Nieuwe combo logje met HijackThis logje:
ComboFix 11-02-26.01 - vanzanten 27-02-2011 15:39:05.3.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3071.2122
Gestart vanuit: c:\users\vanzanten\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\vanzanten\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
FILE ::
“c:\users\vanzanten\AppData\Local\Temp\kgncypod.sys”
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-01-27 to 2011-02-27 ))))))))))))))))))))))))))))))
.
2011-02-27 14:43 . 2011-02-27 14:43 ——– d—–w- c:\users\Public\AppData\Local\temp
2011-02-27 14:43 . 2011-02-27 14:43 ——– d—–w- c:\users\Default\AppData\Local\temp
2011-02-26 20:33 . 2011-02-26 20:33 13824 —h–w- c:\users\vanzanten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\license.dll
2011-02-26 16:00 . 2011-02-26 16:00 ——– d—–w- c:\users\vanzanten\AppData\Roaming\aliasworlds
2011-02-26 16:00 . 2011-02-26 16:00 ——– d—–w- c:\programdata\aliasworlds
2011-02-26 15:56 . 2011-02-27 13:45 16384 —-a-w- c:\users\vanzanten\AppData\Roaming\Tmp8120.com
2011-02-26 15:56 . 2011-02-26 15:56 618496 —-a-w- c:\users\vanzanten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tmp8120.com
2011-02-25 08:20 . 2011-02-11 06:54 5943120 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72AB57AA-C1B7-4B91-91C5-84A45F245011}\mpengine.dll
2011-02-23 08:59 . 2011-02-23 08:59 ——– d—–w- c:\windows\system32\SPReview
2011-02-23 08:57 . 2010-11-05 01:58 1130824 —-a-w- c:\windows\system32\dfshim.dll
2011-02-23 08:57 . 2010-11-20 12:21 11776 —-a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2011-02-23 08:57 . 2010-11-20 10:24 52224 —-a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2011-02-23 08:57 . 2010-11-20 12:19 3215872 —-a-w- c:\windows\system32\mstscax.dll
2011-02-23 08:55 . 2010-11-20 12:29 194432 —-a-w- c:\windows\system32\halmacpi.dll
2011-02-23 08:54 . 2010-11-20 12:21 351232 —-a-w- c:\windows\system32\wmicmiplugin.dll
2011-02-23 08:54 . 2010-11-20 12:21 780288 —-a-w- c:\windows\system32\wbem\wbemcore.dll
2011-02-23 08:54 . 2010-11-20 12:21 363008 —-a-w- c:\windows\system32\wbemcomn.dll
2011-02-23 08:54 . 2010-11-20 12:19 606208 —-a-w- c:\windows\system32\wbem\fastprox.dll
2011-02-23 08:54 . 2010-11-20 12:21 697344 —-a-w- c:\windows\system32\SmiEngine.dll
2011-02-23 08:54 . 2010-11-20 12:21 189952 —-a-w- c:\windows\system32\wdscore.dll
2011-02-23 08:54 . 2010-11-20 12:17 209920 —-a-w- c:\windows\system32\PkgMgr.exe
2011-02-23 08:54 . 2010-11-20 12:18 323072 —-a-w- c:\windows\system32\drvstore.dll
2011-02-23 08:54 . 2010-11-20 12:18 257024 —-a-w- c:\windows\system32\dpx.dll
2011-02-23 08:41 . 2011-01-07 07:46 870912 —-a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 08:41 . 2011-01-07 07:46 288256 —-a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-23 08:41 . 2011-01-17 05:47 161792 —-a-w- c:\windows\system32\d3d10_1.dll
2011-02-22 12:14 . 2011-02-22 12:14 ——– d—–w- c:\programdata\Playrix Entertainment
2011-02-22 12:13 . 2011-02-22 12:14 ——– d—–w- c:\program files\Farmscapes Collector's Edition
2011-02-09 09:02 . 2011-01-05 03:51 2330624 —-a-w- c:\windows\system32\win32k.sys
2011-02-09 09:02 . 2010-12-17 07:07 542208 —-a-w- c:\windows\system32\kerberos.dll
2011-02-09 09:02 . 2011-01-05 05:55 428032 —-a-w- c:\windows\system32\vbscript.dll
2011-02-09 09:02 . 2011-01-07 06:01 1638912 —-a-w- c:\windows\system32\mshtml.tlb
2011-02-09 09:02 . 2011-01-07 07:45 34304 —-a-w- c:\windows\system32\atmlib.dll
2011-02-09 09:02 . 2011-01-07 05:43 294400 —-a-w- c:\windows\system32\atmfd.dll
2011-02-09 09:02 . 2010-09-30 06:47 70656 —-a-w- c:\windows\system32\fontsub.dll
