Re: security tool en ihaupd32.exe fout
Allereerst Abraham wat een geweldige hulp en wat een geduld. Het straalt professionaliteit uit.
Het is nu laat. Ik ga zo slapen.
Hier mijn logje.
Bedankt alvast voor al je toewijding en geduld.
Geweldig.
Ik heb er vertrouwen in dat het goed komt.
[hjt]
combofix 10-04-05.06 - r.c. van der linden 06-04-2010 23:17:55.1.2 - x86
gestart vanuit:
c:\documents and settings\peter\bureaublad\combofix.exe
.
(((((((((((((((((((((((((((((((((( andere verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\del.bat
c:\documents and settings\all users\application data\24996838
c:\documents and settings\all users\application data\24996838\24996838.exe
c:\documents and settings\all users\bureaublad\nudetube.com.lnk
c:\documents and settings\all users\bureaublad\pornotube.com.lnk
c:\documents and settings\all users\bureaublad\youporn.com.lnk
c:\documents and settings\all users\documenten\settings
c:\documents and settings\all users\documenten\settings\cbss.dll
c:\documents and settings\peter\application data\avdrn.dat
c:\documents and settings\peter\application data\wiaservg.log
c:\documents and settings\peter\bureaublad\security tool.lnk
c:\documents and settings\peter\menu start\programma's\opstarten\wwwwpt32.exe
c:\documents and settings\peter\reader_s .exe
c:\documents and settings\peter\reader_s.exe
c:\documents and settings\peter\rundll32.exe
c:\documents and settings\peter\wuaucldt .exe
c:\documents and settings\peter\wuaucldt.exe
c:\lsass.exe
c:\program files\adobe\acrotray .exe
c:\program files\install.log
c:\program files\internet explorer\js.mui
c:\program files\internet explorer\rasadhlp.dll
c:\program files\internet explorer\wmpscfgs .exe
c:\program files\internet explorer\wmpscfgs.exe
c:\program files\protection system
c:\recycler\s-1-5-21-0863740699-8294275069-815605322-5342
c:\recycler\s-1-5-21-1192902075-4174688033-179230843-7112
c:\recycler\s-1-5-21-1665119533-1873345194-362338438-8566
c:\recycler\s-1-5-21-3541863818-0771419381-435515990-4952
c:\recycler\s-1-5-21-5607739380-0710123683-796702532-2721
c:\recycler\s-1-5-21-5645888814-8252360266-241047620-3406
c:\recycler\s-1-5-21-7038316017-6612796136-259008451-9802
c:\recycler\s-1-5-21-7523667604-4308254505-650256088-0263
c:\recycler\s-1-5-21-7973081229-1581602067-651433514-1036
c:\recycler\s-1-5-21-8027037173-9408009103-714557614-0688
c:\windows\esellerateengine.dll
c:\windows\fonts\mlog
c:\windows\fonts\services.exe
c:\windows\help\verifier.hlp
c:\windows\install.exe
c:\windows\install.txt
c:\windows\rolslgn.dll
c:\windows\sc.exe
c:\windows\sc.ins
c:\windows\system32\1115,534.exe
c:\windows\system32\134,9515.exe
c:\windows\system32\1348,062.exe
c:\windows\system32\1501,383.exe
c:\windows\system32\212,5186.exe
c:\windows\system32\2361,209.exe
c:\windows\system32\318,3693.exe
c:\windows\system32\3327,6.exe
c:\windows\system32\3773,767.exe
c:\windows\system32\3941,874.exe
c:\windows\system32\4027,368.exe
c:\windows\system32\4545,199.exe
c:\windows\system32\567.exe
c:\windows\system32\6511,805.exe
c:\windows\system32\674,96.exe
c:\windows\system32\7231,851.exe
c:\windows\system32\7348,856.exe
c:\windows\system32\7804,019.exe
c:\windows\system32\7960,421.exe
c:\windows\system32\7972,971.exe
c:\windows\system32\8104,654.exe
c:\windows\system32\8161,845.exe
c:\windows\system32\8371,851.exe
c:\windows\system32\8453,593.exe
c:\windows\system32\8719,125.exe
c:\windows\system32\8726,603.exe
c:\windows\system32\8838,718.exe
c:\windows\system32\8856,912.exe
c:\windows\system32\9561,533.exe
c:\windows\system32\btwsvc.dll
c:\windows\system32\cooper.mine
c:\windows\system32\ctfmon .exe
c:\windows\system32\finstall.sys
c:\windows\system32\install.txt
c:\windows\system32\kbdsock.dll
c:\windows\system32\kzp.4e
c:\windows\system32\ms.bin
c:\windows\system32\mshlps.dll
