Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
Mark
Beste prikborders,
Mijn Panda Antivirus vond gisteren tijdens de dagelijkse scan twee virussen en twee hacking tools. Deze behandeld zoals Panda dat normaal doet met bedreigingen, maar ik wil voor de zekerheid mijn logjes laten checken. Eerst de sumiere gegevens van Panda:
Incidenten rapport van Panda Antivirus Pro 2014
Geselecteerde filter:Alle, Datum: Alle
INCIDENT MEEGEDEELD DOOR DATUM-TIJD RESULTAAT EXTRA INFORMATIE
————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————-
Scan klaar Virusscan op aanvraag 27-7-2014 1:20:45 Scan: Scant het gehele systeem
Virus gevonden: Trj/CI.A Virusscan op aanvraag 27-7-2014 1:19:43 Verwijderd Pad: c:\users\g. den dulk\appdata\local\google\chrome\user data\default\file system\001\t\00\00000001
Virus gevonden: Trj/CI.A Virusscan op aanvraag 27-7-2014 1:19:43 Verwijderd Pad: c:\users\g. den dulk\appdata\local\google\chrome\user data\default\file system\001\t\00\00000000
Hacking tool gevonden: PUP/MultiTool… Virusscan op aanvraag 27-7-2014 0:54:03 Verwijderd naar … Pad: c:\users\g. den dulk\appdata\local\google\chrome\user data\default\file system\004\t\00\00000000
Hacking tool gevonden: PUP/TSUploader Virusscan op aanvraag 26-7-2014 22:30:36 Verwijderd naar … Pad: c:\users\g. den dulk\appdata\local\google\chrome\user data\default\file system\003\t\00\00000000
Scan gestart Virusscan op aanvraag 26-7-2014 22:23:24 Scan: Scant het gehele systeem
MBAM vond één bedreiging:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 27-7-2014
Scan Time: 11:12:54
Logfile: MBAM.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.07.27.04
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: G. den Dulk
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 293507
Time Elapsed: 11 min, 49 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 1
PUP.Optional.SuperFish.A, HKU\S-1-5-21-272929204-382550164-3633803829-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, Quarantined, ,
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
En tot slot RSIT:
Logfile of random's system information tool 1.10 (written by random/random)
Run by G. den Dulk at 2014-07-27 11:39:09
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 273 GB (57%) free of 477 GB
Total RAM: 3540 MB (57% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:39:16, on 27-7-2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17207)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PskSvc.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\TPSrvWow.exe
C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA ANTIVIRUS PRO 2014\WebProxy.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PsCtrls.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PavFnSvr.exe
C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\pavsrvx86.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\AVENGINE.EXE
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PsImSvc.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files (x86)\BitComet\BitComet.exe
C:\Users\G. den Dulk\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\G. den Dulk\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\ApVxdWin.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\SMART Technologies\Education Software\FloatingTools.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTNotification.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTTrayIcon.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe
C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe
C:\Program Files (x86)\SMART Technologies\Education Software\Office\SMARTInk-SBSDKProxy.exe
C:\Program Files (x86)\BitComet\tools\BitCometService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\G. den Dulk\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\G. den Dulk.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\userinit.exe,
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\NotebookPlugin.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\APVXDWIN.EXE” /s
O4 - HKLM\..\Run: “C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\Inicio.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\iTunes\iTunesHelper.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\SMART Technologies\Education Software\FloatingTools.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\SMART Technologies\Education Software\SMARTNotification.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\SMART Technologies\Education Software\SMARTTrayIcon.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe” -d
O4 - HKLM\..\Run: “C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe” -a
O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: “C:\Program Files (x86)\BitComet\BitComet.exe” /tray
O4 - HKCU\..\Run: “C:\Users\G. den Dulk\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe”
