\NirCmd.3XE" belongs to adware or PUA 'NirCmd' (of type 5).

20121107 184700 On-access scanner has denied access to location "C:\32788R22FWJFW\NirCmd.3XE" for user KABINET1\Corilus

20121107 184703 File "C:\32788R22FWJFW\firefox.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121107 184703 On-access scanner has denied access to location "C:\32788R22FWJFW\firefox.exe" for user KABINET1\Corilus

20121107 184703 File "C:\32788R22FWJFW\iexplore.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121107 184703 On-access scanner has denied access to location "C:\32788R22FWJFW\iexplore.exe" for user KABINET1\Corilus

20121107 184703 File "C:\32788R22FWJFW\NirCmd.3XE" belongs to adware or PUA 'NirCmd' (of type 5).

20121107 184703 On-access scanner has denied access to location "C:\32788R22FWJFW\NirCmd.3XE" for user KABINET1\Corilus

20121107 184703 File "C:\32788R22FWJFW\NirCmdC.3XE" belongs to adware or PUA 'NirCmd' (of type 5).

20121107 184703 On-access scanner has denied access to location "C:\32788R22FWJFW\NirCmdC.3XE" for user KABINET1\Corilus

20121107 184706 File "C:\32788R22FWJFW\NirCmd.3XE" belongs to adware or PUA 'NirCmd' (of type 5).

20121107 184706 On-access scanner has denied access to location "C:\32788R22FWJFW\NirCmd.3XE" for user KABINET1\Corilus

20121107 184708 File "C:\ComboFix\NirCmd.3XE" belongs to adware or PUA 'NirCmd' (of type 5).

20121107 184708 On-access scanner has denied access to location "C:\ComboFix\NirCmd.3XE" for user NT AUTHORITY\SYSTEM

20121107 185030 User (KABINET1\Corilus) has stopped on-access scanning for this machine.

20121107 185150 Scanning "C:\32788R22FWJFW\NirCmdC.3XE" returned SAV Interface error 0xa0040210: The file could not be accessed.

20121107 185150 Scanning "C:\ComboFix\NirCmd.3XE" returned SAV Interface error 0xa0040210: The file could not be accessed.

20121107 185150 Scanning "C:\32788R22FWJFW\firefox.exe" returned SAV Interface error 0xa0040210: The file could not be accessed.

20121107 185150 Scanning "C:\32788R22FWJFW\iexplore.exe" returned SAV Interface error 0xa0040210: The file could not be accessed.

20121107 185150 Scanning "C:\32788R22FWJFW\NirCmd.3XE" returned SAV Interface error 0xa0040210: The file could not be accessed.

20121107 185150 Item 'NirCmd' could not be redetected.

20121107 185552 Using detection data version 4.67G (detection engine 3.21.0). This version can detect 2703186 items.

20121107 185552 User (NT AUTHORITY\Lokale service) has stopped on-access scanning for this machine.

20121107 190207 User (KABINET1\Corilus) has started on-access scanning for this machine.

20121108 072959 Using detection data version 4.67G (detection engine 3.21.0). This version can detect 2703186 items.

20121108 072959 User (NT AUTHORITY\Lokale service) has started on-access scanning for this machine.

20121109 073124 Using detection data version 4.67G (detection engine 3.21.0). This version can detect 2703186 items.

20121109 073124 User (NT AUTHORITY\Lokale service) has started on-access scanning for this machine.

20121109 074852 Using detection data version 4.67G (detection engine 3.21.0). This version can detect 2703186 items.

20121109 074853 User (NT AUTHORITY\Lokale service) has started on-access scanning for this machine.

20121113 072513 Using detection data version 4.67G (detection engine 3.21.0). This version can detect 2703186 items.

20121113 072514 User (NT AUTHORITY\Lokale service) has started on-access scanning for this machine.

20121114 074014 File "C:\ComboFix\NircmdB.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121114 074014 On-access scanner has denied access to location "C:\ComboFix\NircmdB.exe" for user KABINET1\Corilus

20121114 074015 File "C:\ComboFix\NircmdB.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121114 074015 On-access scanner has denied access to location "C:\ComboFix\NircmdB.exe" for user KABINET1\Corilus

20121114 083329 File "C:\ComboFix\NircmdB.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121114 083329 File "C:\ComboFix\NircmdB.exe" has been cleaned up.

20121114 083329 Adware or PUA 'NirCmd' has been removed.

