Vraag & Antwoord
hijackthis logje
32 antwoorden
- Virut ruim je niet op. Er is maar 1 oplossing, format C
http://users.telenet.be/marcvn/spyware/1436828.htm - :o oke… maar hoe voorkom je ze dan?
- [quote:216087685f="njk"]:o oke… maar hoe voorkom je ze dan?[/quote:216087685f]
Virut wordt veelal veroorzaakt door het downloaden van cracks en keygens. Dus gewoon niet gebruiken die 'zooi' en gewoon je programma's en whatever nog meer gewoon in de winkel kopen.
Maar ik geloof dat we nu een beetje offtopic gaan. 8) - Even dit er toch aan toevoegen : ook HIER http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=1394076#1394076 werd er al - ten onrechte - naar VIRUT verwezen. Dan is er een fundamenteel analyseprobleem en is het maar logisch dat we ons daar vragen bij stellen. Of niet soms
- ik heb last van askbar en ik heb het geprobeerd te verwijderen maar het komt telkens terug, verder wil ik me systeem laten checken op virussen, malware en spyware, omdat ik een systeemherstelpunt wil maken dat virus vrij is.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:49:10 PM, on 10/5/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\LG Software\LG OSD\HotKey.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\LG Software\LG Magnifier\MagnifyingGlass.exe
C:\Program Files\lg_swupdate\GiljabiStart.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\LG Software\LG Magnifier\Maglev.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\windows sidebar\gadgets\LGSmartI.Gadget\plugins\LGSmartI.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lge.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lge.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lge.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lge.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [zOSD] C:\Program Files\LG Software\LG OSD\HotKey.exe
O4 - HKLM\..\Run: [KeybdUtility] C:\Program Files\LG Software\LG OSD\HotKey.exe
O4 - HKLM\..\Run: [LG Magnifier] %ProgramFiles%\LG Software\LG Magnifier\MagnifyingGlass.exe
O4 - HKLM\..\Run: [LGSR_Menu] "C:\Program Files\LG Software\LG Smart Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\LG Software\LG Smart Recovery" UpdateWithCreateOnce Software\CyberLink\PowerRecover
O4 - HKLM\..\Run: [LG Intelligent Update] "C:\Program Files\lg_swupdate\giljabistart.exe" Gilautouc
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{640D2B37-D923-4A58-9E16-C45D498929C7}: Domain = flits.rug.nl
O17 - HKLM\System\CCS\Services\Tcpip\..\{640D2B37-D923-4A58-9E16-C45D498929C7}: NameServer = 129.125.36.9,129.125.4.13
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
–
End of file - 11232 bytes
alvast hartstikke bedankt!
Groetjes Niels - Hallo Nacho,
dat Ask-toolbarprobleem: ga naar C:\Program Files en verwijder daar handmatig de map [b:a1ef4039f5]AskBarDis[/b:a1ef4039f5] - maar eerst schakel je via Taakbeheer [b:a1ef4039f5]askBar.dll, AskService.exe en de ASKUpgrade.exe[/b:a1ef4039f5] uit!
Start HijackThis opnieuw en kies voor [b:a1ef4039f5]Scan only[/b:a1ef4039f5], nadat je een vinkje hebt gezet voor de met de onderstaand corresponderende regels, klik je vervolgens op de knop [b:a1ef4039f5]Fix checked[/b:a1ef4039f5]:
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
Doe tevens het volgende: download, installeer en blijf [b:a1ef4039f5]MBAM[/b:a1ef4039f5] gebruiken.
Al meteen na de installatie wil [b:a1ef4039f5]MBAM[/b:a1ef4039f5] zijn database opwaarderen – toestaan dus.
Ook bij herhaald gebruik: eerst de tab [b:a1ef4039f5]Update[/b:a1ef4039f5] aandoen!
[b:a1ef4039f5]Download MBAM[/b:a1ef4039f5] (klik)
Start [b:a1ef4039f5]MBAM[/b:a1ef4039f5] en kies voor [b:a1ef4039f5]Snelle Scan[/b:a1ef4039f5]
[b:a1ef4039f5]N.B.: Vistagebruikers starten MBAM via rechtsklikken en kiezen voor Als Admistrator uitvoeren![/b:a1ef4039f5]
Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik dan op de knop [b:a1ef4039f5]OK[/b:a1ef4039f5] , daarna op de knop [b:a1ef4039f5]Bekijk Resultaten[/b:a1ef4039f5] om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klikken op: [b:a1ef4039f5]Verwijder geselecteerde[/b:a1ef4039f5] .
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
Hierna een nieuw Hijack This Log aanmaken en het resultaat daarvan samen met het eerste scanresultaat van MBAM posten;
tevens een Uninstall-lijst posten (Start HijackThis, klik op de knop Open the Misc Tools section, dan op de knop Open Uninstall Manager en als laatse op de knop Save). - bedankt dat je me helpt
.
[code:1:e043450f6a]het nieuw Hijack This Logje[/code:1:e043450f6a]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:00 PM, on 10/11/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\LG Software\LG OSD\HotKey.exe
C:\Program Files\LG Software\LG Magnifier\MagnifyingGlass.exe
C:\Program Files\lg_swupdate\GiljabiStart.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\LG Software\LG Magnifier\Maglev.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\windows sidebar\gadgets\LGSmartI.Gadget\plugins\LGSmartI.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lge.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lge.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lge.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lge.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [zOSD] C:\Program Files\LG Software\LG OSD\HotKey.exe
O4 - HKLM\..\Run: [KeybdUtility] C:\Program Files\LG Software\LG OSD\HotKey.exe
O4 - HKLM\..\Run: [LG Magnifier] %ProgramFiles%\LG Software\LG Magnifier\MagnifyingGlass.exe
O4 - HKLM\..\Run: [LGSR_Menu] "C:\Program Files\LG Software\LG Smart Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\LG Software\LG Smart Recovery" UpdateWithCreateOnce Software\CyberLink\PowerRecover
O4 - HKLM\..\Run: [LG Intelligent Update] "C:\Program Files\lg_swupdate\giljabistart.exe" Gilautouc
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{640D2B37-D923-4A58-9E16-C45D498929C7}: Domain = flits.rug.nl
O17 - HKLM\System\CCS\Services\Tcpip\..\{640D2B37-D923-4A58-9E16-C45D498929C7}: NameServer = 129.125.36.9,129.125.4.13
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
–
End of file - 10270 bytes
[code:1:e043450f6a]het scanresultaat van MBAM[/code:1:e043450f6a]
Malwarebytes' Anti-Malware 1.41
Database versie: 2943
Windows 6.0.6001 Service Pack 1
10/11/2009 11:10:28 PM
mbam-log-2009-10-11 (23-10-28).txt
Scan type: Snelle Scan
Objecten gescand: 90298
Verstreken tijd: 3 minute(s), 19 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 7
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 2
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
HKEY_CLASSES_ROOT\xml.xml (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c20ee2d6-81c3-6a08-79c5-1989da43bc19} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
[code:1:e043450f6a]een Uninstall-lijst[/code:1:e043450f6a]
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Choice Guard
CyberLink YouCam
CyberLink YouCam
Evaluatieversie van Microsoft Office Professional 2007
EzManual
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Matrix Storage Manager
Intel® Turbo Memory
iPhone Configuration Utility
iTunes
Java(TM) 6 Update 15
LG Fan Mode Tile for Windows Mobility Center
LG Intelligent Update
LG Magnifier
LG OSD
LG Smart Care
LG Smart Indicator
LG Smart Recovery
LG Smart Recovery
LG TouchPad Tile for Windows Mobility Center
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access MUI (Dutch) 2007
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (Dutch) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (Dutch) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (Dutch) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Minimizor 1.8
Miro
Mozilla Firefox (3.5.3)
MSVCRT
MSXML 4.0 SP2 (KB954430)
neroxml
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Panda ActiveScan 2.0
PokerStars
QuickTime
Ralink Wireless LAN Client Adapter
Realtek Ethernet Controller Driver For Windows Vista and Later
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Microsoft Office Word 2007 (KB969604)
SubSync
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb973514)
Update for Outlook 2007 Junk Email Filter (kb973514)
Update voor Microsoft Office Excel 2007 Help (KB963678)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
Update voor Microsoft Office Word 2007 Help (KB963665)
VLC media player 1.0.1
Vuze
Vuze Toolbar
WIDCOMM Bluetooth Software 6.0.1.5600
Windows Live - Hulpprogramma voor uploaden
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
WinRAR archiver
WinUHA 2.0 RC1 (2005.02.27)
Wolfenstein - Enemy Territory
Wondershare iPod Transfer(Build 1.0.1.0)
Xfire (remove only) - Hallo Nacho, natuurlijk help ik je graag.
Wat MBAM heeft gevonden, vind ik niet niks.
