avg zegt een virus

BetsieR

15-03-2013 15:23

Hallo
Sinds vandaag krijg ik ineens een bericht van AVG dat er een Generic3.DFD virus is gevonden bij een plugin Knockout2
Dit is een filter die ik al sinds 3 jaar gebruik en nooit problemen mee had .Nu kan ik niet meer bij het filter komen deze gebruik ik in mijn Paintshop Pro 12.Hierbij mijn logjes
gr Betsie
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Databaseversie: v2013.03.15.05
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Gebruiker :: COMPUTER_MCE
15-3-2013 14:22:38
mbam-log-2013-03-15 (14-22-38).txt
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 194676
Verstreken tijd: 5 minuut/minuten, 2 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:21:58, on 15-3-2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ASTSRV.EXE
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.nl/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.b1.org/?bsrc=4hixr&chid=c162341
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nu.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.nl/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.nl/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorieten
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: nwiz.exe /install
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: RTHDCPL.EXE
O4 - HKLM\..\Run: ALCMTR.EXE
O4 - HKLM\..\Run: C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: “C:\Program Files\Microsoft LifeCam\LifeExp.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
O4 - HKLM\..\Run: “C:\Program Files\AVG\AVG2013\avgui.exe” /TRAYONLY
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe” -startup
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: “C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe” /c /nocrashserver
O4 - HKCU\..\Run: “C:\Program Files\Skype\Phone\Skype.exe” /minimized /regrun
O4 - HKUS\S-1-5-20\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Netwerkservice’)
O4 - HKUS\S-1-5-20\..\RunOnce: rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘Netwerkservice’)
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\S-1-5-18\..\RunOnce: rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - HKUS\.DEFAULT\..\RunOnce: rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘Default user’)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\FRONTP~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1346270899062
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\WINDOWS\system32\ASTSRV.EXE
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
–
End of file - 8778 bytes
fazantje

15-03-2013 20:17

Hoi Betsie,
Sinds kort hebben we een nieuw verbeterd stappenplan, zie hier.
Zou je deze willen uitvoeren en daarna de 3 logjes plaatsen.
Succes,
Huib;)
BetsieR