20121114 093036 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP4\A0000468.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121114 093036 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP4\A0000468.exe" for user KABINET1\Corilus

20121114 093058 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP4\A0000468.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121114 093058 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP4\A0000468.exe" has been cleaned up.

20121114 093058 Adware or PUA 'NirCmd' has been removed.

20121114 132123 Scan 'Scan my computer' started.

20121114 140915 Scanning "C:\WINDOWS\Temp\fb_table_oh0o1q" returned SAV Interface error 0xa0040210: The file could not be accessed.

20121114 143251 Scan 'Scan my computer' completed.

20121114 143251 Summary of results for scan 'Scan my computer':

Items scanned: 100159

Errors: 1

Items quarantined: 0

Items dealt with: 0

20121114 191313 Using detection data version 4.67G (detection engine 3.21.0). This version can detect 2703186 items.

20121114 191314 User (NT AUTHORITY\Lokale service) has started on-access scanning for this machine.

20121115 072944 Using detection data version 4.67G (detection engine 3.21.0). This version can detect 2703186 items.

20121115 072944 User (NT AUTHORITY\Lokale service) has started on-access scanning for this machine.

20121115 073517 Using detection data version 4.67G (detection engine 3.21.0). This version can detect 2703186 items.

20121115 073518 User (NT AUTHORITY\Lokale service) has started on-access scanning for this machine.

20121115 111612 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP5\A0000492.exe" has been identified as suspicious file of type 'Sus/Behav-1021'.

If you are unsure whether the file can be authorized, please send a sample to Sophos.

20121115 111613 Suspicious file "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP5\A0000492.exe" has been moved to "C:\Program Files\medsecure\quarantaine\A0000492.exe.000".

20121116 022718 Using detection data version 4.67G (detection engine 3.21.0). This version can detect 2703186 items.

20121116 022718 User (NT AUTHORITY\Lokale service) has started on-access scanning for this machine.

20121116 111137 Scanning "E:\magazines\desktop.ini" returned SAV Interface error 0xa0040202: Scan failed.

20121119 072628 Using detection data version 4.67G (detection engine 3.21.0). This version can detect 2703186 items.

20121119 072628 User (NT AUTHORITY\Lokale service) has started on-access scanning for this machine.

20121119 185433 User (KABINET1\Corilus) has stopped on-access scanning for this machine.

20121119 192035 User (KABINET1\Corilus) has started on-access scanning for this machine.

20121120 072346 Using detection data version 4.67G (detection engine 3.21.0). This version can detect 2703186 items.

20121120 072346 User (NT AUTHORITY\Lokale service) has started on-access scanning for this machine.

20121120 074729 User (KABINET1\Corilus) has stopped on-access scanning for this machine.

20121120 083427 User (KABINET1\Corilus) has started on-access scanning for this machine.

20121120 084648 Using detection data version 4.67G (detection engine 3.21.0). This version can detect 2703186 items.

20121120 084649 User (NT AUTHORITY\Lokale service) has started on-access scanning for this machine.

20121120 100240 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP12\A0000797.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121120 100240 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP12\A0000797.exe" for user KABINET1\Corilus

20121120 100241 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP12\A0000805.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121120 100241 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP12\A0000805.exe" for user KABINET1\Corilus

20121120 100250 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP13\A0000848.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121120 100250 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP13\A0000848.exe" for user KABINET1\Corilus

20121120 100253 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP13\A0000895.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121120 100253 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP13\A0000895.exe" for user KABINET1\Corilus

20121120 100254 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP13\A0000903.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121120 100254 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP13\A0000903.exe" for user KABINET1\Corilus

20121120 101644 File "C:\WINDOWS\NIRCMD.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121120 101644 On-access scanner has denied access to location "C:\WINDOWS\NIRCMD.exe" for user KABINET1\Corilus

20121120 102003 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP12\A0000805.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121120 102003 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP13\A0000848.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121120 102003 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP13\A0000895.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121120 102003 File "C:\WINDOWS\NIRCMD.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121120 102004 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP12\A0000797.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121120 102004 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP13\A0000903.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121120 102004 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP12\A0000805.exe" has been cleaned up.

20121120 102004 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP13\A0000848.exe" has been cleaned up.

20121120 102004 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP13\A0000895.exe" has been cleaned up.

20121120 102004 File "C:\WINDOWS\NIRCMD.exe" has been cleaned up.