Het is ook daarom, dat ik je wil aanraden om [b:28877f8c94] Combofix jouw Windows te laten scannen[/b:28877f8c94] (KLIK).
[b:28877f8c94]Hoe Combofix goed te gebruiken[/b:28877f8c94] (KLIK)
[b:28877f8c94]Aanvulling: om Combofix te kunnen gebruiken geldt het volgende:[/b:28877f8c94]
[b:28877f8c94]- er mogen geen webbrowsers openstaan
- antivirus moet geheel gedeaktiveerd zijn
- actieve mal- en spywarescanners moeten gedeaktiveerd zijn.[/b:28877f8c94]
Niet in het actieve Combofixvnster klikken – dit zal Combofix doen bevriezen!
Combofix sluit de internet verbinding – probeer deze tussentijds niet te herstellen!
[b:28877f8c94]Vistagebruikers starten Combofix op met Administratorrechten!
En vergeten niet Windows Defender tijdelijk uit te schakelen: zie daarvoor http://windowshelp.microsoft.com/Windows/nl-NL/help/31d797aa-091d-4d67-a556-dbfaf21bf0dc1043.mspx
[/b:28877f8c94]
[b:28877f8c94]Hier vindt je gegevens hoe antivirus te deaktiveren[/b:28877f8c94] (KLIK)
Overigens: waarom is jouw Vista nog niet in SP2-uitvoering? - hey ik heb combofix gebruikt hier is het logje.
ComboFix 09-10-11.01 - user 10/12/2009 0:55.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3068.1962 [GMT 2:00]
Running from: c:\users\user\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active
.
((((((((((((((((((((((((( Files Created from 2009-09-11 to 2009-10-11 )))))))))))))))))))))))))))))))
.
2009-10-11 22:59 . 2009-10-11 22:59 ——– d—–w- c:\users\user\AppData\Local\temp
2009-10-11 22:59 . 2009-10-11 22:59 ——– d—–w- c:\users\Public\AppData\Local\temp
2009-10-11 22:59 . 2009-10-11 22:59 ——– d—–w- c:\users\Default\AppData\Local\temp
2009-10-11 21:04 . 2009-10-11 21:04 ——– d—–w- c:\users\user\AppData\Roaming\Malwarebytes
2009-10-11 21:04 . 2009-09-10 12:54 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-11 21:04 . 2009-10-11 21:04 ——– d—–w- c:\programdata\Malwarebytes
2009-10-11 21:04 . 2009-09-10 12:53 19160 —-a-w- c:\windows\system32\drivers\mbam.sys
2009-10-11 21:04 . 2009-10-11 21:10 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
2009-10-06 09:36 . 2009-08-07 02:24 44768 —-a-w- c:\windows\system32\wups2.dll
2009-10-06 09:36 . 2009-08-07 02:24 53472 —-a-w- c:\windows\system32\wuauclt.exe
2009-10-06 09:36 . 2009-08-07 02:23 1929952 —-a-w- c:\windows\system32\wuaueng.dll
2009-10-06 09:36 . 2009-08-07 01:45 2421760 —-a-w- c:\windows\system32\wucltux.dll
2009-10-06 09:36 . 2009-08-07 02:24 35552 —-a-w- c:\windows\system32\wups.dll
2009-10-06 09:36 . 2009-08-07 02:23 575704 —-a-w- c:\windows\system32\wuapi.dll
2009-10-06 09:36 . 2009-08-07 01:44 87552 —-a-w- c:\windows\system32\wudriver.dll
2009-10-06 09:36 . 2009-08-06 17:23 171608 —-a-w- c:\windows\system32\wuwebv.dll
2009-10-06 09:36 . 2009-08-06 16:44 33792 —-a-w- c:\windows\system32\wuapp.exe
2009-10-05 10:48 . 2009-10-05 10:48 ——– d—–w- c:\program files\Trend Micro
2009-10-03 10:19 . 2009-10-01 08:29 195440 ——w- c:\windows\system32\MpSigStub.exe
2009-10-01 19:03 . 2009-10-02 15:53 ——– d—–w- c:\program files\call of duty modern warfare
2009-09-30 10:56 . 2009-09-30 10:56 ——– d—–w- c:\users\Default\AppData\Local\Microsoft Help
2009-09-29 19:52 . 2009-09-29 19:52 ——– d—–w- c:\program files\Microsoft Office Outlook Connector
2009-09-29 19:51 . 2009-09-29 19:51 ——– d—–w- c:\program files\MSECache
2009-09-29 19:32 . 2009-09-29 19:32 ——– d—–w- c:\users\user\AppData\Local\Apps
2009-09-29 19:32 . 2009-09-29 19:32 ——– d—–w- c:\users\user\AppData\Local\Deployment
2009-09-29 19:31 . 2008-02-22 04:47 53248 —-a-w- c:\windows\system32\davclnt.dll
2009-09-29 19:04 . 2008-11-10 09:41 32656 —-a-w- c:\windows\system32\msonpmon.dll
2009-09-29 18:57 . 2009-09-29 18:57 ——– d—–w- c:\program files\Microsoft Visual Studio 8
2009-09-29 14:05 . 2009-09-29 19:08 ——– d—–w- c:\program files\Microsoft Works
2009-09-29 14:04 . 2009-09-29 14:04 ——– d—–w- c:\program files\Microsoft.NET
2009-09-29 13:57 . 2009-09-29 13:57 ——– d—–r- C:\MSOCache
2009-09-29 13:32 . 2009-10-05 10:34 ——– d—–w- c:\program files\PacificPoker
2009-09-29 00:36 . 2009-10-08 20:24 ——– d—–w- c:\users\user\AppData\Local\PokerStars
2009-09-29 00:36 . 2009-09-29 00:36 ——– d—–w- c:\program files\PokerStars
2009-09-29 00:26 . 2009-09-29 00:26 ——– d—–w- C:\Programs
2009-09-28 12:31 . 2009-09-28 12:31 ——– d—–w- c:\program files\SubSync
2009-09-28 12:31 . 2009-09-28 12:31 249856 ——w- c:\windows\Setup1.exe
2009-09-28 12:31 . 2009-09-28 12:31 73216 —-a-w- c:\windows\ST6UNST.EXE
2009-09-27 21:56 . 2009-09-27 21:56 ——– d—–w- c:\users\user\AppData\Roaming\PCF-VLC
2009-09-27 21:41 . 2009-09-27 21:41 ——– d—–w- c:\users\user\AppData\Roaming\Participatory Culture Foundation
2009-09-27 21:41 . 2009-09-27 21:41 ——– d—–w- c:\program files\Participatory Culture Foundation
2009-09-27 21:31 . 2009-09-27 21:36 ——– d—–w- c:\program files\EZ Boosters
2009-09-26 16:54 . 2009-09-26 16:54 680 —-a-w- c:\users\user\AppData\Local\d3d9caps.dat
2009-09-26 13:08 . 2009-09-26 18:37 ——– d—–w- C:\efba4d6d9e367b6fbb40130791fef2ab
2009-09-26 09:58 . 2009-04-22 22:27 38480 —-a-w- c:\windows\system32\drivers\WdfLdr.sys
2009-09-26 09:58 . 2009-04-22 22:27 445008 —-a-w- c:\windows\system32\drivers\Wdf01000.sys
2009-09-26 09:51 . 2009-09-02 09:09 176128 —-a-w- c:\windows\system32\drivers\Rtlh86.sys
2009-09-26 09:51 . 2009-07-22 16:24 94208 —-a-w- c:\windows\system32\RTNUninst32.dll
2009-09-26 09:51 . 2009-03-05 12:54 73728 —-a-w- c:\windows\system32\RtNicProp32.dll
2009-09-26 09:49 . 2009-09-26 09:49 ——– d—–w- c:\program files\QMI
2009-09-26 09:48 . 2008-04-28 09:37 393216 —-a-w- c:\windows\system32\athihvs.dll
2009-09-26 09:48 . 2009-04-14 14:01 385024 —-a-w- c:\windows\system32\QmiInstDev.exe
2009-09-26 09:29 . 2009-09-26 09:29 ——– d—–w- c:\program files\EzManual
2009-09-26 00:20 . 2009-09-26 00:20 ——– d—–w- C:\437f0073dad264c3d2259447
2009-09-26 00:18 . 2009-09-26 00:18 ——– d—–w- c:\windows\system32\EventProviders
2009-09-25 22:20 . 2009-09-25 22:20 41872 —-a-w- c:\windows\system32\xfcodec.dll
2009-09-19 15:16 . 2009-09-19 15:16 ——– d—–w- c:\program files\Wondershare
2009-09-18 23:53 . 2009-09-18 23:53 ——– d—–w- c:\program files\iPhone Configuration Utility