15-03-2013 22:34

eerst even zeggen dank je dat jullie er naar wilt kijken, het heeft even geduurd maar dan heb je ook wat .
Bij esetscan werdt niets gevonden.Maar ik vind het zelf zo vreemd als je al 3 jaar werkt met dit filter en nu na een update van AVG zegt die en laat zien over het virus.daarbij staat het nu in de Resident Shield detectie van de AVG en ik weet ook niet hoe die eruit te krijgen.je kan niet op een knop klikken en deleten.
groet Betsie
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Databaseversie: v2013.03.15.07
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Gebruiker :: COMPUTER_MCE
15-3-2013 20:48:00
mbam-log-2013-03-15 (20-48-00).txt
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 195707
Verstreken tijd: 4 minuut/minuten, 33 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
# AdwCleaner v2.114 - Verslag gemaakt op 15/03/2013 om 20:43:27
# Geactualiseerd op 05/03/2013 door Xplode
# Besturingssysteem : Microsoft Windows XP Service Pack 3 (32 bits)
# Gebruiker : Gebruiker - COMPUTER_MCE
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : C:\Documents and Settings\Gebruiker\Local Settings\Temporary Internet Files\Content.IE5\D922RQ8J\adwcleaner.exe
# Optie
***** *****
***** *****
***** *****
Sleutel Verwijdert : HKCU\Software\1ClickDownload
Sleutel Verwijdert : HKCU\Software\InstallCore
Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Sleutel Verwijdert : HKLM\Software\AVG Secure Search
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\BrowserConnection.Loader
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\DnsBHO.BHO
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Prod.cap
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
***** *****
-\\ Internet Explorer v8.0.6001.18702
Het register bevat geen enkele ongeoorloofde invoer.
*************************
AdwCleaner.txt - -
########## EOF - C:\AdwCleaner.txt - ##########
Logfile of random's system information tool 1.09 (written by random/random)
Run by Gebruiker at 2013-03-15 22:24:40
Microsoft Windows XP Professional Service Pack 3
System drive C: has 431 GB (90%) free of 477 GB
Total RAM: 2047 MB (63% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:24:47, on 15-3-2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ASTSRV.EXE
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\WINDOWS\system32\PSIService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Gebruiker\Local Settings\Temporary Internet Files\Content.IE5\30C759K9\RSIT.exe
C:\Program Files\trend micro\Gebruiker.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.nl/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.b1.org/?bsrc=4hixr&chid=c162341
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nu.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.nl/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.nl/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorieten
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: nwiz.exe /install
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: RTHDCPL.EXE
O4 - HKLM\..\Run: ALCMTR.EXE
O4 - HKLM\..\Run: C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: “C:\Program Files\Microsoft LifeCam\LifeExp.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
O4 - HKLM\..\Run: “C:\Program Files\AVG\AVG2013\avgui.exe” /TRAYONLY
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe” -startup
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: “C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe” /c /nocrashserver
O4 - HKCU\..\Run: “C:\Program Files\Skype\Phone\Skype.exe” /minimized /regrun
O4 - HKUS\S-1-5-20\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Netwerkservice’)
O4 - HKUS\S-1-5-20\..\RunOnce: rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘Netwerkservice’)
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\S-1-5-18\..\RunOnce: rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - HKUS\.DEFAULT\..\RunOnce: rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘Default user’)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\FRONTP~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1346270899062
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\WINDOWS\system32\ASTSRV.EXE
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
–
End of file - 9145 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-448539723-688789844-1801674531-1003Core.job
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-448539723-688789844-1801674531-1003UA.job
C:\WINDOWS\tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
======Registry dump======
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll
“NvCplDaemon”=C:\WINDOWS\system32\NvCpl.dll
“nwiz”=nwiz.exe /install
“NvMediaCenter”=C:\WINDOWS\system32\NvMcTray.dll
“RTHDCPL”=C:\WINDOWS\RTHDCPL.EXE
“Alcmtr”=C:\WINDOWS\ALCMTR.EXE
“ehTray”=C:\WINDOWS\ehome\ehtray.exe
“NeroFilterCheck”=C:\WINDOWS\system32\NeroCheck.exe
