Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
Rob26
Heb de voorafgaandelijke procedure voor dit euvel doorlopen. Het probleem is iets verbeterd dwz dat nu en dan het CPU-gebruik afneemt en de bezetting van het RAM-geheugen niet overbelast is doch de PC blijft traag.
Ziehier de logjes:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Rob at 7:05:17 on 2011-10-04
Microsoft Windows 7 Professional 6.1.7601.1.1252.32.1043.18.2046.435
.
AV: G Data InternetSecurity 2011 ComputerIdee Edition *Enabled/Outdated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: STOPzilla Anti-Spyware *Disabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
FW: G Data Persoonlijke Firewall *Enabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
.
============== Running Processes ===============
.
Z:\Windows\system32\wininit.exe
Z:\Windows\system32\lsm.exe
Z:\Windows\system32\svchost.exe -k DcomLaunch
Z:\Windows\system32\svchost.exe -k RPCSS
Z:\Program Files\Common Files\G Data\GDScan\GDScan.exe
Z:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
Z:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Z:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
Z:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Z:\Windows\system32\svchost.exe -k netsvcs
Z:\Windows\system32\svchost.exe -k LocalService
Z:\Windows\system32\svchost.exe -k NetworkService
Z:\Windows\System32\spoolsv.exe
Z:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Z:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
Z:\Windows\system32\taskhost.exe
Z:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
Z:\Program Files\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
Z:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
Z:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
Z:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
Z:\Program Files\Bonjour\mDNSResponder.exe
Z:\Program Files\Ashampoo\Ashampoo HDD Control 2\DfSdkS.exe
Z:\Program Files\Pogoplug\dokanmnt.exe
Z:\Program Files\Pogoplug\HBPLUG\HBADMIN.exe
Z:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
Z:\Program Files\LogMeIn\x86\RaMaint.exe
Z:\Program Files\LogMeIn\x86\LogMeIn.exe
Z:\Windows\system32\svchost.exe -k imgsvc
Z:\Program Files\Multifunctional Wireless Mouse Driver\UsbglcsSrv.exe
Z:\Windows\system32\Dwm.exe
Z:\Program Files\Xobni\XobniService.exe
Z:\Windows\Explorer.EXE
Z:\Program Files\Common Files\Java\Java Update\jusched.exe
Z:\Program Files\LogMeIn\x86\LogMeInSystray.exe
Z:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
Z:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
Z:\Program Files\Multifunctional Wireless Mouse Driver\StartMonitor.exe
Z:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
Z:\Program Files\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Guard.exe
Z:\Program Files\Multifunctional Wireless Mouse Driver\KMProcess.exe
Z:\Program Files\Windows Sidebar\sidebar.exe
Z:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
Z:\Program Files\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe
Z:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
Z:\Program Files\SoMud\somud.exe
Z:\Windows\system32\wbem\wmiprvse.exe
Z:\Users\Rob\AppData\Roaming\Dropbox\bin\Dropbox.exe
Z:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe
Z:\Windows\system32\SearchIndexer.exe
Z:\Windows\system32\wbem\unsecapp.exe
Z:\Program Files\Windows Media Player\wmpnetwk.exe
Z:\Program Files\STOPzilla!\STOPzilla.exe
Z:\Windows\System32\svchost.exe -k secsvcs
Z:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
Z:\Windows\ehome\ehRecvr.exe
Z:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE
Z:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
Z:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar =
uSearch Page =
uStart Page = hxxp://www.igoogle.com/
mSearch Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=google
mStart Page = hxxp://www.bigseekpro.com/somud/{1567948D-4E0F-4E2A-916B-A7C1F3E0768F}
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=980102ae00000000000000ffa56b342c&tlver=1.4.19.19&affID=17160