2009-09-18 23:52 . 2008-04-17 11:12 107368 —-a-w- c:\windows\system32\GEARAspi.dll
2009-09-18 23:52 . 2009-05-18 12:17 26600 —-a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-18 23:52 . 2009-09-18 23:52 ——– d—–w- c:\program files\iPod
2009-09-18 23:52 . 2009-09-18 23:52 ——– d—–w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-18 23:49 . 2009-09-18 23:50 ——– d—–w- c:\program files\QuickTime
2009-09-18 23:27 . 2009-09-18 23:27 ——– d—–w- c:\programdata\Office Genuine Advantage
2009-09-18 15:13 . 2009-06-15 15:24 175104 —-a-w- c:\windows\system32\wdigest.dll
2009-09-18 15:13 . 2009-06-15 15:22 213504 —-a-w- c:\windows\system32\msv1_0.dll
2009-09-18 15:13 . 2009-06-15 15:21 499712 —-a-w- c:\windows\system32\kerberos.dll
2009-09-18 15:13 . 2009-06-15 15:24 270848 —-a-w- c:\windows\system32\schannel.dll
2009-09-18 15:13 . 2009-06-15 15:23 1256448 —-a-w- c:\windows\system32\lsasrv.dll
2009-09-18 15:13 . 2009-06-15 18:20 439896 —-a-w- c:\windows\system32\drivers\ksecdd.sys
2009-09-18 15:13 . 2009-06-15 15:24 72704 —-a-w- c:\windows\system32\secur32.dll
2009-09-18 15:13 . 2009-06-15 12:57 9728 —-a-w- c:\windows\system32\lsass.exe
2009-09-18 14:39 . 2009-08-14 17:07 897608 —-a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-18 14:39 . 2009-08-14 16:29 104960 —-a-w- c:\windows\system32\netiohlp.dll
2009-09-18 14:39 . 2009-08-14 14:16 27136 —-a-w- c:\windows\system32\NETSTAT.EXE
2009-09-18 14:39 . 2009-08-14 14:16 9728 —-a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-18 14:39 . 2009-08-14 14:16 19968 —-a-w- c:\windows\system32\ARP.EXE
2009-09-18 14:39 . 2009-08-14 14:16 10240 —-a-w- c:\windows\system32\finger.exe
2009-09-18 14:38 . 2009-08-14 16:29 17920 —-a-w- c:\windows\system32\netevent.dll
2009-09-18 14:38 . 2009-08-14 14:16 17920 —-a-w- c:\windows\system32\ROUTE.EXE
2009-09-18 14:38 . 2009-08-14 14:16 11264 —-a-w- c:\windows\system32\MRINFO.EXE
2009-09-18 14:38 . 2009-08-14 14:16 8704 —-a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-18 14:38 . 2009-07-11 19:32 513024 —-a-w- c:\windows\system32\wlansvc.dll
2009-09-18 14:38 . 2009-07-11 19:32 302592 —-a-w- c:\windows\system32\wlansec.dll
2009-09-18 14:38 . 2009-07-11 19:32 293376 —-a-w- c:\windows\system32\wlanmsm.dll
2009-09-18 14:38 . 2009-07-11 19:29 127488 —-a-w- c:\windows\system32\L2SecHC.dll
2009-09-18 14:38 . 2009-06-10 12:11 2868224 —-a-w- c:\windows\system32\mf.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-11 22:39 . 2009-06-09 02:35 12 —-a-w- c:\windows\bthservsdp.dat
2009-10-11 22:34 . 2009-09-01 19:24 ——– d—–w- c:\users\user\AppData\Roaming\Azureus
2009-10-11 22:06 . 2009-08-08 20:53 62804 —-a-w- c:\programdata\nvModes.dat
2009-10-11 22:00 . 2009-08-08 21:06 139904 —-a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-11 21:59 . 2009-08-08 21:05 189744 —-a-w- c:\windows\system32\PnkBstrB.exe
2009-10-11 21:58 . 2009-08-08 19:54 ——– d—–w- c:\programdata\Xfire
2009-10-06 18:41 . 2009-08-09 08:02 ——– d—–w- c:\users\user\AppData\Roaming\vlc
2009-10-06 10:04 . 2009-08-22 21:49 ——– d—–w- c:\programdata\Nero
2009-10-01 19:35 . 2009-08-08 19:54 ——– d—–w- c:\users\user\AppData\Roaming\Xfire
2009-09-30 10:57 . 2009-06-09 02:42 ——– d—–w- c:\programdata\Microsoft Help
2009-09-30 10:33 . 2009-08-08 19:54 ——– d—–w- c:\program files\Xfire
2009-09-29 19:32 . 2009-08-06 18:24 104584 —-a-w- c:\users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-29 19:31 . 2009-08-09 06:08 ——– d—–w- c:\program files\Microsoft
2009-09-29 19:02 . 2006-11-02 12:37 ——– d—–w- c:\program files\MSBuild
2009-09-29 07:47 . 2006-11-02 12:37 ——– d—–w- c:\program files\Windows Sidebar
2009-09-29 00:34 . 2009-08-22 16:24 ——– d—–w- c:\program files\URUSoft
2009-09-28 15:13 . 2009-08-09 06:16 ——– d—–w- c:\users\user\AppData\Roaming\Apple Computer
2009-09-26 18:36 . 2006-11-02 11:18 ——– d—–w- c:\program files\Windows Mail
2009-09-26 16:54 . 2009-06-25 07:39 ——– d—–w- c:\programdata\NVIDIA
2009-09-26 10:00 . 2009-06-09 21:29 ——– d—–w- c:\program files\lg_swupdate
2009-09-26 09:51 . 2009-06-09 15:49 ——– d—–w- c:\program files\Realtek
2009-09-26 09:51 . 2009-06-09 15:49 ——– d–h–w- c:\program files\InstallShield Installation Information
2009-09-18 23:52 . 2009-08-09 06:15 ——– d—–w- c:\program files\iTunes
2009-09-18 23:52 . 2009-08-09 06:12 ——– d—–w- c:\program files\Common Files\Apple
2009-09-01 21:13 . 2009-09-01 21:13 ——– d—–w- c:\program files\WinUHA
2009-09-01 19:24 . 2009-09-01 19:24 ——– d—–w- c:\programdata\Azureus
2009-09-01 19:23 . 2009-09-01 19:22 ——– d—–w- c:\program files\Vuze
2009-08-28 12:39 . 2009-09-03 16:12 28672 —-a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15 . 2009-09-03 16:12 4240384 —-a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-23 09:02 . 2009-08-23 09:02 ——– d—–w- c:\program files\MSXML 4.0
2009-08-15 18:49 . 2009-08-15 18:49 ——– d—–w- c:\users\user\AppData\Roaming\VitySoft
2009-08-09 07:36 . 2009-08-09 07:36 411368 —-a-w- c:\windows\system32\deploytk.dll
2009-08-08 21:05 . 2009-08-08 21:05 75064 —-a-w- c:\windows\system32\PnkBstrA.exe
2009-08-03 13:07 . 2009-08-03 13:07 403816 —-a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 13:07 . 2009-08-03 13:07 322928 —-a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 13:07 . 2009-08-03 13:07 230768 —-a-w- c:\windows\system32\OGAEXEC.exe
2009-07-21 21:52 . 2009-08-09 12:18 915456 —-a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-09 12:18 109056 —-a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-09 12:18 71680 —-a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-09 12:18 133632 —-a-w- c:\windows\system32\ieUnatt.exe
2009-07-21 06:52 . 2009-07-21 06:52 499712 —-a-w- c:\windows\system32\msvcp71.dll
2009-07-21 06:52 . 2009-07-21 06:52 348160 —-a-w- c:\windows\system32\msvcr71.dll
2009-07-17 14:35 . 2009-08-15 15:13 71680 —-a-w- c:\windows\system32\atl.dll
2009-07-14 13:00 . 2009-08-15 15:13 313344 —-a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-08-15 15:13 4096 —-a-w- c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-08-15 15:13 7680 —-a-w- c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-08-15 15:13 8147456 —-a-w- c:\windows\system32\wmploc.DLL
.