2011-02-09 09:02 . 2011-02-03 05:54 219008 —-a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-09 09:02 . 2010-11-20 12:29 728448 —-a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-02-09 09:02 . 2010-11-20 11:56 107520 —-a-w- c:\windows\system32\cdd.dll
2011-02-07 09:25 . 2011-02-27 14:01 ——– d—–w- c:\users\vanzanten\AppData\Roaming\Nikon
2011-02-07 09:23 . 2011-02-07 09:23 ——– d—–w- c:\programdata\Ultima_T15
2011-02-07 09:23 . 2011-02-07 09:23 ——– d—–w- c:\programdata\EnterNHelp
2011-02-03 15:19 . 2011-02-03 15:19 ——– d—–w- c:\programdata\Fenomen Games
2011-02-03 15:12 . 2011-02-03 15:13 ——– d—–w- c:\program files\Great Adventures - Lost in Mountains
2011-01-30 14:14 . 2011-01-30 14:14 ——– d—–w- c:\users\vanzanten\AppData\Roaming\DivoGames
2011-01-30 13:57 . 2011-01-30 13:57 103864 —-a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-01-30 13:57 . 2011-01-30 13:57 103864 —-a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-23 09:03 . 2009-07-14 02:05 152576 —-a-w- c:\windows\system32\msclmd.dll
2011-02-07 09:23 . 2003-03-18 17:05 106496 —-a-w- c:\windows\system32\ATL71.DLL
2011-02-02 16:11 . 2009-10-09 15:46 222080 ——w- c:\windows\system32\MpSigStub.exe
2010-12-20 17:09 . 2009-10-18 07:37 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2009-10-18 07:37 20952 —-a-w- c:\windows\system32\drivers\mbam.sys
2010-12-02 14:18 . 2010-12-06 14:00 1912297 —-a-w- c:\windows\system32\nfsXmasTree.scr
2010-12-02 08:46 . 2010-12-06 13:58 2655898 —-a-w- c:\windows\system32\nfsXmasCandles.scr
2010-12-01 09:55 . 2010-12-06 13:59 7833398 —-a-w- c:\windows\system32\nfsXmasReflection.scr
2010-12-01 09:51 . 2010-12-06 13:59 3717739 —-a-w- c:\windows\system32\nfsXmasonBeach.scr
2010-12-01 08:56 . 2010-12-06 13:58 1658393 —-a-w- c:\windows\system32\nfsCandles.scr
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
@=“{08244EE6-92F0-47f2-9FC9-929BAA2E7235}”
2010-11-20 12:20 442880 —-a-w- c:\windows\System32\ntshrui.dll
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe”
“RtHDVCpl”=“c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe”
“CLMLServer”=“c:\program files\CyberLink\Power2Go\CLMLSvc.exe”
“HP Software Update”=“c:\program files\HP\HP Software Update\HPWuSchd2.exe”
“Malwarebytes Anti-Malware (reboot)”=“c:\program files\Malwarebytes' Anti-Malware\mbam.exe”
“VirtualCloneDrive”=“c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe”
“QuickTime Task”=“c:\program files\QuickTime\QTTask.exe”
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“egui”=“c:\program files\ESET\ESET NOD32 Antivirus\egui.exe”
“Malwarebytes' Anti-Malware (reboot)”=“c:\program files\Malwarebytes' Anti-Malware\mbam.exe”
c:\users\vanzanten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
license.dll
Tmp8120.com
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE
“ConsentPromptBehaviorAdmin”= 5 (0x5)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableUIADesktopToggle”= 0 (0x0)
@=“Service”
@=“Service”
@=“Service”
@=“Service”
@=“Service”
@=“Service”
@=“Service”
@=“Service”
@=“Service”
@=“Service”
@=“Service”
@=“Driver”
@=“Driver”
@=“Service”
@=“Service”
@=“IEEE 1394 Bus host controllers”
@=“SBP2 IEEE 1394 Devices”
@=“SecurityDevices”
“egui”=“c:\program files\ESET\ESET NOD32 Antivirus\egui.exe” /hide /waitservice
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe
R2 MMCSS;Multimedia Class Scheduler;c:\windows\system32\svchost.exe
R2 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe
R3 AcpiPmi;Stuurprogramma voor ACPI-compatibele energiemeter;c:\windows\system32\drivers\acpipmi.sys
R3 adp94xx;adp94xx;c:\windows\system32\DRIVERS\adp94xx.sys
R3 adpahci;adpahci;c:\windows\system32\DRIVERS\adpahci.sys
R3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys
R3 amdsbs;amdsbs;c:\windows\system32\DRIVERS\amdsbs.sys
R3 AppID;AppID-stuurprogramma;c:\windows\system32\drivers\appid.sys