mURLSearchHooks: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - z:\program files\myashampoo\prxtbMyAs.dll
mURLSearchHooks: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - z:\program files\utorrentbar_nl\prxtbuTor.dll
BHO: G Data WebFilter: {0124123d-61b4-456f-af86-78c53a0790c5} - z:\program files\g data\internetsecurity\webfilter\AvkWebIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - z:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - z:\program files\conduitengine\prxConduitEngine.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - z:\progra~1\micros~1\office14\GROOVEEX.DLL
BHO: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - z:\program files\utorrentbar_nl\prxtbuTor.dll
BHO: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - z:\program files\myashampoo\prxtbMyAs.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - z:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - z:\progra~1\micros~1\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - z:\program files\java\jre6\bin\jp2ssv.dll
BHO: {e3215f20-3212-11d6-9f8b-00d0b743919d} - z:\program files\stopzilla!\sziebho.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - z:\program files\somud db toolbar\tbcore3.dll
TB: SoMud DB Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - z:\program files\somud db toolbar\tbcore3.dll
TB: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - z:\program files\myashampoo\prxtbMyAs.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - z:\program files\conduitengine\prxConduitEngine.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - z:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: G Data WebFilter: {0124123d-61b4-456f-af86-78c53a0790c5} - z:\program files\g data\internetsecurity\webfilter\AvkWebIE.dll
TB: uTorrentBar_NL Toolbar: {87775fdb-6972-41f9-ae51-8326e38cb206} - z:\program files\utorrentbar_nl\prxtbuTor.dll
uRun: z:\program files\windows sidebar\sidebar.exe /autoRun
uRun: z:\program files\ashampoo\ashampoo uninstaller 4\UIWatcher.exe
uRun: “z:\program files\somud\somud.exe” /bg
mRun: “z:\program files\common files\java\java update\jusched.exe”
mRun: “z:\program files\logmein\x86\LogMeInSystray.exe”
mRun: z:\program files\g data\internetsecurity\avktray\AVKTray.exe
mRun: z:\program files\g data\internetsecurity\firewall\GDFirewallTray.exe
mRun: “z:\program files\multifunctional wireless mouse driver\StartMonitor.exe” KMProcess.exe
mRun: “z:\program files\google\google desktop search\GoogleDesktop.exe” /startup
mRun: “z:\program files\ashampoo\ashampoo hdd control 2\AHDDC2_Guard.exe”
mRun: “z:\program files\malwarebytes' anti-malware\mbam.exe” /runcleanupscript
StartupFolder: z:\users\rob\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - z:\users\rob\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: z:\users\rob\appdata\roaming\micros~1\windows\startm~1\programs\startup\stardo~1.lnk - z:\program files\stardock\objectdockfree\ObjectDock.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Verzenden naar OneNote - z:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: Download Web &Images with SoMud - z:\program files\somud\scripts\ie\images-url.html
IE: Download with SoMud - z:\program files\somud\scripts\ie\link-url.html
IE: E&xporteren naar Microsoft Excel - z:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - z:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - z:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: dexia.be\www
Trusted Zone: isabel.be
Trusted Zone: kbc.be
Trusted Zone: kbcgroup.eu
Trusted Zone: cbc.be\cbc-pdf
Trusted Zone: cbc.be\cbconline
Trusted Zone: cbc.be\static
Trusted Zone: cbc.be\www
Trusted Zone: cbc.eu\www
Trusted Zone: isabel.be\*.IBS6
Trusted Zone: isabel.be\gotoIBS6
Trusted Zone: isabel.be\pki
Trusted Zone: isabel.be\www
Trusted Zone: isabel.eu\upgrade
Trusted Zone: isabel.eu\www
Trusted Zone: kbc.be\kbc-pdf
Trusted Zone: kbc.be\kbconline
Trusted Zone: kbc.be\static
Trusted Zone: kbc.be\www
Trusted Zone: kbc.com\www
Trusted Zone: kbc.eu\www
Trusted Zone: kbcam.be\www
Trusted Zone: kbcam.com\www
Trusted Zone: kbcbankingforbusiness.com\www