((((((((((((((((((((((((((((( SnapShot@2009-10-11_22.36.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-10-11 22:42 49732 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-10-11 22:42 93256 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-08-06 18:24 . 2009-10-11 21:14 5920 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-647323661-476650339-1405456048-1000_UserData.bin
+ 2009-08-06 18:24 . 2009-10-11 22:42 5920 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-647323661-476650339-1405456048-1000_UserData.bin
- 2009-10-11 21:12 . 2009-10-11 21:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-10-11 22:40 . 2009-10-11 22:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-10-11 21:12 . 2009-10-11 21:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-10-11 22:40 . 2009-10-11 22:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-10-11 22:48 595684 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-10-11 21:19 595684 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-10-11 22:48 101350 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-10-11 21:19 101350 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-09 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-05 1830128]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]
"zOSD"="c:\program files\LG Software\LG OSD\HotKey.exe" [2009-05-13 3166208]
"KeybdUtility"="c:\program files\LG Software\LG OSD\HotKey.exe" [2009-05-13 3166208]
"LG Magnifier"="c:\program files\LG Software\LG Magnifier\MagnifyingGlass.exe" [2008-05-20 144688]
"LGSR_Menu"="c:\program files\LG Software\LG Smart Recovery\MUITransfer\MUIStartMenu.exe" [2008-09-24 210216]
"LG Intelligent Update"="c:\program files\lg_swupdate\giljabistart.exe" [2009-02-16 304432]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-05-07 7227936]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-04-27 186904]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2009-03-09 33304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-08 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-08 92704]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-09 149280]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-10-2 727592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 —-a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{B75DB40B-6AC9-4821-8A22-E08C6D942D2A}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{C603EE2D-1283-4621-A62A-BD6DF1DA7A53}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"TCP Query User{7530347D-74E3-4DCB-B067-17E929E7CEC9}c:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"UDP Query User{D968FB5B-1150-4099-8DD3-6AA11F8282DA}c:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"{C8AE2C17-2CFC-40A7-B5F5-0F30EAC5F4F3}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{551BA0DD-21B5-4F69-B3D0-2805E7130D36}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6CD9D12C-73F2-462C-A512-1540E68E1CF1}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{D306976D-BB1A-4FE1-851C-1742EDDB6182}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{A7DA8E50-2A84-4867-B0E8-C95388D186C6}c:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= UDP:c:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader
"UDP Query User{C1066CB7-CA67-48F4-B728-7481696D87C7}c:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= TCP:c:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader
"{6B33024D-981F-4022-846A-153063AA48BC}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{61A0E5CD-C2F7-4631-81C8-4F780CAFF57D}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F9421800-CAA1-464F-A6A0-DE1C068ACAC2}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{AED5D5BF-9888-4896-96CA-F27F69124C78}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{19C1D88F-314F-43B3-9973-3DDC8B1EA0C2}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{A2204E3B-FCAA-4FF2-9541-FF23EE8036B8}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{B17B35D2-9819-4961-BB04-5ECE55B8159E}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
R0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\System32\drivers\iaNvStor.sys [6/9/2009 5:45 PM 229400]
R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [8/9/2009 9:39 AM 28544]
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [2/6/2009 2:23 PM 106208]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2/6/2009 2:23 PM 727720]
R2 epfwwfp;epfwwfp;c:\windows\System32\drivers\epfwwfp.sys [2/6/2009 2:24 PM 38240]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\System32\drivers\netr28.sys [3/27/2009 4:18 PM 529920]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [6/9/2009 5:45 PM 52768]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [3/30/2009 4:28 PM 1533808]
S3 AVer8G54;AVerMedia A855 II BDA Digital Tuner;c:\windows\System32\drivers\AVer8G54.sys [7/10/2009 1:05 AM 47104]
S3 wsvd;wsvd;c:\windows\System32\drivers\wsvd.sys [5/26/2008 8:54 PM 81704]
S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe –> c:\program files\AskBarDis\bar\bin\AskService.exe [?]
S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe –> c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-10-11 c:\windows\Tasks\User_Feed_Synchronization-{4C93D44A-C9D5-475B-883C-436E3DDE5EA8}.job
- c:\windows\system32\msfeedssync.exe [2009-08-09 20:13]
.
.
——- Supplementary Scan ——-
.
uStart Page = hxxp://www.lge.com
mStart Page = hxxp://www.lge.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\wpclsp.dll
TCP: {640D2B37-D923-4A58-9E16-C45D498929C7} = 129.125.36.9,129.125.4.13
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\eciyk4pe.default\
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-12 00:59
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
——————— DLLs Loaded Under Running Processes ———————
- - - - - - - > 'Explorer.exe'(3104)
c:\windows\system32\btmmhook.dll
.
Completion time: 2009-10-11 1:01
ComboFix-quarantined-files.txt 2009-10-11 23:01
ComboFix2.txt 2009-10-11 22:37
Pre-Run: 163,714,953,216 bytes free
Post-Run: 163,610,005,504 bytes free
288 — E O F — 2009-10-09 11:08
het is niet een heel relaxt programma, mijn internet wordt niet automatisch herstelt…
moest even zoeken maar me internet werkt weer (het herstelt niet automatisch mijn gateway IP).
over dat Windows vista pack2
ik heb het geprobeerd, maar telkens als ik het installeerde en Windows opnieuw opstartte flipte Windows en moest ik me LG recovery draaien om naar een eerder herstelpunt terug te kunnen. (dus weer terug naar vista pack 1)
misschien ligt het aan malware of aan LG - Hllo Nacho, de Combofixscan is van weinig waarde geworden: je antivirus was niet gedeaktiveerd!
Daardoor heeft Combofix niet juist kunnen werken, mogelijk was het bestand al beschadigd ook door jouw antivirus!
Wat dat betreft kan ik dus je opmerking over het tool begrijpen.
Maar: download Combofix opnieuw (het oude bestand mag je verwijderen), [b:25c3a97a8f]deaktiveer weer de scanners en nu ook je antivirus, voordat je Combofix opstart![/b:25c3a97a8f] - ComboFix 09-10-11.03 - user 10/12/2009 15:42.3.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3068.1863 [GMT 2:00]
Running from: c:\users\user\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2009-09-12 to 2009-10-12 )))))))))))))))))))))))))))))))
.
2009-10-12 13:46 . 2009-10-12 13:46 ——– d—–w- c:\users\user\AppData\Local\temp
2009-10-12 13:46 . 2009-10-12 13:46 ——– d—–w- c:\users\Public\AppData\Local\temp
2009-10-12 13:46 . 2009-10-12 13:46 ——– d—–w- c:\users\Default\AppData\Local\temp
2009-10-11 21:04 . 2009-10-11 21:04 ——– d—–w- c:\users\user\AppData\Roaming\Malwarebytes
2009-10-11 21:04 . 2009-09-10 12:54 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-11 21:04 . 2009-10-11 21:04 ——– d—–w- c:\programdata\Malwarebytes
2009-10-11 21:04 . 2009-09-10 12:53 19160 —-a-w- c:\windows\system32\drivers\mbam.sys
2009-10-11 21:04 . 2009-10-11 21:10 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
2009-10-06 09:36 . 2009-08-07 02:24 44768 —-a-w- c:\windows\system32\wups2.dll
2009-10-06 09:36 . 2009-08-07 02:24 53472 —-a-w- c:\windows\system32\wuauclt.exe
2009-10-06 09:36 . 2009-08-07 02:23 1929952 —-a-w- c:\windows\system32\wuaueng.dll
2009-10-06 09:36 . 2009-08-07 01:45 2421760 —-a-w- c:\windows\system32\wucltux.dll