c:\windows\system32\mssapsmr.dll
c:\windows\system32\msxsltsso.dll
c:\windows\system32\nmklo.dll
c:\windows\system32\opear.exe
c:\windows\system32\peresvc.exe
c:\windows\system32\powerdes.exe
c:\windows\system32\reader_s .exe
c:\windows\system32\reader_s.exe
c:\windows\system32\regedit .exe
c:\windows\system32\regedit.exe
c:\windows\system32\rth.gde
c:\windows\system32\so.bin
c:\windows\system32\sshnas21.dll
c:\windows\system32\w.exe
c:\windows\system32\wuaucldt.exe
c:\windows\tasks\{35dc3473-a719-4d14-b7c1-fd326ca84a0c}.job
c:\windows\tasks\{66ba574b-1e11-49b8-909c-8cc9e0e8e015}.job
c:\windows\temp\mta13187.dll
besmet exemplaar van
c:\windows\system32\userinit.exe werd aangetroffen en gedesinfecteerd
hersteld exemplaar van -
c:\windows\system32\dllcache\userinit.exe
besmet exemplaar van
c:\windows\system32\svchost.exe werd aangetroffen en gedesinfecteerd
hersteld exemplaar van -
c:\windows\system32\dllcache\svchost.exe
besmet exemplaar van
c:\windows\system32\spoolsv.exe werd aangetroffen en gedesinfecteerd
hersteld exemplaar van -
c:\windows\system32\dllcache\spoolsv.exe
besmet exemplaar van
c:\windows\explorer.exe werd aangetroffen en gedesinfecteerd
hersteld exemplaar van -
c:\windows\system32\dllcache\explorer.exe
c:\windows\system32\drivers\ndis.sys . . . is genfecteerd!!
besmet exemplaar van
c:\windows\system32\clipsrv.exe werd aangetroffen en gedesinfecteerd
hersteld exemplaar van -
c:\windows\system32\dllcache\clipsrv.exe
.
((((((((((((((((((((((((((((((((((((((( drivers/services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\legacy_btwsvc
-------\legacy_sshnas
-------\service_btwsvc
-------\service_sshnas
-------\legacy_peresvc
-------\service_peresvc
(((((((((((((((((((( bestanden gemaakt van 2010-03-06 to 2010-04-06 ))))))))))))))))))))))))))))))
.
2010-04-06 21:08 . 2010-04-06 21:01 3908251 ----a-w-
c:\combofix.exe
2010-04-06 17:11 . 2010-04-06 16:39 5918776 ----a-w-
c:\mbam-setup.exe
2010-04-06 17:03 . 2010-04-06 17:03 -------- d-----w- c:\documents and settings\networkservice\local settings\application data\adobe
2010-04-06 16:41 . 2010-04-06 16:41 -------- d-----w- c:\program files\trend micro
2010-04-06 16:36 . 2010-04-06 16:28 812344 ----a-w-
c:\hijackthisinstaller.exe
2010-04-06 15:37 . 2010-04-06 15:37 -------- d-----r- c:\documents and settings\networkservice\favorieten
2010-04-06 15:13 . 2010-04-06 15:13 664 ----a-w-
c:\windows\system32\d3d9caps.dat
2010-04-06 15:06 . 2010-04-06 15:06 -------- d-----w- c:\documents and settings\administrator\application data\glarysoft
2010-04-06 15:05 . 2010-04-06 15:05 -------- d-----w- c:\documents and settings\administrator\application data\arcticline
2010-04-06 15:05 . 2010-04-06 15:05 -------- d-----w- c:\documents and settings\administrator\application data\ipswitch
2010-04-06 15:00 . 2010-04-06 15:00 -------- d-----w- c:\documents and settings\administrator\application data\office genuine advantage
2010-04-06 14:59 . 2010-04-06 14:59 -------- d-sh--w- c:\documents and settings\administrator\ietldcache
2010-04-06 14:36 . 2010-04-06 14:36 -------- d-----w- c:\windows\system32\grouppolicy
2010-04-06 14:35 . 2010-04-06 21:47 36864 ----a-w-
c:\windows\system32\d.bin
2010-04-06 14:26 . 2010-04-06 14:26 -------- dc----w- c:\documents and settings\all users\application data\
{74d08eb8-01d1-4bae-91e3-f30c1b031ac6}
2010-04-06 14:09 . 2010-04-06 14:42 -------- d-----w- c:\windows\system32\config\systemprofile\tracing
2010-04-06 14:09 . 2010-04-06 14:09 -------- d-----r- c:\documents and settings\localservice\favorieten
2010-04-06 14:08 . 2010-04-06 14:21 -------- d-----w- c:\documents and settings\all users\application data\30593626
2010-04-06 07:39 . 2010-04-06 07:39 -------- d-----w- c:\windows\system32\config\systemprofile\application data\ipswitch