“Corel File Shell Monitor”=C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
“LifeCam”=C:\Program Files\Microsoft LifeCam\LifeExp.exe
“Adobe ARM”=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
“”=
“Reader Application Helper”=C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
“AVG_UI”=C:\Program Files\AVG\AVG2013\avgui.exe
“SunJavaUpdateSched”=C:\Program Files\Common Files\Java\Java Update\jusched.exe
“Corel Photo Downloader”=C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
“CTFMON.EXE”=C:\WINDOWS\system32\ctfmon.exe
“Facebook Update”=C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
“Skype”=C:\Program Files\Skype\Phone\Skype.exe
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“InstallVisualStyle”=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
“InstallTheme”=C:\WINDOWS\Resources\Themes\Royale.theme
“NoDriveTypeAutoRun”=145
“HonorAutoRunSetting”=1
“C:\WINDOWS\Network Diagnostic\xpnetdiag.exe”=“C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000”
“%windir%\system32\sessmgr.exe”=“%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019”
“%windir%\Network Diagnostic\xpnetdiag.exe”=“%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000”
“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook”
“C:\Program Files\Microsoft LifeCam\LifeCam.exe”=“C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe”
“C:\Program Files\Microsoft LifeCam\LifeEnC2.exe”=“C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe”
“C:\Program Files\Microsoft LifeCam\LifeExp.exe”=“C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe”
“C:\Program Files\Microsoft LifeCam\LifeTray.exe”=“C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe”
“C:\WINDOWS\system32\dpvsetup.exe”="C:\WINDOWS\system32\dpvsetup.exe:*isabled:Microsoft DirectPlay Voice Test"
“C:\Program Files\Messenger\msmsgs.exe”=“C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger”
“C:\Program Files\Skype\Phone\Skype.exe”=“C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype”
“C:\Program Files\AVG\AVG2013\avgmfapx.exe”=“C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:Installer voor AVG”
“C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe”=“C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin”
“C:\Program Files\AVG\AVG2013\avgnsx.exe”=“C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield”
“C:\Program Files\AVG\AVG2013\avgdiagex.exe”=“C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostics 2013”
“C:\Program Files\AVG\AVG2013\avgemcx.exe”=“C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabled:Persoonlijke e-mailscanner”
“C:\WINDOWS\Network Diagnostic\xpnetdiag.exe”=“C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000”
“%windir%\system32\sessmgr.exe”=“%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019”
“%windir%\Network Diagnostic\xpnetdiag.exe”=“%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000”
“C:\Program Files\iMesh Applications\iMesh\iMesh.exe”=“C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh”
“midimapper”=midimap.dll
“msacm.imaadpcm”=imaadp32.acm
“msacm.msadpcm”=msadp32.acm
“msacm.msg711”=msg711.acm
“msacm.msgsm610”=msgsm32.acm
“msacm.trspch”=tssoft32.acm
“vidc.cvid”=iccvid.dll
“VIDC.I420”=msh263.drv
“vidc.iv31”=ir32_32.dll
“vidc.iv32”=ir32_32.dll
“vidc.iv41”=ir41_32.ax
“VIDC.IYUV”=iyuv_32.dll
“vidc.mrle”=msrle32.dll
“vidc.msvc”=msvidc32.dll
“VIDC.UYVY”=msyuv.dll
“VIDC.YUY2”=msyuv.dll
“VIDC.YVU9”=tsbyuv.dll
“VIDC.YVYU”=msyuv.dll
“wavemapper”=msacm32.drv
“wave”=wdmaud.drv
“midi”=wdmaud.drv
“mixer”=wdmaud.drv
“aux”=wdmaud.drv
“msacm.msg723”=msg723.acm
“vidc.M263”=msh263.drv
“vidc.M261”=msh261.drv
“msacm.msaudio1”=msaud32.acm
“msacm.sl_anet”=sl_anet.acm
“msacm.iac2”=C:\WINDOWS\system32\iac25_32.ax
“vidc.iv50”=ir50_32.dll
“msacm.l3acm”=C:\WINDOWS\system32\l3codeca.acm
“MSVideo8”=VfWWDM32.dll
“wave1”=wdmaud.drv
“mixer1”=wdmaud.drv
“vidc.tscc”=tsccvid.dll
“wave2”=wdmaud.drv
“mixer2”=wdmaud.drv
======List of files/folders created in the last 1 month======
2013-03-15 22:24:40 —-D—- C:\rsit
2013-03-15 20:54:38 —-D—- C:\WINDOWS\LastGood
2013-03-15 20:54:33 —-D—- C:\Program Files\ESET
2013-03-15 20:43:27 —-A—- C:\AdwCleaner.txt
2013-03-15 18:52:20 —-D—- C:\Documents and Settings\Gebruiker\Application Data\AVG
2013-03-15 18:51:56 —-D—- C:\Documents and Settings\All Users\Application Data\AVG
2013-03-15 18:51:37 —-SHD—- C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-03-09 20:47:37 —-A—- C:\WINDOWS\system32\javaws.exe
2013-03-09 20:47:30 —-A—- C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-03-09 20:47:30 —-A—- C:\WINDOWS\system32\javaw.exe
2013-03-09 20:47:30 —-A—- C:\WINDOWS\system32\java.exe
2013-03-09 20:47:13 —-D—- C:\Program Files\Java
2013-03-08 23:12:03 —-D—- C:\Program Files\CCleaner
2013-03-04 13:36:18 —-A—- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-02-17 20:37:17 —-D—- C:\WINDOWS\Sun
======List of files/folders modified in the last 1 month======