2009-10-06 09:36 . 2009-08-07 02:24 35552 —-a-w- c:\windows\system32\wups.dll
2009-10-06 09:36 . 2009-08-07 02:23 575704 —-a-w- c:\windows\system32\wuapi.dll
2009-10-06 09:36 . 2009-08-07 01:44 87552 —-a-w- c:\windows\system32\wudriver.dll
2009-10-06 09:36 . 2009-08-06 17:23 171608 —-a-w- c:\windows\system32\wuwebv.dll
2009-10-06 09:36 . 2009-08-06 16:44 33792 —-a-w- c:\windows\system32\wuapp.exe
2009-10-05 10:48 . 2009-10-05 10:48 ——– d—–w- c:\program files\Trend Micro
2009-10-03 10:19 . 2009-10-01 08:29 195440 ——w- c:\windows\system32\MpSigStub.exe
2009-10-01 19:03 . 2009-10-02 15:53 ——– d—–w- c:\program files\call of duty modern warfare
2009-09-30 10:56 . 2009-09-30 10:56 ——– d—–w- c:\users\Default\AppData\Local\Microsoft Help
2009-09-29 19:52 . 2009-09-29 19:52 ——– d—–w- c:\program files\Microsoft Office Outlook Connector
2009-09-29 19:51 . 2009-09-29 19:51 ——– d—–w- c:\program files\MSECache
2009-09-29 19:32 . 2009-09-29 19:32 ——– d—–w- c:\users\user\AppData\Local\Apps
2009-09-29 19:32 . 2009-09-29 19:32 ——– d—–w- c:\users\user\AppData\Local\Deployment
2009-09-29 19:31 . 2008-02-22 04:47 53248 —-a-w- c:\windows\system32\davclnt.dll
2009-09-29 19:04 . 2008-11-10 09:41 32656 —-a-w- c:\windows\system32\msonpmon.dll
2009-09-29 18:57 . 2009-09-29 18:57 ——– d—–w- c:\program files\Microsoft Visual Studio 8
2009-09-29 14:05 . 2009-09-29 19:08 ——– d—–w- c:\program files\Microsoft Works
2009-09-29 14:04 . 2009-09-29 14:04 ——– d—–w- c:\program files\Microsoft.NET
2009-09-29 13:57 . 2009-09-29 13:57 ——– d—–r- C:\MSOCache
2009-09-29 13:32 . 2009-10-05 10:34 ——– d—–w- c:\program files\PacificPoker
2009-09-29 00:36 . 2009-10-08 20:24 ——– d—–w- c:\users\user\AppData\Local\PokerStars
2009-09-29 00:36 . 2009-09-29 00:36 ——– d—–w- c:\program files\PokerStars
2009-09-29 00:26 . 2009-09-29 00:26 ——– d—–w- C:\Programs
2009-09-28 12:31 . 2009-09-28 12:31 ——– d—–w- c:\program files\SubSync
2009-09-28 12:31 . 2009-09-28 12:31 249856 ——w- c:\windows\Setup1.exe
2009-09-28 12:31 . 2009-09-28 12:31 73216 —-a-w- c:\windows\ST6UNST.EXE
2009-09-27 21:56 . 2009-09-27 21:56 ——– d—–w- c:\users\user\AppData\Roaming\PCF-VLC
2009-09-27 21:41 . 2009-09-27 21:41 ——– d—–w- c:\users\user\AppData\Roaming\Participatory Culture Foundation
2009-09-27 21:41 . 2009-09-27 21:41 ——– d—–w- c:\program files\Participatory Culture Foundation
2009-09-27 21:31 . 2009-09-27 21:36 ——– d—–w- c:\program files\EZ Boosters
2009-09-26 16:54 . 2009-09-26 16:54 680 —-a-w- c:\users\user\AppData\Local\d3d9caps.dat
2009-09-26 13:08 . 2009-09-26 18:37 ——– d—–w- C:\efba4d6d9e367b6fbb40130791fef2ab
2009-09-26 09:58 . 2009-04-22 22:27 38480 —-a-w- c:\windows\system32\drivers\WdfLdr.sys
2009-09-26 09:58 . 2009-04-22 22:27 445008 —-a-w- c:\windows\system32\drivers\Wdf01000.sys
2009-09-26 09:51 . 2009-09-02 09:09 176128 —-a-w- c:\windows\system32\drivers\Rtlh86.sys
2009-09-26 09:51 . 2009-07-22 16:24 94208 —-a-w- c:\windows\system32\RTNUninst32.dll
2009-09-26 09:51 . 2009-03-05 12:54 73728 —-a-w- c:\windows\system32\RtNicProp32.dll
2009-09-26 09:49 . 2009-09-26 09:49 ——– d—–w- c:\program files\QMI
2009-09-26 09:48 . 2008-04-28 09:37 393216 —-a-w- c:\windows\system32\athihvs.dll
2009-09-26 09:48 . 2009-04-14 14:01 385024 —-a-w- c:\windows\system32\QmiInstDev.exe
2009-09-26 09:29 . 2009-09-26 09:29 ——– d—–w- c:\program files\EzManual
2009-09-26 00:20 . 2009-09-26 00:20 ——– d—–w- C:\437f0073dad264c3d2259447
2009-09-26 00:18 . 2009-09-26 00:18 ——– d—–w- c:\windows\system32\EventProviders
2009-09-25 22:20 . 2009-09-25 22:20 41872 —-a-w- c:\windows\system32\xfcodec.dll
2009-09-19 15:16 . 2009-09-19 15:16 ——– d—–w- c:\program files\Wondershare
2009-09-18 23:53 . 2009-09-18 23:53 ——– d—–w- c:\program files\iPhone Configuration Utility
2009-09-18 23:52 . 2008-04-17 11:12 107368 —-a-w- c:\windows\system32\GEARAspi.dll
2009-09-18 23:52 . 2009-05-18 12:17 26600 —-a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-18 23:52 . 2009-09-18 23:52 ——– d—–w- c:\program files\iPod
2009-09-18 23:52 . 2009-09-18 23:52 ——– d—–w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-18 23:49 . 2009-09-18 23:50 ——– d—–w- c:\program files\QuickTime
2009-09-18 23:27 . 2009-09-18 23:27 ——– d—–w- c:\programdata\Office Genuine Advantage
2009-09-18 15:13 . 2009-06-15 15:24 175104 —-a-w- c:\windows\system32\wdigest.dll
2009-09-18 15:13 . 2009-06-15 15:22 213504 —-a-w- c:\windows\system32\msv1_0.dll
2009-09-18 15:13 . 2009-06-15 15:21 499712 —-a-w- c:\windows\system32\kerberos.dll
2009-09-18 15:13 . 2009-06-15 15:24 270848 —-a-w- c:\windows\system32\schannel.dll
2009-09-18 15:13 . 2009-06-15 15:23 1256448 —-a-w- c:\windows\system32\lsasrv.dll
2009-09-18 15:13 . 2009-06-15 18:20 439896 —-a-w- c:\windows\system32\drivers\ksecdd.sys
2009-09-18 15:13 . 2009-06-15 15:24 72704 —-a-w- c:\windows\system32\secur32.dll
2009-09-18 15:13 . 2009-06-15 12:57 9728 —-a-w- c:\windows\system32\lsass.exe
2009-09-18 14:39 . 2009-08-14 17:07 897608 —-a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-18 14:39 . 2009-08-14 16:29 104960 —-a-w- c:\windows\system32\netiohlp.dll
2009-09-18 14:39 . 2009-08-14 14:16 27136 —-a-w- c:\windows\system32\NETSTAT.EXE
2009-09-18 14:39 . 2009-08-14 14:16 9728 —-a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-18 14:39 . 2009-08-14 14:16 19968 —-a-w- c:\windows\system32\ARP.EXE
2009-09-18 14:39 . 2009-08-14 14:16 10240 —-a-w- c:\windows\system32\finger.exe
2009-09-18 14:38 . 2009-08-14 16:29 17920 —-a-w- c:\windows\system32\netevent.dll
2009-09-18 14:38 . 2009-08-14 14:16 17920 —-a-w- c:\windows\system32\ROUTE.EXE
2009-09-18 14:38 . 2009-08-14 14:16 11264 —-a-w- c:\windows\system32\MRINFO.EXE
2009-09-18 14:38 . 2009-08-14 14:16 8704 —-a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-18 14:38 . 2009-07-11 19:32 513024 —-a-w- c:\windows\system32\wlansvc.dll
2009-09-18 14:38 . 2009-07-11 19:32 302592 —-a-w- c:\windows\system32\wlansec.dll
2009-09-18 14:38 . 2009-07-11 19:32 293376 —-a-w- c:\windows\system32\wlanmsm.dll
2009-09-18 14:38 . 2009-07-11 19:29 127488 —-a-w- c:\windows\system32\L2SecHC.dll
2009-09-18 14:38 . 2009-06-10 12:11 2868224 —-a-w- c:\windows\system32\mf.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-12 13:38 . 2009-09-01 19:24 ——– d—–w- c:\users\user\AppData\Roaming\Azureus
2009-10-12 13:31 . 2009-08-08 20:53 62804 —-a-w- c:\programdata\nvModes.dat
2009-10-12 12:04 . 2009-08-08 21:06 139904 —-a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-12 12:04 . 2009-08-08 21:05 189744 —-a-w- c:\windows\system32\PnkBstrB.exe
2009-10-11 23:03 . 2009-06-09 02:35 12 —-a-w- c:\windows\bthservsdp.dat
2009-10-11 21:58 . 2009-08-08 19:54 ——– d—–w- c:\programdata\Xfire
2009-10-06 18:41 . 2009-08-09 08:02 ——– d—–w- c:\users\user\AppData\Roaming\vlc
2009-10-06 10:04 . 2009-08-22 21:49 ——– d—–w- c:\programdata\Nero
2009-10-01 19:35 . 2009-08-08 19:54 ——– d—–w- c:\users\user\AppData\Roaming\Xfire
2009-09-30 10:57 . 2009-06-09 02:42 ——– d—–w- c:\programdata\Microsoft Help
2009-09-30 10:33 . 2009-08-08 19:54 ——– d—–w- c:\program files\Xfire
2009-09-29 19:32 . 2009-08-06 18:24 104584 —-a-w- c:\users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-29 19:31 . 2009-08-09 06:08 ——– d—–w- c:\program files\Microsoft
2009-09-29 19:02 . 2006-11-02 12:37 ——– d—–w- c:\program files\MSBuild
2009-09-29 07:47 . 2006-11-02 12:37 ——– d—–w- c:\program files\Windows Sidebar
2009-09-29 00:34 . 2009-08-22 16:24 ——– d—–w- c:\program files\URUSoft
2009-09-28 15:13 . 2009-08-09 06:16 ——– d—–w- c:\users\user\AppData\Roaming\Apple Computer
2009-09-26 18:36 . 2006-11-02 11:18 ——– d—–w- c:\program files\Windows Mail
2009-09-26 16:54 . 2009-06-25 07:39 ——– d—–w- c:\programdata\NVIDIA
2009-09-26 10:00 . 2009-06-09 21:29 ——– d—–w- c:\program files\lg_swupdate
2009-09-26 09:51 . 2009-06-09 15:49 ——– d—–w- c:\program files\Realtek
2009-09-26 09:51 . 2009-06-09 15:49 ——– d–h–w- c:\program files\InstallShield Installation Information
2009-09-18 23:52 . 2009-08-09 06:15 ——– d—–w- c:\program files\iTunes
2009-09-18 23:52 . 2009-08-09 06:12 ——– d—–w- c:\program files\Common Files\Apple
2009-09-01 21:13 . 2009-09-01 21:13 ——– d—–w- c:\program files\WinUHA
2009-09-01 19:24 . 2009-09-01 19:24 ——– d—–w- c:\programdata\Azureus
2009-09-01 19:23 . 2009-09-01 19:22 ——– d—–w- c:\program files\Vuze