R3 AppIDSvc;Application Identity;c:\windows\system32\svchost.exe
R3 arcsas;arcsas;c:\windows\system32\DRIVERS\arcsas.sys
R3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\DRIVERS\bxvbdx.sys
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys
R3 BDESVC;BitLocker Drive Encryption Service;c:\windows\System32\svchost.exe
R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\DRIVERS\BrFiltLo.sys
R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\DRIVERS\BrFiltUp.sys
R3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\Drivers\Brserid.sys
R3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\Drivers\BrSerWdm.sys
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\Drivers\BrUsbMdm.sys
R3 CertPropSvc;Certificate Propagation;c:\windows\system32\svchost.exe
R3 circlass;Consumer IR Devices;c:\windows\system32\DRIVERS\circlass.sys
R3 DCamUSBDigitalCamera;Digital Camera;c:\windows\system32\Drivers\mpixvid.sys
R3 defragsvc;Disk Defragmenter;c:\windows\system32\svchost.exe
R3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\DRIVERS\evbdx.sys
R3 elxstor;elxstor;c:\windows\system32\DRIVERS\elxstor.sys
R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys
R3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys
R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys
R3 HpSAMD;HpSAMD;c:\windows\system32\drivers\HpSAMD.sys
R3 iaStorV;Intel RAID Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys
R3 IPBusEnum;PnP-X IP Bus Enumerator;c:\windows\system32\svchost.exe
R3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys
R3 iScsiPrt;iScsiPort-stuurprogramma;c:\windows\system32\drivers\msiscsi.sys
R3 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\System32\svchost.exe
R3 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\System32\svchost.exe
R3 LSI_FC;LSI_FC;c:\windows\system32\DRIVERS\lsi_fc.sys
R3 LSI_SAS;LSI_SAS;c:\windows\system32\DRIVERS\lsi_sas.sys
R3 LSI_SAS2;LSI_SAS2;c:\windows\system32\DRIVERS\lsi_sas2.sys
R3 LSI_SCSI;LSI_SCSI;c:\windows\system32\DRIVERS\lsi_scsi.sys
R3 megasas;megasas;c:\windows\system32\DRIVERS\megasas.sys
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\7DF5.tmp
R3 mpio;Stuurprogramma voor Microsoft mulitpad bus;c:\windows\system32\drivers\mpio.sys
R3 msahci;msahci;c:\windows\system32\drivers\msahci.sys
R3 msdsm;Specifieke module voor Microsoft multipadapparaat;c:\windows\system32\drivers\msdsm.sys
R3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys
R3 MSiSCSI;Microsoft iSCSI Initiator Service;c:\windows\system32\svchost.exe
R3 MsRPC;MsRPC;
R3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\DRIVERS\MTConfig.sys
R3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys
R3 nfrd960;nfrd960;c:\windows\system32\DRIVERS\nfrd960.sys
R3 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys
R3 pla;Performance Logs & Alerts;c:\windows\System32\svchost.exe
R3 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\System32\svchost.exe
R3 ql2300;ql2300;c:\windows\system32\DRIVERS\ql2300.sys
R3 ql40xx;ql40xx;c:\windows\system32\DRIVERS\ql40xx.sys
R3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\DRIVERS\rdpbus.sys
R3 scfilter;Klassefilterstuurprogramma voor smartcard-PnP;c:\windows\system32\DRIVERS\scfilter.sys
R3 SCPolicySvc;Smart Card Removal Policy;c:\windows\system32\svchost.exe
R3 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe
R3 SensrSvc;Adaptive Brightness;c:\windows\system32\svchost.exe
R3 SessionEnv;Remote Desktop Configuration;c:\windows\System32\svchost.exe
R3 sffp_mmc;Stuurprogramma volgens SFF-opslagprotocol voor MMC;c:\windows\system32\drivers\sffp_mmc.sys
R3 SiSRaid4;SiSRaid4;c:\windows\system32\DRIVERS\sisraid4.sys
R3 Smb;Bericht-georiënteerd TCP/IP- en TCP/IPv6-protocol (SMB-sessie);c:\windows\system32\DRIVERS\smb.sys