2013-03-15 22:24:47 —-D—- C:\Program Files\Trend Micro
2013-03-15 22:24:40 —-D—- C:\WINDOWS\Prefetch
2013-03-15 20:54:39 —-SD—- C:\WINDOWS\Downloaded Program Files
2013-03-15 20:54:39 —-D—- C:\WINDOWS\Temp
2013-03-15 20:54:39 —-AD—- C:\WINDOWS
2013-03-15 20:54:33 —-RD—- C:\Program Files
2013-03-15 20:53:35 —-D—- C:\WINDOWS\system32\drivers
2013-03-15 20:47:55 —-D—- C:\Documents and Settings\Gebruiker\Application Data\Skype
2013-03-15 20:45:28 —-D—- C:\WINDOWS\Registration
2013-03-15 20:45:27 —-D—- C:\WINDOWS\system32\CatRoot2
2013-03-15 20:44:13 —-A—- C:\WINDOWS\SchedLgU.Txt
2013-03-15 19:19:21 —-SHD—- C:\WINDOWS\Installer
2013-03-15 19:09:54 —-D—- C:\TDSSStarter
2013-03-15 19:09:19 —-D—- C:\WINDOWS\system32
2013-03-15 19:03:35 —-AD—- C:\Documents and Settings\All Users\Application Data\TEMP
2013-03-15 19:00:23 —-D—- C:\Program Files\AVG
2013-03-15 18:59:01 —-D—- C:\Documents and Settings\Gebruiker\Application Data\TuneUp Software
2013-03-15 18:56:01 —-SD—- C:\WINDOWS\Tasks
2013-03-15 18:52:36 —-D—- C:\WINDOWS\system32\config
2013-03-15 17:49:23 —-D—- C:\Documents and Settings\All Users\Application Data\MFAData
2013-03-15 14:02:42 —-D—- C:\Program Files\Common Files
2013-03-13 13:19:17 —-D—- C:\WINDOWS\Debug
2013-03-13 11:21:11 —-D—- C:\Program Files\Microsoft Silverlight
2013-03-13 11:10:14 —-A—- C:\WINDOWS\system32\MRT.exe
2013-03-13 11:10:09 —-D—- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2013-03-13 11:09:37 —-D—- C:\WINDOWS\system32\dllcache
2013-03-13 11:09:36 —-HD—- C:\WINDOWS\inf
2013-03-13 11:09:29 —-D—- C:\Program Files\Internet Explorer
2013-03-13 11:09:21 —-D—- C:\WINDOWS\ie8updates
2013-03-13 11:08:47 —-HD—- C:\WINDOWS\$hf_mig$
2013-03-10 21:53:36 —-D—- C:\TEMP
2013-03-09 20:47:16 —-A—- C:\WINDOWS\system32\npdeployJava1.dll
2013-03-09 20:47:16 —-A—- C:\WINDOWS\system32\deployJava1.dll
2013-03-08 20:12:44 —-A—- C:\WINDOWS\NeroDigital.ini
2013-03-04 13:36:41 —-D—- C:\Documents and Settings\All Users\Application Data\Adobe
2013-03-01 03:28:00 —-A—- C:\WINDOWS\system32\mshtml.dll
2013-02-25 21:52:08 —-SH—- C:\boot.ini
2013-02-25 21:52:08 —-A—- C:\WINDOWS\win.ini
2013-02-25 21:52:08 —-A—- C:\WINDOWS\system.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AVGIDSHX;AVGIDSHX; C:\WINDOWS\system32\DRIVERS\avgidshx.sys
R0 Avglogx;AVG Logging Driver; C:\WINDOWS\system32\DRIVERS\avglogx.sys
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
R0 ohci1394;VIA OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys
R1 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
R1 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys
R1 intelppm;Intel GV3-processorstuurprogramma; C:\WINDOWS\system32\DRIVERS\intelppm.sys
R1 kbdhid;Stuurprogramma voor toetsenbord-HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys
R3 Arp1394;1394 ARP-clientprotocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\atl01_xp.sys
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
R3 HidUsb;Microsoft HID Class-stuurprogramma; C:\WINDOWS\system32\DRIVERS\hidusb.sys
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver; C:\WINDOWS\System32\Drivers\nx6000.sys
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys
R3 NIC1394;1394-stuurprogramma; C:\WINDOWS\system32\DRIVERS\nic1394.sys
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
R3 usbaudio;Stuurprogramma voor USB-audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys
R3 usbccgp;Microsoft generiek hoofd-USB-stuurprogramma; C:\WINDOWS\system32\DRIVERS\usbccgp.sys
R3 usbstor;Stuurprogramma voor USB-massaopslag; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys
S3 CCDECODE;Closed Caption-decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
S3 MHNDRV;MHN-stuurprogramma; C:\WINDOWS\system32\DRIVERS\mhndrv.sys
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; C:\WINDOWS\system32\drivers\MSTEE.sys
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
S3 NdisIP;Microsoft TV/Video-verbinding; C:\WINDOWS\system32\DRIVERS\NdisIP.sys
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys
S3 WSTCODEC;World Standard Teletext-codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ASTSRV;Nalpeiron Licensing Service; C:\WINDOWS\system32\ASTSRV.EXE
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2013\avgwdsvc.exe
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe
R2 ehSched;Media Center-taakplanner; C:\WINDOWS\eHome\ehSched.exe
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
R2 Skype C2C Service;Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
S3 aspnet_state;ASP.NET-statusservice; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
S3 Sony SCSI Helper Service;Sony SCSI Helper Service; C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe
S3 WMPNetworkSvc;Windows Media Player Network Sharing-service; C:\Program Files\Windows Media Player\WMPNetwk.exe
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
—————–EOF—————–
fazantje