20121120 102004 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP12\A0000797.exe" has been cleaned up.

20121120 102005 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP13\A0000903.exe" has been cleaned up.

20121120 102005 Adware or PUA 'NirCmd' has been removed.

20121121 072835 Using detection data version 4.67G (detection engine 3.21.0). This version can detect 2703186 items.

20121121 072835 User (NT AUTHORITY\Lokale service) has started on-access scanning for this machine.

20121121 075703 User (KABINET1\Corilus) has stopped on-access scanning for this machine.

20121121 081242 User (KABINET1\Corilus) has started on-access scanning for this machine.

20121121 114247 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP14\A0000929.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121121 114247 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP14\A0000929.exe" for user KABINET1\Corilus

20121121 114303 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP15\A0001018.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121121 114303 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP15\A0001018.exe" for user KABINET1\Corilus

20121121 114303 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP15\A0001026.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121121 114303 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP15\A0001026.exe" for user KABINET1\Corilus

20121121 115546 File "C:\WINDOWS\NIRCMD.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121121 115546 On-access scanner has denied access to location "C:\WINDOWS\NIRCMD.exe" for user KABINET1\Corilus

20121121 134331 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP14\A0000929.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121121 134331 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP14\A0000929.exe" for user KABINET1\Corilus

20121121 134344 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP15\A0001018.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121121 134344 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP15\A0001018.exe" for user KABINET1\Corilus

20121121 134344 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP15\A0001026.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121121 134344 On-access scanner has denied access to location "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP15\A0001026.exe" for user KABINET1\Corilus

20121121 134526 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP14\A0000929.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121121 134526 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP15\A0001018.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121121 134526 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP15\A0001026.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121121 134526 File "C:\WINDOWS\NIRCMD.exe" belongs to adware or PUA 'NirCmd' (of type 5).

20121121 134527 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP14\A0000929.exe" has been cleaned up.

20121121 134527 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP15\A0001018.exe" has been cleaned up.

20121121 134527 File "C:\System Volume Information\_restore{642FE7B6-AB42-4E0B-87F9-78394FDCE06C}\RP15\A0001026.exe" has been cleaned up.

20121121 134527 File "C:\WINDOWS\NIRCMD.exe" has been cleaned up.

20121121 134527 Adware or PUA 'NirCmd' has been removed.

20121122 073047 Using detection data version 4.67G (detection engine 3.21.0). This version can detect 2703186 items.

20121122 073047 User (NT AUTHORITY\Lokale service) has started on-access scanning for this machine.

20121122 151618 Using detection data version 4.67G (detection engine 3.21.0). This version can detect 2703186 items.

20121122 151618 User (NT AUTHORITY\Lokale service) has started on-access scanning for this machine.

20121122 184033 File "C:\Documents and Settings\Corilus\wgsdgsdgdsgsd.exe" has been identified as suspicious file of type 'Sus/UnkPack-C'.

If you are unsure whether the file can be authorized, please send a sample to Sophos.

20121122 184033 Suspicious file "C:\Documents and Settings\Corilus\wgsdgsdgdsgsd.exe" has been moved to "C:\Program Files\medsecure\quarantaine\wgsdgsdgdsgsd.exe.000".

20121123 072709 Using detection data version 4.67G (detection engine 3.21.0). This version can detect 2703186 items.

20121123 072709 User (NT AUTHORITY\Lokale service) has started on-access scanning for this machine.

(213 items)

Rapport van emsisoft:

Emsisoft Emergency Kit - Versie 3.0

Laatste Update: 23/11/2012 9:29:02

Scaninstellingen:

Scantype: Diepe scan

Objecten: Rootkits, Geheugen, Sporen, C:\, F:\

Detecteer riskware: Uit

Scan archieven: Aan

ADS Scan: Aan

Bestandsextensiefilter: Uit

Geavanceerde cache: Aan

Directe schijftoegang: Uit

Scan gestart: 23/11/2012 11:59:40

Gescand 408646

Gevonden 0

Scan geëindigd: 23/11/2012 14:24:22

Scantijd: 2:24:42

Ik krijg wel een waarschuwing van microsoft over een beveiligingsupdate:

KB2698023: Beveiligingsupdate voor Microsoft .NET Framework 1.1 SP1 op Windows XP, Windows Vista en Windows Server 2008 x86, die niet kan geïnstalleerd worden.

jan lambrechts

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.