R3 sppuinotify;SPP Notification Service;c:\windows\system32\svchost.exe
R3 stexstor;stexstor;c:\windows\system32\DRIVERS\stexstor.sys
R3 TabletInputService;Tablet PC Input Service;c:\windows\System32\svchost.exe
R3 TBS;TPM Base Services;c:\windows\System32\svchost.exe
R3 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe
R3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe
R3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 UI0Detect;Interactive Services Detection;c:\windows\system32\UI0Detect.exe
R3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\drivers\uliagpkx.sys
R3 usbcir;eHome-infraroodontvanger (USBCIR);c:\windows\system32\drivers\usbcir.sys
R3 VaultSvc;Credential Manager;c:\windows\system32\lsass.exe
R3 vhdmp;vhdmp;c:\windows\system32\drivers\vhdmp.sys
R3 ViaC7;VIA C7 Processor Driver;c:\windows\system32\DRIVERS\viac7.sys
R3 vsmraid;vsmraid;c:\windows\system32\DRIVERS\vsmraid.sys
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe
R3 wbengine;Block Level Backup Engine Service;c:\windows\system32\wbengine.exe
R3 WbioSrvc;Windows Biometric Service;c:\windows\system32\svchost.exe
R3 wcncsvc;Windows Connect Now - Config Registrar;c:\windows\System32\svchost.exe
R3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe
R3 Wd;Wd;c:\windows\system32\DRIVERS\wd.sys
R3 WdiSystemHost;Diagnostic System Host;c:\windows\System32\svchost.exe
R3 Wecsvc;Windows Event Collector;c:\windows\system32\svchost.exe
R3 wercplsupport;Problem Reports and Solutions Control Panel Support;c:\windows\System32\svchost.exe
R3 WerSvc;Windows Error Reporting Service;c:\windows\System32\svchost.exe
R3 WIMMount;WIMMount;c:\windows\system32\drivers\wimmount.sys
R3 WinRM;Windows Remote Management (WS-Management);c:\windows\System32\svchost.exe
R3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe
R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys
R3 WwanSvc;WWAN AutoConfig;c:\windows\system32\svchost.exe
R4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe
R4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe
R4 Mcx2Svc;Media Center Extender Service;c:\windows\system32\svchost.exe
S0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys
S0 CLFS;Common Log (CLFS);c:\windows\System32\CLFS.sys
S0 CNG;CNG;c:\windows\System32\Drivers\cng.sys
S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys
S0 fvevol;Filterstuurprogramma Bitlocker-stationsvergrendeling;c:\windows\System32\DRIVERS\fvevol.sys
S0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys
S0 KSecPkg;KSecPkg;c:\windows\System32\Drivers\ksecpkg.sys
S0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys
S0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys
S0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys
S0 spldr;Security Processor Loader Driver;
S0 vdrvroot;Microsoft Virtual Drive Enumerator-stuurprogramma;c:\windows\system32\drivers\vdrvroot.sys
S0 volmgr;Stuurprogramma voor Volumebeheer;c:\windows\system32\drivers\volmgr.sys
S0 volmgrx;Dynamisch Volumebeheer;c:\windows\System32\drivers\volmgrx.sys
S1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys
S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys
S1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys
S1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys
S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys
S1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys
S1 tdx;Stuurprogramma voor ondersteuning van NetIO Legacy TDI;c:\windows\system32\DRIVERS\tdx.sys
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys
S1 Wanarpv6;IPv6 ARP-stuurprogramma voor externe toegang;c:\windows\system32\DRIVERS\wanarp.sys
S1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys
S2 AudioEndpointBuilder;Windows Audio Endpoint Builder;c:\windows\System32\svchost.exe
S2 BFE;Base Filtering Engine;c:\windows\system32\svchost.exe
S2 DPS;Diagnostic Policy Service;c:\windows\System32\svchost.exe
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys
S2 FDResPub;Function Discovery Resource Publication;c:\windows\system32\svchost.exe
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe
S2 gpsvc;Group Policy Client;c:\windows\system32\svchost.exe
S2 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe
S2 iphlpsvc;IP Helper;c:\windows\System32\svchost.exe
S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys
S2 luafv;Virtualisatie van UAC-bestanden;c:\windows\system32\drivers\luafv.sys
S2 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe
S2 NlaSvc;Network Location Awareness;c:\windows\System32\svchost.exe
S2 nsi;Network Store Interface Service;c:\windows\system32\svchost.exe
S2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys
S2 Power;Power;c:\windows\system32\svchost.exe
S2 ProfSvc;User Profile Service;c:\windows\system32\svchost.exe
S2 RpcEptMapper;RPC Endpoint Mapper;c:\windows\system32\svchost.exe
S2 SysMain;Superfetch;c:\windows\system32\svchost.exe
S2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys
S2 UxSms;Desktop Window Manager Session Manager;c:\windows\System32\svchost.exe
S2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe
S2 Wlansvc;WLAN AutoConfig;c:\windows\system32\svchost.exe
S3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\system32\drivers\1394ohci.sys
S3 Appinfo;Application Information;c:\windows\system32\svchost.exe
S3 bowser;Stuurprogramma voor browserondersteuning;c:\windows\system32\DRIVERS\bowser.sys
S3 CompositeBus;Stuurprogramma voor Composite Bus Enumerator;c:\windows\system32\drivers\CompositeBus.sys
S3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys
S3 fdPHost;Function Discovery Provider Host;c:\windows\system32\svchost.exe
S3 HomeGroupListener;HomeGroup Listener;c:\windows\System32\svchost.exe
S3 HomeGroupProvider;HomeGroup Provider;c:\windows\System32\svchost.exe
S3 KeyIso;CNG Key Isolation;c:\windows\system32\lsass.exe
S3 monitor;Microsoft Monitor Class Function Driver-service;c:\windows\system32\DRIVERS\monitor.sys
S3 mpsdrv;Autorisatiestuurprogramma van Windows Firewall;c:\windows\system32\drivers\mpsdrv.sys
S3 mrxsmb10;SMB 1.x mini-redirector;c:\windows\system32\DRIVERS\mrxsmb10.sys
S3 mrxsmb20;SMB 2.0 mini-redirector;c:\windows\system32\DRIVERS\mrxsmb20.sys
S3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys
S3 netprofm;Network List Service;c:\windows\System32\svchost.exe
S3 netr28u;Stuurprogramma voor RT2870 USB draadloze LAN-kaart voor Vista;c:\windows\system32\DRIVERS\netr28u.sys
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys
S3 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe
S3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys
S3 srv2;Stuurprogramma Server SMB 2.xxx;c:\windows\system32\DRIVERS\srv2.sys
S3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys
S3 tunnel;Stuurprogramma voor Microsoft IPv6 Tunnel-minipoortadapter;c:\windows\system32\DRIVERS\tunnel.sys
S3 umbus;UMBus Enumerator-stuurprogramma;c:\windows\system32\drivers\umbus.sys
S3 vwifibus;Stuurprogramma voor Virtual WiFi-bus;c:\windows\system32\DRIVERS\vwifibus.sys
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys
S3 WdiServiceHost;Diagnostic Service Host;c:\windows\System32\svchost.exe
S3 WPDBusEnum;Portable Device Enumerator Service;c:\windows\system32\svchost.exe
— Andere Services/Drivers In Geheugen —
*Deregistered* - eamon
*Deregistered* - easdrv
*Deregistered* - epfwtdir
RPCSS REG_MULTI_SZ RpcEptMapper RpcSs
defragsvc REG_MULTI_SZ defragsvc
WerSvcGroup REG_MULTI_SZ wersvc