Trusted Zone: kbcgroup.eu\multimediafiles
Trusted Zone: kbcgroup.eu\www
Trusted Zone: kbcmerchantbanking.com\www
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 195.130.130.131 195.130.131.131
TCP: Interfaces\{40A6C006-E3E2-44A7-AB27-D8F7B3E74629} : DhcpNameServer = 8.8.8.8
TCP: Interfaces\{57B46B10-B601-463A-8398-0223F9098D06} : DhcpNameServer = 195.130.130.131 195.130.131.131
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - z:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
AppInit_DLLs: z:\progra~1\google\google~1\GO36F4~1.DLL
STS: ObjectDockShlExt Class: {1984d045-52cf-49cd-db77-08f378fea4db} - z:\program files\stardock\objectdockfree\ODMenu.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - z:\progra~1\micros~1\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 GDBehave;GDBehave;z:\windows\system32\drivers\GDBehave.sys
R0 szkg5;szkg5;z:\windows\system32\drivers\SZKG.sys
R0 szkgfs;szkgfs;z:\windows\system32\drivers\SZKGFS.sys
R1 GDMnIcpt;GDMnIcpt;z:\windows\system32\drivers\MiniIcpt.sys
R1 gdwfpcd;G DATA WFP CD;z:\windows\system32\drivers\gdwfpcd32.sys
R1 GRD;G Data Rootkit Detector Driver;z:\windows\system32\drivers\GRD.sys
R1 HookCentre;HookCentre;z:\windows\system32\drivers\HookCentre.sys
R2 AdobeARMservice;Adobe Acrobat Update Service;z:\program files\common files\adobe\arm\1.0\armsvc.exe
R2 AHDDC2;Ashampoo HDD Control 2 Service;z:\program files\ashampoo\ashampoo hdd control 2\AHDDC2_Service.exe
R2 AVKProxy;G Data AntiVirus Proxy;z:\program files\common files\g data\avkproxy\AVKProxy.exe
R2 AVKService;G Data Scheduler;z:\program files\g data\internetsecurity\avk\AVKService.exe
R2 AVKWCtl;G Data Bestandssysteembewaker;z:\program files\g data\internetsecurity\avk\AVKWCtl.exe
R2 DfSdkS;Defragmentation-Service;z:\program files\ashampoo\ashampoo hdd control 2\DfSdkS.exe
R2 DokanCEDriver;DokanCEDriver;z:\program files\pogoplug\dokance.sys
R2 DokanCEMounter;DokanCEMounter;z:\program files\pogoplug\dokanmnt.exe
R2 HBAdmin;HBAdmin;z:\program files\pogoplug\hbplug\hbadmin.exe
R2 LMIGuardianSvc;LMIGuardianSvc;z:\program files\logmein\x86\LMIGuardianSvc.exe
R2 LMIInfo;LogMeIn Kernel Information Provider;z:\program files\logmein\x86\rainfo.sys
R2 LMIRfsDriver;LogMeIn Remote File System Driver;z:\windows\system32\drivers\LMIRfsDriver.sys
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);z:\windows\system32\drivers\BrSerIb.sys
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);z:\windows\system32\drivers\BrUsbSIb.sys
R3 CMISTOR;CMIUCR.SYS CM320/CM220 Card Reader Driver;z:\windows\system32\drivers\cmiucr.SYS
R3 GDFwSvc;G Data Persoonlijke Firewall;z:\program files\g data\internetsecurity\firewall\GDFwSvc.exe
R3 GDPkIcpt;GDPkIcpt;z:\windows\system32\drivers\PktIcpt.sys
R3 GDScan;G Data Scanner;z:\program files\common files\g data\gdscan\GDScan.exe
R3 osppsvc;Office Software Protection Platform;z:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;z:\windows\system32\drivers\Ph3xIB32.sys
R3 usbglcs1100101;usbglcs1100101_Display;z:\windows\system32\drivers\usbglcs1100101.sys
R3 xcetap0;XCETAP0 Adapter;z:\windows\system32\drivers\xcetap0.sys
S0 is3srv;is3srv;z:\windows\system32\drivers\is3srv.sys
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;z:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 gupdate;Google Updateservice (gupdate);z:\program files\google\update\GoogleUpdate.exe
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;z:\windows\system32\drivers\b57nd60x.sys
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;z:\program files\google\google desktop search\GoogleDesktop.exe
S3 gupdatem;Google Update-service (gupdatem);z:\program files\google\update\GoogleUpdate.exe
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;z:\program files\microsoft office\office14\GROOVE.EXE
S3 StorSvc;Storage Service;z:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 TsUsbFlt;TsUsbFlt;z:\windows\system32\drivers\TsUsbFlt.sys
S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;z:\windows\system32\drivers\WSDPrint.sys
.
=============== Created Last 30 ================
.