2009-08-28 12:39 . 2009-09-03 16:12 28672 —-a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15 . 2009-09-03 16:12 4240384 —-a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-23 09:02 . 2009-08-23 09:02 ——– d—–w- c:\program files\MSXML 4.0
2009-08-15 18:49 . 2009-08-15 18:49 ——– d—–w- c:\users\user\AppData\Roaming\VitySoft
2009-08-09 07:36 . 2009-08-09 07:36 411368 —-a-w- c:\windows\system32\deploytk.dll
2009-08-08 21:05 . 2009-08-08 21:05 75064 —-a-w- c:\windows\system32\PnkBstrA.exe
2009-08-03 13:07 . 2009-08-03 13:07 403816 —-a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 13:07 . 2009-08-03 13:07 322928 —-a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 13:07 . 2009-08-03 13:07 230768 —-a-w- c:\windows\system32\OGAEXEC.exe
2009-07-21 21:52 . 2009-08-09 12:18 915456 —-a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-09 12:18 109056 —-a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-09 12:18 71680 —-a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-09 12:18 133632 —-a-w- c:\windows\system32\ieUnatt.exe
2009-07-21 06:52 . 2009-07-21 06:52 499712 —-a-w- c:\windows\system32\msvcp71.dll
2009-07-21 06:52 . 2009-07-21 06:52 348160 —-a-w- c:\windows\system32\msvcr71.dll
2009-07-17 14:35 . 2009-08-15 15:13 71680 —-a-w- c:\windows\system32\atl.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-10-11_22.36.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-10-12 11:14 49798 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-10-12 11:14 93264 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-08-06 18:24 . 2009-10-12 11:14 6064 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-647323661-476650339-1405456048-1000_UserData.bin
- 2009-10-11 21:12 . 2009-10-11 21:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-10-12 11:08 . 2009-10-12 11:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-10-11 21:12 . 2009-10-11 21:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-10-12 11:08 . 2009-10-12 11:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-10-12 11:16 595684 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-10-11 21:19 595684 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-10-12 11:16 101350 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-10-11 21:19 101350 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-09 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-05 1830128]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]
"zOSD"="c:\program files\LG Software\LG OSD\HotKey.exe" [2009-05-13 3166208]
"KeybdUtility"="c:\program files\LG Software\LG OSD\HotKey.exe" [2009-05-13 3166208]
"LG Magnifier"="c:\program files\LG Software\LG Magnifier\MagnifyingGlass.exe" [2008-05-20 144688]
"LGSR_Menu"="c:\program files\LG Software\LG Smart Recovery\MUITransfer\MUIStartMenu.exe" [2008-09-24 210216]
"LG Intelligent Update"="c:\program files\lg_swupdate\giljabistart.exe" [2009-02-16 304432]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-05-07 7227936]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-04-27 186904]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2009-03-09 33304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-08 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-08 92704]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-09 149280]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-10-2 727592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 —-a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{B75DB40B-6AC9-4821-8A22-E08C6D942D2A}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{C603EE2D-1283-4621-A62A-BD6DF1DA7A53}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"TCP Query User{7530347D-74E3-4DCB-B067-17E929E7CEC9}c:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"UDP Query User{D968FB5B-1150-4099-8DD3-6AA11F8282DA}c:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"{C8AE2C17-2CFC-40A7-B5F5-0F30EAC5F4F3}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{551BA0DD-21B5-4F69-B3D0-2805E7130D36}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6CD9D12C-73F2-462C-A512-1540E68E1CF1}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{D306976D-BB1A-4FE1-851C-1742EDDB6182}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{A7DA8E50-2A84-4867-B0E8-C95388D186C6}c:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= UDP:c:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader
"UDP Query User{C1066CB7-CA67-48F4-B728-7481696D87C7}c:\\program files\\participatory culture foundation\\miro\\miro_downloader.exe"= TCP:c:\program files\participatory culture foundation\miro\miro_downloader.exe:Miro_Downloader
"{6B33024D-981F-4022-846A-153063AA48BC}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{61A0E5CD-C2F7-4631-81C8-4F780CAFF57D}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F9421800-CAA1-464F-A6A0-DE1C068ACAC2}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{AED5D5BF-9888-4896-96CA-F27F69124C78}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{19C1D88F-314F-43B3-9973-3DDC8B1EA0C2}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{A2204E3B-FCAA-4FF2-9541-FF23EE8036B8}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{B17B35D2-9819-4961-BB04-5ECE55B8159E}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
R0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\System32\drivers\iaNvStor.sys [6/9/2009 5:45 PM 229400]
R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [8/9/2009 9:39 AM 28544]
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [2/6/2009 2:23 PM 106208]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2/6/2009 2:23 PM 727720]
R2 epfwwfp;epfwwfp;c:\windows\System32\drivers\epfwwfp.sys [2/6/2009 2:24 PM 38240]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\System32\drivers\netr28.sys [3/27/2009 4:18 PM 529920]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [6/9/2009 5:45 PM 52768]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [3/30/2009 4:28 PM 1533808]
S3 AVer8G54;AVerMedia A855 II BDA Digital Tuner;c:\windows\System32\drivers\AVer8G54.sys [7/10/2009 1:05 AM 47104]
S3 wsvd;wsvd;c:\windows\System32\drivers\wsvd.sys [5/26/2008 8:54 PM 81704]
S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe –> c:\program files\AskBarDis\bar\bin\AskService.exe [?]
S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe –> c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-10-11 c:\windows\Tasks\User_Feed_Synchronization-{4C93D44A-C9D5-475B-883C-436E3DDE5EA8}.job
- c:\windows\system32\msfeedssync.exe [2009-08-09 20:13]
.
.
——- Supplementary Scan ——-
.
uStart Page = hxxp://www.lge.com
mStart Page = hxxp://www.lge.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\wpclsp.dll
TCP: {640D2B37-D923-4A58-9E16-C45D498929C7} = 129.125.36.9,129.125.4.13
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\eciyk4pe.default\
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-12 15:46
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
——————— DLLs Loaded Under Running Processes ———————
- - - - - - - > 'Explorer.exe'(3844)
c:\windows\system32\btmmhook.dll
.
Completion time: 2009-10-12 15:47
ComboFix-quarantined-files.txt 2009-10-12 13:47
ComboFix2.txt 2009-10-11 23:01
ComboFix3.txt 2009-10-11 22:37
Pre-Run: 163,541,450,752 bytes free
Post-Run: 163,448,233,984 bytes free
283 — E O F — 2009-10-12 11:15 - Hallo Nacho, ik heb een heel vervelende mededeling voor je: in jouw Windows zit het polymorfe virus Virut.
Daar helpt maar één ding tegen: een schone installatie.
Voordat je dan met programma's installeren begint, zet er eerst ook SP2 in - dat maakt Vista stabieler en sneller!
En ga een andere dan de Windows firewall gebruiken, bijv. ZoneAlarmFree!
Want Virut weet hoe de Windows firewall te omzeilen! - hmm ok,
ik heb nog wel een paar vragen dan.
wat is het precies voor virus wat doet het en wat voor effect heeft het voor me laptop?
waar is de oorsprong van het virus? in welk bestand?
zit het virus in al me bestanden en programma's dus ook in me externe harde schijf? (daar bevinden zich alleen films en foto's)
kan ik bestanden/programma's dus op de externe hardeschijf plaatsen en zo dingen bewaren en later na de installatie terugplaatsen?
hoe installeer ik vista opnieuw ik heb namelijk alleen vista op de computer staan en geen cd-schijf meegekregen van de winkel. - Virut is een zelfstandig virus.