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O4 - Startup: Dropbox.lnk = G. den Dulk\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: &D&ownload &met BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload alles met BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra ‘Tools’ menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DADAF1F-C295-4EB9-A84D-AE4DDE9F122A}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DADAF1F-C295-4EB9-A84D-AE4DDE9F122A}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{1DADAF1F-C295-4EB9-A84D-AE4DDE9F122A}: NameServer = 192.168.0.1
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files (x86)\BitComet\tools\BitCometService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service - Flexera Software LLC - C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\pavsrvx86.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PskSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SMART Helper Service (SMARTHelperService) - SMART Technologies - C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\TPSrvWow.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 14101 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
======Registry dump======
BitComet Helper - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll
SMART Notebook Download Utility - C:\Program Files (x86)\SMART Technologies\Education Software\NotebookPlugin.dll
Aanmeldhulp voor Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
“StartCCC”=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
“Adobe ARM”=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
“APVXDWIN”=C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\APVXDWIN.EXE
“SCANINICIO”=C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\Inicio.exe
“APSDaemon”=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
“iTunesHelper”=C:\Program Files (x86)\iTunes\iTunesHelper.exe
“SMART Floating Tools”=C:\Program Files (x86)\SMART Technologies\Education Software\FloatingTools.exe
“SMARTNotification”=C:\Program Files (x86)\SMART Technologies\Education Software\SMARTNotification.exe
“SMART Tray Tools”=C:\Program Files (x86)\SMART Technologies\Education Software\SMARTTrayIcon.exe
“SMART Board Service”=C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe
“sbsdk-server”=C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe
“SMART Ink”=C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe
“Sidebar”=C:\Program Files\Windows Sidebar\sidebar.exe
“BitComet”=C:\Program Files (x86)\BitComet\BitComet.exe
“Spotify Web Helper”=C:\Users\G. den Dulk\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\G. den Dulk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\G. den Dulk\AppData\Roaming\Dropbox\bin\Dropbox.exe
“SecurityProviders”=credssp.dll
“ConsentPromptBehaviorAdmin”=5
“ConsentPromptBehaviorUser”=3
“EnableLUA”=0
“EnableUIADesktopToggle”=0
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“NoDriveTypeAutoRun”=145
“NoActiveDesktop”=1
“NoActiveDesktopChanges”=1
“ForceActiveDesktopOn”=0
“vidc.mrle”=msrle32.dll
“vidc.msvc”=msvidc32.dll
“msacm.imaadpcm”=imaadp32.acm
“msacm.msg711”=msg711.acm
“msacm.msgsm610”=msgsm32.acm
“msacm.msadpcm”=msadp32.acm
“midimapper”=midimap.dll
“wavemapper”=msacm32.drv
“vidc.uyvy”=msyuv.dll
“vidc.yuy2”=msyuv.dll
“vidc.yvyu”=msyuv.dll
“vidc.iyuv”=iyuv_32.dll
“vidc.i420”=iyuv_32.dll
“vidc.yvu9”=tsbyuv.dll
“msacm.l3acm”=C:\Windows\SysWOW64\l3codeca.acm
“vidc.cvid”=iccvid.dll
“wave1”=wdmaud.drv
“midi1”=wdmaud.drv
“mixer1”=wdmaud.drv
“aux1”=wdmaud.drv
“wave”=wdmaud.drv
“midi”=wdmaud.drv
“mixer”=wdmaud.drv
“aux”=wdmaud.drv
“wave2”=wdmaud.drv
“midi2”=wdmaud.drv
“mixer2”=wdmaud.drv
“aux2”=wdmaud.drv
“vidc.tscc”=tsccvid.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\PROGRA~2\PANDAS~1\PANDAA~1\PAVSCRIP.EXE “%1” %*
.vbs - open - C:\PROGRA~2\PANDAS~1\PANDAA~1\PAVSCRIP.EXE “%1” %*
======List of files/folders created in the last 1 month======
2014-07-27 11:39:09 —-D—- C:\rsit
2014-07-10 16:51:15 —-A—- C:\Windows\SysWOW64\osk.exe
2014-07-10 16:51:14 —-A—- C:\Windows\SysWOW64\qedit.dll
2014-07-10 16:51:12 —-A—- C:\Windows\SysWOW64\schannel.dll
2014-07-10 16:51:12 —-A—- C:\Windows\SysWOW64\kerberos.dll
2014-07-10 16:51:11 —-A—- C:\Windows\SysWOW64\wdigest.dll
2014-07-10 16:51:11 —-A—- C:\Windows\SysWOW64\TSpkg.dll
2014-07-10 16:51:11 —-A—- C:\Windows\SysWOW64\ncrypt.dll
2014-07-10 16:51:11 —-A—- C:\Windows\SysWOW64\msv1_0.dll
2014-07-10 16:51:11 —-A—- C:\Windows\SysWOW64\credssp.dll
2014-07-10 16:51:08 —-A—- C:\Windows\SysWOW64\urlmon.dll
2014-07-10 16:51:08 —-A—- C:\Windows\SysWOW64\mshtmled.dll
2014-07-10 16:51:08 —-A—- C:\Windows\SysWOW64\jscript9diag.dll
2014-07-10 16:51:08 —-A—- C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-10 16:51:07 —-A—- C:\Windows\SysWOW64\mshtml.dll
2014-07-10 16:51:07 —-A—- C:\Windows\SysWOW64\msfeeds.dll
2014-07-10 16:51:07 —-A—- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-10 16:51:07 —-A—- C:\Windows\SysWOW64\iernonce.dll
2014-07-10 16:51:07 —-A—- C:\Windows\SysWOW64\dxtmsft.dll
2014-07-10 16:51:06 —-A—- C:\Windows\SysWOW64\iesetup.dll