15-03-2013 23:00

Hoi Betsie,
Download Combofix hier en plaats het op jou bureaublad.
Schakel nu eerst jou virusscanner uit. Deze gaat weer aan nadat computer opnieuw is opgestart.
Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link,
want Combofix wordt dagelijks geupdate.
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt
van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
Dubbelklik op Combofix.exe
Volg de instructies, aanvaard de disclaimer.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
De scan kan, afhankelijk van de besmetting 40 tot wel 100 minuten duren, dus denk niet van hij zit vast.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats in jou volgende bericht het logje van Combofix en vertel hoe het nu gaat.
Groetjes Huib;)
BetsieR

15-03-2013 23:50

Inmiddels is het bedtijd geworden en zal ik morgen zaterdag wel lezen of dit alles goed is gegaan
Wel zie ik een uitroep teken bij mijn icoon van AVG terwijl die wel weer aangezet is door mij .
Maar de pc draait goed en is beslist niet traag het probleem zat of zit bij de AVG en die wil een generic3.DFD zien die er niet is ……..denk ik?????
maar ja mijn filter knockout2 heb ik verwijderd en wil deze er graag weer op zetten .
voor nu sleep well.
gr Betsie
ComboFix 13-03-15.01 - Gebruiker 15-03-2013 23:33:19.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2047.1524
Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2013 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Gebruiker\Application Data\isfree3_0.tmp
c:\documents and settings\Gebruiker\WINDOWS
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\PowerToyReadme.htm
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2013-02-15 to 2013-03-15 ))))))))))))))))))))))))))))))
.
.
2013-03-15 21:24 . 2013-03-15 21:24 ——– d—–w- C:\rsit
2013-03-15 19:54 . 2013-03-15 19:54 ——– d—–w- c:\windows\LastGood
2013-03-15 19:54 . 2013-03-15 19:54 ——– d—–w- c:\program files\ESET
2013-03-15 17:52 . 2013-03-15 17:52 ——– d—–w- c:\documents and settings\Gebruiker\Application Data\AVG
2013-03-15 17:51 . 2013-03-15 17:52 ——– d—–w- c:\documents and settings\All Users\Application Data\AVG
2013-03-15 17:51 . 2013-03-15 17:51 ——– d-sh–w- c:\documents and settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-03-15 12:25 . 2013-03-15 19:45 ——– d–h–r- c:\documents and settings\Gebruiker\Onlangs geopend
2013-03-09 19:47 . 2013-03-09 19:47 143872 —-a-w- c:\windows\system32\javacpl.cpl
2013-03-09 19:47 . 2013-03-09 19:47 94112 —-a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-09 19:47 . 2013-03-09 19:47 ——– d—–w- c:\program files\Java
2013-03-08 22:12 . 2013-03-08 22:12 ——– d—–w- c:\program files\CCleaner
2013-03-04 12:36 . 2013-03-13 11:44 73432 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-04 12:36 . 2013-03-13 11:44 693976 —-a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-17 19:37 . 2013-02-17 19:37 ——– d—–w- c:\windows\Sun
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-09 19:47 . 2011-12-14 19:44 861088 —-a-w- c:\windows\system32\npdeployJava1.dll
2013-03-09 19:47 . 2011-09-10 18:42 782240 —-a-w- c:\windows\system32\deployJava1.dll
2013-02-05 20:15 . 2007-08-17 07:41 916480 —-a-w- c:\windows\system32\wininet.dll
2013-02-05 20:15 . 2006-12-16 09:39 43520 ——w- c:\windows\system32\licmgr10.dll
2013-02-05 20:14 . 2006-04-10 12:00 1469440 ——w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:55 . 2006-12-16 09:39 385024 ——w- c:\windows\system32\html.iec
2013-01-26 03:55 . 2007-08-16 18:35 552448 —-a-w- c:\windows\system32\oleaut32.dll
2013-01-07 07:27 . 2007-04-12 16:30 2153472 —-a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 07:26 . 2007-02-28 18:09 2032128 —-a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 10:10 . 2007-04-12 16:21 1867392 —-a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2006-04-10 12:00 148992 —-a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2005-10-24 10:46 1296384 —-a-w- c:\windows\system32\quartz.dll
2012-12-16 12:23 . 2006-04-10 12:00 290560 —-a-w- c:\windows\system32\atmfd.dll
2011-03-30 09:40 . 2011-03-30 09:40 517976 —-a-w- c:\program files\DXSETUP.exe
2011-03-30 09:40 . 2011-03-30 09:40 95576 —-a-w- c:\program files\DSETUP.dll
2011-03-30 09:40 . 2011-03-30 09:40 1566040 —-a-w- c:\program files\dsetup32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