2011-10-03 04:46:26 56200 —-a-w- z:\programdata\microsoft\windows defender\definition updates\{69564651-f6f9-45bd-bbf7-4a04895174fe}\offreg.dll
2011-10-02 07:32:14 ——– d—–w- z:\users\rob\appdata\roaming\Malwarebytes
2011-10-02 07:32:01 ——– d—–w- z:\programdata\Malwarebytes
2011-10-02 07:31:54 22216 —-a-w- z:\windows\system32\drivers\mbam.sys
2011-10-02 07:31:53 ——– d—–w- z:\program files\Malwarebytes' Anti-Malware
2011-10-01 11:18:40 388096 —-a-r- z:\users\rob\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-09-30 06:54:19 7269712 —-a-w- z:\programdata\microsoft\windows defender\definition updates\{69564651-f6f9-45bd-bbf7-4a04895174fe}\mpengine.dll
2011-09-28 12:38:18 ——– d—–w- z:\programdata\DroboPCBackup
2011-09-28 12:25:37 ——– d—–w- z:\users\rob\appdata\local\Drobo Dashboard
2011-09-28 12:25:31 ——– d—–w- z:\programdata\Drobo Dashboard
2011-09-28 11:21:17 ——– d—–w- z:\users\rob\appdata\local\Drobo
2011-09-28 11:20:06 ——– d—–w- z:\programdata\Drobo
2011-09-28 11:20:06 ——– d—–w- z:\program files\Drobo
2011-09-26 11:24:21 ——– d—–w- z:\users\rob\appdata\roaming\Ashampoo
2011-09-26 11:23:33 ——– d—–w- z:\users\rob\appdata\local\ashampoo
2011-09-25 13:59:09 119808 —-a-w- z:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2011-09-21 18:25:57 28160 —-a-w- z:\windows\system32\DfSdkBt.exe
2011-09-21 11:53:18 ——– d—–w- z:\program files\uTorrentBar_NL
2011-09-21 11:52:49 ——– d—–w- z:\program files\uTorrent
2011-09-21 11:51:38 ——– d—–w- z:\users\rob\appdata\roaming\uTorrent
2011-09-21 11:51:38 ——– d—–w- z:\users\rob\appdata\local\uTorrent
2011-09-17 17:18:28 ——– d—–w- z:\program files\TunnelBear
2011-09-05 18:09:35 48648 —-a-w- z:\programdata\microsoft\ehome\packages\mceclientux\updateablemarkup-2\Markup.dll
2011-09-05 18:09:33 704320 —-a-w- z:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight-2\SpotlightResources.dll
2011-09-05 11:17:43 ——– d—–w- z:\users\rob\appdata\local\KaDonk
2011-09-05 11:17:43 ——– d—–w- z:\programdata\KaDonk
2011-09-05 11:17:41 ——– d—–w- z:\users\rob\appdata\roaming\KaDonk
2011-09-05 10:28:40 ——– d—–w- z:\program files\KaDonk
2011-09-04 09:02:38 ——– d—–w- z:\program files\PlayReady
.
==================== Find3M ====================
.
2011-08-25 15:58:20 546256 —-a-r- z:\windows\system32\SZComp5.dll
2011-08-25 15:58:20 22992 —-a-r- z:\windows\system32\SZIO5.dll
2011-08-25 15:58:20 132560 —-a-r- z:\windows\system32\IS3HTUI5.dll
2011-08-25 15:58:18 99792 —-a-r- z:\windows\system32\IS3Svc5.dll
2011-08-25 15:58:18 99792 —-a-r- z:\windows\system32\IS3Inet5.dll
2011-08-25 15:58:18 67024 —-a-r- z:\windows\system32\IS3Hks5.dll
2011-08-25 15:58:18 456144 —-a-r- z:\windows\system32\SZBase5.dll
2011-08-25 15:58:18 398800 —-a-r- z:\windows\system32\IS3DBA5.dll
2011-08-25 15:58:18 28624 —-a-r- z:\windows\system32\IS3XDat5.dll
2011-08-25 15:58:16 738768 —-a-r- z:\windows\system32\IS3Base5.dll
2011-08-25 15:58:16 390608 —-a-r- z:\windows\system32\IS3UI5.dll
2011-08-25 15:58:16 230864 —-a-r- z:\windows\system32\IS3Win325.dll
2011-08-20 08:30:29 30416 —-a-w- z:\windows\system32\drivers\GRD.sys
2011-08-20 08:26:33 47992 —-a-w- z:\windows\system32\drivers\PktIcpt.sys
2011-08-20 08:25:49 62584 —-a-w- z:\windows\system32\drivers\MiniIcpt.sys
2011-08-20 08:25:49 39288 —-a-w- z:\windows\system32\drivers\HookCentre.sys
2011-08-20 08:25:48 33912 —-a-w- z:\windows\system32\drivers\GDBehave.sys
2011-08-20 08:25:47 41336 —-a-w- z:\windows\system32\drivers\gdwfpcd32.sys
2011-08-16 18:00:57 404640 —-a-w- z:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-22 02:54:43 1797632 —-a-w- z:\windows\system32\jscript9.dll
2011-07-22 02:48:26 1126912 —-a-w- z:\windows\system32\wininet.dll
2011-07-22 02:44:36 2382848 —-a-w- z:\windows\system32\mshtml.tlb
2011-07-16 04:27:30 290816 —-a-w- z:\windows\system32\KernelBase.dll
2011-07-16 02:17:19 6144 —ha-w- z:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 —ha-w- z:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 —ha-w- z:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 —ha-w- z:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-12 09:20:54 83816 —-a-w- z:\windows\system32\dns-sd.exe
2011-07-12 09:20:54 73064 —-a-w- z:\windows\system32\dnssd.dll
2011-07-12 09:20:54 50536 —-a-w- z:\windows\system32\jdns_sd.dll
2011-07-12 09:20:54 178536 —-a-w- z:\windows\system32\dnssdX.dll
2011-07-09 04:29:46 2048 —-a-w- z:\windows\system32\tzres.dll
2011-07-09 02:30:00 223744 —-a-w- z:\windows\system32\drivers\mrxsmb10.sys
2011-07-06 14:32:48 83360 —-a-w- z:\windows\system32\LMIRfsClientNP.dll
2011-07-06 14:32:36 53632 —-a-w- z:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2011-07-06 14:32:28 87424 —-a-w- z:\windows\system32\LMIinit.dll
2011-07-06 14:32:28 29568 —-a-w- z:\windows\system32\LMIport.dll
.