2014-07-10 16:51:06 —-A—- C:\Windows\SysWOW64\iertutil.dll
2014-07-10 16:51:05 —-A—- C:\Windows\SysWOW64\jsproxy.dll
2014-07-10 16:51:05 —-A—- C:\Windows\SysWOW64\ieui.dll
2014-07-10 16:51:05 —-A—- C:\Windows\SysWOW64\ieframe.dll
2014-07-10 16:51:05 —-A—- C:\Windows\SysWOW64\iedkcs32.dll
2014-07-10 16:51:05 —-A—- C:\Windows\SysWOW64\dxtrans.dll
2014-07-10 16:51:03 —-A—- C:\Windows\SysWOW64\wininet.dll
2014-07-10 16:51:03 —-A—- C:\Windows\SysWOW64\vbscript.dll
2014-07-10 16:51:03 —-A—- C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-10 16:51:03 —-A—- C:\Windows\SysWOW64\jscript9.dll
2014-07-10 16:51:03 —-A—- C:\Windows\SysWOW64\ieUnatt.exe
2014-07-10 16:51:03 —-A—- C:\Windows\SysWOW64\ieapfltr.dll
2014-07-10 16:51:02 —-A—- C:\Windows\SysWOW64\msrating.dll
2014-07-10 16:51:02 —-A—- C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-10 16:50:50 —-A—- C:\Windows\SysWOW64\sspicli.dll
2014-07-10 16:50:50 —-A—- C:\Windows\SysWOW64\secur32.dll
======List of files/folders modified in the last 1 month======
2014-07-27 11:39:16 —-D—- C:\Windows\Prefetch
2014-07-27 11:39:15 —-D—- C:\Program Files (x86)\trend micro
2014-07-27 11:39:12 —-D—- C:\Windows\Temp
2014-07-27 11:37:42 —-D—- C:\Users\G. den Dulk\AppData\Roaming\BitComet
2014-07-27 11:02:16 —-D—- C:\Users\G. den Dulk\AppData\Roaming\Dropbox
2014-07-27 11:01:16 —-D—- C:\Windows\System32
2014-07-25 13:44:07 —-D—- C:\Windows\inf
2014-07-22 14:42:42 —-SHD—- C:\$RECYCLE.BIN
2014-07-22 11:42:03 —-SHD—- C:\System Volume Information
2014-07-18 15:23:15 —-D—- C:\Users\G. den Dulk\AppData\Roaming\Spotify
2014-07-16 13:47:45 —-SD—- C:\Users\G. den Dulk\AppData\Roaming\Microsoft
2014-07-11 11:50:06 —-D—- C:\Windows\rescache
2014-07-11 09:51:08 —-D—- C:\Windows\winsxs
2014-07-11 09:49:00 —-D—- C:\Windows\SysWOW64\Dism
2014-07-11 09:48:58 —-D—- C:\Windows\SysWOW64
2014-07-11 09:48:58 —-D—- C:\Windows\ehome
2014-07-11 09:48:55 —-D—- C:\Windows\SysWOW64\en-US
2014-07-11 09:48:53 —-D—- C:\Program Files (x86)\Internet Explorer
2014-07-10 23:20:22 —-SHD—- C:\Windows\Installer
2014-07-10 23:20:19 —-D—- C:\ProgramData\Microsoft Help
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys
R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys
R0 pavboot;Panda boot driver; C:\Windows\system32\Drivers\pavboot64.sys
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys
R1 AsrAppCharger;AsrAppCharger; C:\Windows\system32\DRIVERS\AsrAppCharger.sys
R1 ShldFlt;Panda File Shield Driver; C:\Windows\System32\DRIVERS\ShldFlt.sys
R2 AmFSM;AmFSM; C:\Windows\system32\DRIVERS\amm6460.sys
R3 amdhub30;AMD USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\amdhub30.sys
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys
R3 amdxhc;AMD USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\amdxhc.sys
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys
R3 MBfilt;MBfilt; C:\Windows\system32\drivers\MBfilt64.sys
R3 PavTPK.sys;PavTPK.sys; \??\C:\Windows\system32\PavTPK.sys
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys
R3 SMARTMouseFilterx64;HID-compliant mouse; C:\Windows\system32\DRIVERS\SMARTMouseFilterx64.sys
R3 SMARTVHidMiniVistaAmd64;SMART HID Device; C:\Windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys
S3 cpuz135;cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys
S3 Prot6Flt;Prot6Flt; C:\Windows\system32\DRIVERS\Prot6Flt.sys
S3 PSKMAD;PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys
S3 SMARTVTabletPCx64;SMART Virtual TabletPC; C:\Windows\system32\DRIVERS\SMARTVTabletPCx64.sys
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys
S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe
R2 Panda Software Controller;Panda Software Controller; C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PsCtrls.exe
R2 PAVFNSVR;Panda Function Service; C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PavFnSvr.exe
R2 PavPrSrv;Panda Process Protection Service; C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
R2 PAVSRV;Panda On-Access Anti-Malware Service; C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\pavsrvx86.exe
R2 PSIMSVC;Panda IManager Service; C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PsImSvc.exe
R2 PskSvcRetail;Panda PSK service; C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PskSvc.exe
R2 SMARTHelperService;SMART Helper Service; C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
R2 TPSrv;Panda TPSrv; C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\TPSrvWow.exe
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service; C:\Program Files (x86)\BitComet\tools\BitCometService.exe
R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 FlexNet Licensing Service;FlexNet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe /V
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
S3 Sony SCSI Helper Service;Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
—————–EOF—————–
Ik lees graag jullie meningen/bevindingen.
Met vriendelijke groeten,
Mark.