Het is een virus, dat zichzelf herbenoemt, om ontdekking tegen te gaan! Het verandert systeembestanden, herbenoemt files en nog meer en is bijzonder moeilijk te verwijderen!
Virut is slim genoeg, om de Windows firewall te omzeilen, om binnen te dringen!
Daarom: een schone herinstallatie is de beste oplossing en ga dan ook een echte firewall gebruiken - hey ik heb vista via mijn lg recovery buiten vista om terug kunnen zetten naar de utigave van wanneer hij uit de fabriek kwam.
ik weet niet of dat hetzelfde is als een complete nieuwe installatie van vista daarom heb ik nu nog een combofix gemaakt.
kan je misschien controleren of het virus nog in mijn laptop gegevens is?
alvast hartstikke bedankt :wink:
ComboFix 09-10-15.01 - user 10/15/2009 19:14.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3068.1932 [GMT 2:00]
Running from: c:\users\user\Desktop\ComboFix.exe
FW: Outpost Firewall *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1075378636-3642388641-673769889-500
c:\$recycle.bin\S-1-5-21-647323661-476650339-1405456048-500
.
((((((((((((((((((((((((( Files Created from 2009-09-15 to 2009-10-15 )))))))))))))))))))))))))))))))
.
2009-10-15 17:19 . 2009-10-15 17:19 ——– d—–w- c:\users\Default\AppData\Local\temp
2009-10-15 01:54 . 2009-10-15 01:54 ——– d—–w- c:\windows\system32\ca-ES
2009-10-15 01:54 . 2009-10-15 01:54 ——– d—–w- c:\windows\system32\eu-ES
2009-10-15 01:53 . 2009-10-15 01:54 ——– d—–w- c:\windows\system32\vi-VN
2009-10-15 01:39 . 2009-10-15 01:39 ——– d—–w- c:\windows\system32\EventProviders
2009-10-15 01:38 . 2009-04-11 05:03 12240896 —-a-w- c:\windows\system32\NlsLexicons0007.dll
2009-10-15 01:38 . 2009-04-11 06:28 1081344 —-a-w- c:\windows\system32\SLCExt.dll
2009-10-15 01:38 . 2009-04-11 06:27 3408896 —-a-w- c:\windows\system32\SLsvc.exe
2009-10-15 01:38 . 2009-04-11 06:28 2134528 —-a-w- c:\windows\system32\FunctionDiscoveryFolder.dll
2009-10-15 01:38 . 2009-04-11 06:27 65536 —-a-w- c:\windows\system32\DevicePairingWizard.exe
2009-10-15 01:36 . 2009-04-11 06:28 592896 —-a-w- c:\windows\system32\netlogon.dll
2009-10-15 01:35 . 2009-04-11 06:28 83968 —-a-w- c:\windows\system32\wbem\wmiutils.dll
2009-10-15 01:35 . 2009-04-11 06:28 744448 —-a-w- c:\windows\system32\wbem\wbemcore.dll
2009-10-15 01:35 . 2009-04-11 06:28 30208 —-a-w- c:\windows\system32\wbem\wbemprox.dll
2009-10-15 01:35 . 2009-04-11 06:28 265728 —-a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-10-15 01:35 . 2009-04-11 06:28 189440 —-a-w- c:\windows\system32\wbem\mofd.dll
2009-10-15 01:35 . 2009-04-11 06:28 614912 —-a-w- c:\windows\system32\wbem\fastprox.dll
2009-10-15 01:35 . 2009-04-11 06:28 265728 —-a-w- c:\windows\system32\wbem\esscli.dll
2009-10-15 01:35 . 2009-04-11 06:28 705536 —-a-w- c:\windows\system32\SmiEngine.dll
2009-10-15 01:35 . 2009-04-11 06:28 218624 —-a-w- c:\windows\system32\wdscore.dll
2009-10-15 01:35 . 2009-04-11 06:27 130560 —-a-w- c:\windows\system32\PkgMgr.exe
2009-10-15 01:35 . 2009-04-11 06:28 247808 —-a-w- c:\windows\system32\drvstore.dll
2009-10-14 23:20 . 2009-10-14 23:20 ——– d—–w- c:\program files\Trend Micro
2009-10-14 23:10 . 2009-04-06 09:37 704384 —-a-w- c:\windows\system32\drivers\SandBox.sys
2009-10-14 23:10 . 2009-02-10 14:12 307224 —-a-w- c:\windows\system32\drivers\afwcore.sys
2009-10-14 23:08 . 2009-02-18 15:27 29208 —-a-w- c:\windows\system32\drivers\afw.sys
2009-10-14 23:08 . 2009-10-14 23:08 ——– d—–w- c:\program files\Agnitum
2009-10-14 23:07 . 2009-10-14 23:07 ——– d—–w- c:\programdata\Agnitum
2009-10-14 22:00 . 2009-02-15 21:11 293528 —-a-w- c:\windows\system32\drivers\vsdatant.sys
2009-10-14 14:17 . 2009-10-14 14:17 ——– d—–w- c:\program files\ESET
2009-10-14 14:10 . 2009-10-14 14:10 ——– d—–w- c:\users\user\AppData\Roaming\Malwarebytes
2009-10-14 14:10 . 2009-09-10 12:54 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-14 14:10 . 2009-10-14 14:10 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
2009-10-14 14:10 . 2009-10-14 14:10 ——– d—–w- c:\programdata\Malwarebytes
2009-10-14 14:10 . 2009-09-10 12:53 19160 —-a-w- c:\windows\system32\drivers\mbam.sys
2009-10-14 14:04 . 2009-10-14 14:04 ——– d—–w- c:\users\user\AppData\Roaming\GetRightToGo
2009-10-14 12:52 . 2009-10-14 12:52 ——– d—–w- c:\users\user\AppData\Local\Mozilla
2009-10-14 11:45 . 2009-06-22 10:09 2048 —-a-w- c:\windows\system32\tzres.dll
2009-10-14 11:28 . 2009-10-14 11:28 ——– d—–w- c:\program files\Zone Labs
2009-10-14 11:27 . 2009-10-14 11:27 ——– d—–w- c:\programdata\CheckPoint
2009-10-14 11:23 . 2009-10-01 08:29 195440 ——w- c:\windows\system32\MpSigStub.exe
2009-10-14 11:11 . 2009-10-14 22:39 ——– d—–w- c:\windows\Internet Logs
2009-10-14 11:10 . 2008-07-27 18:03 41984 —-a-w- c:\windows\system32\netfxperf.dll
2009-10-14 11:09 . 2009-04-11 06:28 1696768 —-a-w- c:\windows\system32\gameux.dll
2009-10-14 11:09 . 2009-08-29 00:27 4240384 —-a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-10-14 11:09 . 2009-08-29 00:14 28672 —-a-w- c:\windows\system32\Apphlpdm.dll
2009-10-14 11:09 . 2009-06-10 11:38 91136 —-a-w- c:\windows\system32\avifil32.dll
2009-10-14 11:09 . 2009-05-08 12:53 604672 —-a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-14 11:09 . 2009-06-15 14:54 175104 —-a-w- c:\windows\system32\wdigest.dll
2009-10-14 11:09 . 2009-06-15 14:52 1259008 —-a-w- c:\windows\system32\lsasrv.dll
2009-10-14 11:09 . 2009-06-15 14:52 499712 —-a-w- c:\windows\system32\kerberos.dll
2009-10-14 11:09 . 2009-06-15 23:15 439864 —-a-w- c:\windows\system32\drivers\ksecdd.sys
2009-10-14 11:09 . 2009-06-15 14:53 72704 —-a-w- c:\windows\system32\secur32.dll
2009-10-14 11:09 . 2009-06-15 14:53 270848 —-a-w- c:\windows\system32\schannel.dll
2009-10-14 11:09 . 2009-06-15 12:48 9728 —-a-w- c:\windows\system32\lsass.exe
2009-10-14 11:07 . 2009-10-14 12:11 ——– d—–w- c:\users\user\AppData\Local\Google
2009-10-14 11:01 . 2008-10-16 21:13 1809944 —-a-w- c:\windows\system32\wuaueng.dll
2009-10-14 11:01 . 2008-10-16 21:09 51224 —-a-w- c:\windows\system32\wuauclt.exe
2009-10-14 11:01 . 2008-10-16 21:09 43544 —-a-w- c:\windows\system32\wups2.dll
2009-10-14 11:01 . 2008-10-16 20:56 1524736 —-a-w- c:\windows\system32\wucltux.dll
2009-10-14 11:01 . 2008-10-16 12:08 162064 —-a-w- c:\windows\system32\wuwebv.dll
2009-10-14 11:01 . 2008-10-16 11:56 31232 —-a-w- c:\windows\system32\wuapp.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-15 16:11 . 2009-06-09 02:35 12 —-a-w- c:\windows\bthservsdp.dat
2009-10-15 16:08 . 2009-06-09 15:54 ——– d—–w- c:\programdata\Partner
2009-10-15 02:01 . 2009-06-25 07:39 ——– d—–w- c:\programdata\NVIDIA
2009-10-15 01:55 . 2006-11-02 12:37 ——– d—–w- c:\program files\Windows Calendar
2009-10-15 01:55 . 2006-11-02 11:18 ——– d—–w- c:\program files\Windows Mail
2009-10-15 01:55 . 2006-11-02 12:37 ——– d—–w- c:\program files\Windows Sidebar
2009-10-15 01:55 . 2006-11-02 12:37 ——– d—–w- c:\program files\Windows Journal
2009-10-15 01:55 . 2006-11-02 12:37 ——– d—–w- c:\program files\Windows Collaboration
2009-10-15 01:55 . 2006-11-02 12:37 ——– d—–w- c:\program files\Windows Photo Gallery
2009-10-15 01:55 . 2006-11-02 12:37 ——– d—–w- c:\program files\Windows Defender
2009-10-15 01:28 . 2009-06-09 21:29 ——– d—–w- c:\program files\lg_swupdate
2009-09-14 09:29 . 2009-10-14 11:08 144896 —-a-w- c:\windows\system32\drivers\srv2.sys
2009-09-11 05:26 . 2009-09-11 05:26 95896 —-a-w- c:\windows\system32\drivers\epfwwfpr.sys