============= FINISH: 7:08:00,65 ===============
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Databaseversie: 7844
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
2/10/2011 9:55:23
mbam-log-2011-10-02 (09-55-23).txt
Scantype: Snelle scan
Objecten gescand: 185416
Verstreken tijd: 11 minuut/minuten, 9 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 1
Registerwaarden geïnfecteerd: 1
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 1
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\qword.com (Adware.QWO) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.qword.com (Adware.QWO) -> Value: www.qword.com -> Quarantined and deleted successfully.
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
z:\Users\Rob\favorites\qword search engine.url (Adware.QWO) -> Quarantined and deleted successfully.
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-04 06:41:54
Windows 6.1.7601 Service Pack 1 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-5 WDC_WD2500JD-00HBB0 rev.08.02D08
Running: gmer.exe; Driver: Z:\Users\Rob\AppData\Local\Temp\kfldrpow.sys
—- System - GMER 1.0.15 —-
SSDT \SystemRoot\system32\drivers\szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.) ZwTerminateProcess
—- Kernel code sections - GMER 1.0.15 —-
.text ntkrnlpa.exe!ZwSaveKey + 13D1 82E40349 1 Byte
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E79D52 19 Bytes {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 166F 82E81324 4 Bytes
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 A23AD000 290 Bytes
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 A23AD123 629 Bytes
PAGE spsys.sys!?SPRevision@@3PADA + 5329 A23AD399 101 Bytes
PAGE spsys.sys!?SPRevision@@3PADA + 538F A23AD3FF 148 Bytes
PAGE spsys.sys!?SPRevision@@3PADA + 543B A23AD4AB 2228 Bytes
PAGE …
—- Devices - GMER 1.0.15 —-
AttachedDevice \FileSystem\Ntfs \Ntfs szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume12 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume13 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume14 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume15 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume16 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000053 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume10 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume11 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
—- Threads - GMER 1.0.15 —-
Thread System A23BAF2E
—- Registry - GMER 1.0.15 —-
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4309A4BF-0ABC-4613-AEF8-B8BFF4D6E41B}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4309A4BF-0ABC-4613-AEF8-B8BFF4D6E41B}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4309A4BF-0ABC-4613-AEF8-B8BFF4D6E41B}@Path \Microsoft\Windows Defender\MP Scheduled Scan
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4309A4BF-0ABC-4613-AEF8-B8BFF4D6E41B}@Hash 0x3B 0x31 0xF4 0x3D …
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4309A4BF-0ABC-4613-AEF8-B8BFF4D6E41B}@Triggers 0x15 0x00 0x00 0x00 …
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4309A4BF-0ABC-4613-AEF8-B8BFF4D6E41B}@DynamicInfo 0x03 0x00 0x00 0x00 …
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MP Scheduled Scan@Id {4309A4BF-0ABC-4613-AEF8-B8BFF4D6E41B}
Reg HKLM\SOFTWARE\Microsoft\Windows Search\CatalogNames\Windows\SystemIndex@pkm:catalog:LastCatalogCrawlId 355
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\356
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\356@CrawlType 2
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\356@InProgress 1
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\356@DoneAddingCrawlSeeds 1
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\356@IsCatalogLevel 0
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\356@LogStartAddId 2
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\2@CrawlNumberInProgress 356
—- EOF - GMER 1.0.15 —-