LocalServiceNoNetwork REG_MULTI_SZ DPS PLA BFE mpssvc WwanSvc
swprv REG_MULTI_SZ swprv
LocalServicePeerNet REG_MULTI_SZ PNRPSvc p2pimsvc p2psvc PnrpAutoReg
NetworkServiceAndNoImpersonation REG_MULTI_SZ KtmRm
regsvc REG_MULTI_SZ RemoteRegistry
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent
sdrsvc REG_MULTI_SZ sdrsvc
WbioSvcGroup REG_MULTI_SZ WbioSrvc
wcssvc REG_MULTI_SZ WcsPlugInService
AxInstSVGroup REG_MULTI_SZ AxInstSV
secsvcs REG_MULTI_SZ WinDefend
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted
homegrouplistener
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
WdiServiceHost
sppuinotify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService
lanmanworkstation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
BthHFSrv
homegroupprovider
.
Inhoud van de ‘Gedeelde Taken’ map
2011-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe
2011-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://fazantje.onzestart.nl/
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\vanzanten\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: {928BDF55-302B-4227-8C6A-9D6065F134DC} = 192.168.2.1
FF - ProfilePath - c:\users\vanzanten\AppData\Roaming\Mozilla\Firefox\Profiles\bjpizzn2.default\
FF - prefs.js: browser.startup.homepage - hxxp://fazantje.onzestart.nl/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Woordenboek Nederlands: nl-NL@dictionaries.addons.mozilla.org - %profile%\extensions\nl-NL@dictionaries.addons.mozilla.org
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-27 15:43
Windows 6.1.7601 Service Pack 1 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-27 15:43
Windows 6.1.7601 Service Pack 1 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-27 15:43
Windows 6.1.7601 Service Pack 1 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-27 15:43
Windows 6.1.7601 Service Pack 1 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-27 15:44
Windows 6.1.7601 Service Pack 1 NTFS
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden:
**************************************************************************
“ImagePath”=“\??\c:\windows\system32\7DF5.tmp”
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2011-02-27 15:45:37
ComboFix-quarantined-files.txt 2011-02-27 14:45
ComboFix2.txt 2011-02-27 12:12
ComboFix3.txt 2010-09-01 09:49
Pre-Run: 258.846.244.864 bytes beschikbaar
Post-Run: 258.801.594.368 bytes beschikbaar
- - End Of File - - 73F5AE71CE2069537EADB530AF1D927B
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:47:53, on 27-2-2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fazantje.onzestart.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: “C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe”
O4 - HKLM\..\Run: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: “C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe” /runcleanupscript
O4 - HKLM\..\Run: “C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe” /s
O4 - HKLM\..\Run: “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe” /hide /waitservice
O4 - HKLM\..\Run: “C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe” /runcleanupscript
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: license.dll
O4 - Startup: Tmp8120.com
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\vanzanten\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O15 - Trusted IP range: http://192.168.2.1
O15 - ESC Trusted IP range: http://192.168.2.1
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/nl-nl/wlscctrl2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{928BDF55-302B-4227-8C6A-9D6065F134DC}: NameServer = 192.168.2.1
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
–
End of file - 5657 bytes
Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