2009-09-11 05:23 . 2009-09-11 05:23 108792 —-a-w- c:\windows\system32\drivers\ehdrv.sys
2009-09-11 05:17 . 2009-09-11 05:17 116008 ——w- c:\windows\system32\drivers\eamon.sys
2009-09-10 16:48 . 2009-10-14 11:08 218624 —-a-w- c:\windows\system32\msv1_0.dll
2009-09-04 11:41 . 2009-10-14 11:08 60928 —-a-w- c:\windows\system32\msasn1.dll
2009-08-27 05:22 . 2009-10-14 11:38 916480 —-a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-14 11:38 71680 —-a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-14 11:38 109056 —-a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-14 11:38 133632 —-a-w- c:\windows\system32\ieUnatt.exe
2009-08-21 18:24 . 2009-08-21 18:24 66592 —-a-w- c:\windows\system32\drivers\nvhda32v.sys
2009-08-21 18:23 . 2009-08-21 18:23 57344 —-a-w- c:\windows\system32\nvapo32v.dll
2009-08-21 18:23 . 2009-08-21 18:23 19456 —-a-w- c:\windows\system32\nvhdap32.dll
2009-08-20 17:18 . 2009-06-09 15:45 155648 —-a-w- c:\windows\system32\nvcohda.dll
2009-08-20 17:18 . 2009-08-20 17:18 485920 —-a-w- c:\windows\system32\nvuhda.exe
2009-08-20 17:18 . 2009-06-25 07:37 485920 —-a-w- c:\windows\system32\NVUNINST.EXE
2009-08-14 16:27 . 2009-10-14 11:08 904776 —-a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-10-14 11:08 17920 —-a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-10-14 11:08 9728 —-a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-10-14 11:08 17920 —-a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-10-14 11:08 11264 —-a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-10-14 11:08 27136 —-a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-10-14 11:08 8704 —-a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-10-14 11:08 19968 —-a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-10-14 11:08 10240 —-a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-10-14 11:08 30720 —-a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-10-14 11:08 105984 —-a-w- c:\windows\system32\netiohlp.dll
2009-08-06 18:24 . 2009-08-06 18:24 104584 —-a-w- c:\users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-04 12:34 . 2009-10-14 11:08 3600456 —-a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-04 12:34 . 2009-10-14 11:08 3548216 —-a-w- c:\windows\system32\ntoskrnl.exe
2009-08-03 11:54 . 2009-08-03 11:54 569856 —-a-w- c:\windows\system32\drivers\netr28.sys
2009-08-03 11:50 . 2009-08-03 11:50 221184 —-a-w- c:\windows\system32\RaCoInst.dll
2009-08-03 11:50 . 2009-08-03 11:50 13931 —-a-w- c:\windows\system32\RaCoInst.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-09 39408]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2009-04-11 2153472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"zOSD"="c:\program files\LG Software\LG OSD\HotKey.exe" [2009-05-13 3166208]
"KeybdUtility"="c:\program files\LG Software\LG OSD\HotKey.exe" [2009-05-13 3166208]
"LG Magnifier"="c:\program files\LG Software\LG Magnifier\MagnifyingGlass.exe" [2008-05-20 144688]
"LGSR_Menu"="c:\program files\LG Software\LG Smart Recovery\MUITransfer\MUIStartMenu.exe" [2008-09-24 210216]
"LG Intelligent Update"="c:\program files\lg_swupdate\giljabistart.exe" [2009-02-16 304432]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-05-07 7227936]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-04-27 186904]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2009-03-09 33304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-08 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-08 92704]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-09-11 2054360]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-07 1833504]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-10-2 727592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Agnitum\OUTPOS~1\wl_hook.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):3d,34,47,41,3b,4d,ca,01
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1C80DDF6-21DA-4CE0-906B-9878A4F960D1}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
R0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\System32\drivers\iaNvStor.sys [6/9/2009 5:45 PM 229400]
R1 afw;Agnitum Firewall Driver;c:\windows\System32\drivers\afw.sys [10/15/2009 1:08 AM 29208]
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [9/11/2009 7:23 AM 108792]
R1 SandBox;SandBox;c:\windows\System32\drivers\SandBox.sys [10/15/2009 1:10 AM 704384]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [10/15/2009 1:08 AM 1195008]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [9/11/2009 7:24 AM 735960]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [9/11/2009 7:26 AM 95896]
R3 afwcore;afwcore;c:\windows\System32\drivers\afwcore.sys [10/15/2009 1:10 AM 307224]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\System32\drivers\netr28.sys [8/3/2009 1:54 PM 569856]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [8/21/2009 8:24 PM 66592]
S3 AVer8G54;AVerMedia A855 II BDA Digital Tuner;c:\windows\System32\drivers\AVer8G54.sys [7/10/2009 1:05 AM 47104]
S3 wsvd;wsvd;c:\windows\System32\drivers\wsvd.sys [5/26/2008 8:54 PM 81704]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
——- Supplementary Scan ——-
.
uStart Page = hxxp://www.lge.com
mStart Page = hxxp://www.lge.com
IE: Send image to &Bluetooth Device… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {640D2B37-D923-4A58-9E16-C45D498929C7} = 129.125.36.9,129.125.4.13
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\lv2mz8c9.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-15 19:19
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
——————— DLLs Loaded Under Running Processes ———————
- - - - - - - > 'Explorer.exe'(3736)
c:\windows\system32\btmmhook.dll
.
Completion time: 2009-10-15 19:20
ComboFix-quarantined-files.txt 2009-10-15 17:20
Pre-Run: 205,704,019,968 bytes free
Post-Run: 205,817,556,992 bytes free
211 — E O F — 2009-10-15 14:54
Groetjes Niels - Hallo Nacho, die installatie is gepaard gegaan met een formatering!
Dus is het een schone installatie geworden.
En iik zie, dat ServicePack 2 nu ook geïnstalleerd is.
Ik kan concluderen, dat het er nu prima uitziet.
Ook het gegeven dat je de Outpost Firewal van Agnitum nu gebruikt, is goed.
Heb je overigens middels het Beveiligscentrum gecontroleerd, of de Windows firewall nu is uitgegeschakeld?
Zoniet, typ dan in de zoekregel [b:7306eda60e]services.msc[/b:7306eda60e] en schakel daar de Windows Firewall op uitgeschakeld! Vegeet dan ook niet de knop [b:7306eda60e]Stoppen[/b:7306eda60e] aan te klikken!
Overigens denk ik, dat je niet eerder zo'n snelle Vista hebt gehad! - [quote:c1d1d4d80b="Abraham54"]Hallo Nacho, ik heb een heel vervelende mededeling voor je: in jouw Windows zit het polymorfe virus Virut.[/quote:c1d1d4d80b] Nog even gewoon uit nieuwsgierigheid : waar zat dan dat Virut-virus ?
- @ Abraham: Kan je mij eens vertellen waaruit jij concludeert dat het een virut infectie is, want ik mis iets blijkbaar na analyzeren van de logs.
Emphyrio - Even aansluitend bij de vorige sprekers, ik zie ook geen virut infectie terug in de logjes. Wellicht kan A54 even vertellen waar hij dit ziet ?
- Vind de vraag van de 3 experts een beetje flauw. Zelf reageren ze amper op de enorme vraag om HIjT-logproblemen te verhelpen. Ik vind dat Abraham54 gewoon zijn best doet om zoveel mogelijk problemen op te lossen. :o
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.