“Facebook Update”=“c:\documents and settings\Gebruiker\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe”
“Skype”=“c:\program files\Skype\Phone\Skype.exe”
.
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll”
“nwiz”=“nwiz.exe”
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll”
“RTHDCPL”=“RTHDCPL.EXE”
“ehTray”=“c:\windows\ehome\ehtray.exe”
“NeroFilterCheck”=“c:\windows\system32\NeroCheck.exe”
“Corel File Shell Monitor”=“c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe”
“LifeCam”=“c:\program files\Microsoft LifeCam\LifeExp.exe”
“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“Reader Application Helper”=“c:\program files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe”
“AVG_UI”=“c:\program files\AVG\AVG2013\avgui.exe”
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe”
“Corel Photo Downloader”=“c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe”
.
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE”
.
“ShowDeskFix”=“shell32”
“nltide_3”=“advpack.dll”
.
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
“AntiVirusOverride”=dword:00000001
“FirewallOverride”=dword:00000001
.
“c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe”=
“%windir%\\system32\\sessmgr.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE”=
“c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe”=
“c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe”=
“c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe”=
“c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe”=
“c:\\WINDOWS\\system32\\dpvsetup.exe”=
“c:\\Program Files\\Messenger\\msmsgs.exe”=
“c:\\Program Files\\Skype\\Phone\\Skype.exe”=
“c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe”=
“c:\\Documents and Settings\\Gebruiker\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe”=
“c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe”=
“c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe”=
“c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe”=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys
R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe
.
Inhoud van de ‘Gedeelde Taken’ map
.
2013-03-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
.
2013-03-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-448539723-688789844-1801674531-1003Core.job
- c:\documents and settings\Gebruiker\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
.
2013-03-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-448539723-688789844-1801674531-1003UA.job
- c:\documents and settings\Gebruiker\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
.
2011-10-07 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
- c:\program files\Microsoft LifeCam\LifeExp.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://nu.nl/
uSearchURL,(Default) = hxxp://www.google.nl/search?q=%s
IE: E&xporteren naar Microsoft Excel - c:\progra~1\FRONTP~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-15 23:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
“ialiemmpmccoganmbh”=hex:6a,61,6c,70,65,66,6d,64,65,6d,63,6c,66,63,66,65,65,6a,
69,65,00,00
“hafjkpcgbjnpfkmj”=hex:6a,61,6c,70,65,66,6d,64,65,6d,63,6c,66,63,66,65,65,6a,
69,65,00,00
“haaccajehpikpaoj”=hex:70,62,61,6e,6d,63,62,6a,6c,68,62,62,67,67,65,6f,66,66,
66,6d,67,6c,6d,6c,66,61,6d,6f,63,66,63,64,65,63,63,6a,66,70,69,61,6f,70,65,\
.
“jajikbdmegediancgbic”=hex:6a,61,6c,70,65,66,6d,64,65,6d,63,6c,66,63,66,65,65,
6a,69,65,00,00
“iajiabfnngojconhee”=hex:6a,61,6c,70,65,66,6d,64,65,6d,63,6c,66,63,66,65,65,6a,
69,65,00,00
.
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101”
.
“Enabled”=dword:00000001
.
@=“c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
@Denied: (A 2) (Everyone)
@=“IFlashBroker5”
.
@=“{00020424-0000-0000-C000-000000000046}”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
Voltooingstijd: 2013-03-15 23:38:56
ComboFix-quarantined-files.txt 2013-03-15 22:38
.
Pre-Run: 452.316.483.584 bytes beschikbaar
Post-Run: 452.344.487.936 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
UnsupportedDebug=“do not select this” /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Windows XP Media Center Edition” /noexecute=optin /fastdetect
.
- - End Of File - - 97CFDEB34583BAD81F9489DB901499C6
fazantje

16-03-2013 00:14

Hoi Betsie,
Er is wel het 1 en ander verwijderd;)
Logjes zien er nu goed uit.
Zet jou filter knockout2 er weer eens op en kijk wat AVG zegt.
Groetjes Huib;)
BetsieR

16-03-2013 10:17

Goedemorgen Fazantje
Vandaag ga ik de filter er weer op zetten na eerst even de boodschappen te hebben gedaan .
En is het ook beter een andere gratis virusscanner te nemen bv Avast.
en mag ik dit stappenplan wel vaker doen.
je hoort van mij
gr Betsie
BetsieR

16-03-2013 12:39

Oke daar ben ik weer
Fazantje ik heb de filter erop gezet had de virusscanner uitgeschakeld en internet eraf en jawel alles was goed ,afijn internet erop en het filter deed het nog ,maar toen de virusscanner weer ingeschakeld en toen herkende die hetzelfde weer .Dit alles is wel begonnen na de update van AVG ,mijn vraag nu ,is het misschien handig om even de AVG eraf te gooien en dan zijn denk ik de bestanden die te lezen zijn in de AVG waar ik niets aan kan veranderen misschien ook wel weg.Zolang ze daar in staan zal AVG het toch steeds herkennen of kan ik naar AVG mailen en zoja welk adres moet ik daar voor hebben.
Groetjes Betsie
Jos H

16-03-2013 13:37

Hallo Betsie.
Wat je eerder aangaf ,Avast is ook een goede antivirusscanner (free)
Alle virusscanners laten wel eens steekjes vallen,maar zelf gebruik ik al jaren Avast en ben daar zeer tevreden over.
Succes met jou keuze.
BetsieR

16-03-2013 13:59

fijn dit te horen dan ga ik denk ik maar over naar avast
kan je mij misschien de goede link geven .
Daarbij wil ik ook even aangeven enorm blij te zijn door jullie steeds weer zo goed te worden geholpen.
een groot compliment aan jullie adres.
gr Betsie

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

avg zegt een virus

BetsieR

fazantje

BetsieR

fazantje

BetsieR

fazantje

BetsieR

BetsieR

Jos H

BetsieR