2010-04-06 07:35 . 2010-04-06 07:35 -------- d-sh--w- c:\windows\system32\config\systemprofile\privacie
2010-04-06 07:20 . 2010-04-06 07:20 -------- d-sh--w- c:\documents and settings\peter\.commgr
2010-04-06 07:20 . 2010-04-06 14:08 286720 ----a-w-
c:\windows\system32\msup1.exe
2010-04-06 07:13 . 2010-04-06 07:13 -------- d-----w- c:\windows\sun
2010-04-01 15:54 . 2010-04-01 15:53 724992 ----a-w-
c:\windows\iun6002.exe
2010-04-01 12:03 . 2010-04-01 12:03 -------- d-----w- c:\windows\system32\wbem\repository
2010-03-30 08:51 . 2010-04-06 20:35 -------- d--h--r- c:\documents and settings\peter\onlangs geopend
2010-03-27 20:37 . 2010-03-27 20:47 -------- d-----w- c:\mijn videos
2010-03-27 17:16 . 2008-07-10 10:00 3851784 ----a-w-
c:\windows\system32\d3dx9_39.dll
2010-03-27 17:14 . 2010-03-27 17:14 -------- d-----w- c:\windows\logs
2010-03-27 14:52 . 2009-09-24 06:50 545 ----a-w- c:\windows\uc.pif
2010-03-27 14:52 . 2009-09-24 06:50 545 ----a-w- c:\windows\rar.pif
2010-03-27 14:52 . 2009-09-24 06:50 545 ----a-w- c:\windows\pkzip.pif
2010-03-27 14:52 . 2009-09-24 06:50 545 ----a-w- c:\windows\pkunzip.pif
2010-03-27 14:52 . 2009-09-24 06:50 545 ----a-w- c:\windows\noclose.pif
2010-03-27 14:52 . 2009-09-24 06:50 545 ----a-w- c:\windows\lha.pif
2010-03-27 14:52 . 2009-09-24 06:50 545 ----a-w- c:\windows\arj.pif
2010-03-24 18:27 . 2010-03-24 18:27 -------- d-----w- c:\documents and settings\all users\application data\raxco
2010-03-24 18:26 . 2010-03-24 18:26 -------- d-----w- c:\program files\raxco
2010-03-24 13:50 . 2010-03-24 13:50 -------- d-----w- c:\windows\system32\ageia
2010-03-24 13:50 . 2010-03-24 13:50 -------- d-----w- c:\program files\ageia technologies
2010-03-24 13:50 . 2010-03-24 13:50 -------- d-----w- c:\program files\common files\wise installation wizard
2010-03-19 20:26 . 2010-03-19 20:26 -------- d-----w- c:\documents and settings\all users\application data\digital aviation
2010-03-19 16:10 . 2010-03-19 16:10 15086 ----a-r-
c:\documents and settings\peter\application data\microsoft\installer\{fb56079b-7d0c-4d1d-864a-09ba159cc31b}\arpproducticon.exe
2010-03-19 16:10 . 2010-03-19 16:10 -------- d-----w- c:\documents and settings\peter\application data\hifi
2010-03-19 16:09 . 2010-03-19 16:09 -------- d-----w- c:\windows\downloaded installations
2010-03-15 19:56 . 2010-03-15 19:56 -------- d-----w- c:\documents and settings\peter\local settings\application data\ghisler
2010-03-15 18:56 . 2010-03-15 18:56 -------- d-----w- c:\documents and settings\peter\local settings\application data\karen's power tools
2010-03-15 18:56 . 2010-03-15 18:56 -------- d-----w- c:\documents and settings\all users\application data\karen's power tools
2010-03-14 13:45 . 2010-04-02 10:37 -------- d-----w- c:\documents and settings\peter\local settings\application data\deployment
2010-03-13 16:36 . 2010-03-24 18:53 -------- d-----w- c:\documents and settings\peter\application data\dvdcss
2010-03-12 21:56 . 2010-04-04 18:26 -------- d-----w- c:\documents and settings\peter\application data\vlc
2010-03-12 17:12 . 2002-07-26 15:02 26000 ----a-w-
c:\windows\system32\ctl3d.dll
2010-03-12 17:12 . 1998-07-05 22:00 14336 ----a-w-
c:\windows\system32\mscomde.dll
2010-03-12 17:12 . 1998-05-04 22:00 24576 ----a-w-
c:\windows\system32\cmct2de.dll
2010-03-09 16:44 . 2010-03-09 17:05 -------- d-----w- c:\documents and settings\peter\local settings\application data\mirillis
.
((((((((((((((((((((((((((((((((((((((( find3m rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-06 21:37 . 2010-04-06 21:37 36865 ----a-w-
c:\windows\system32\msuqddft.dll
2010-04-06 21:37 . 2010-04-06 21:37 167554 ----a-w-
c:\windows\system32\4201,166.exe
2010-04-06 21:36 . 2009-09-19 22:12 0 ----a-w- c:\windows\system32\drivers\
2010-04-06 21:26 . 2008-04-15 12:00 580096 ----a-w-
c:\windows\system32\user32.dll
2010-04-06 16:01 . 2008-04-15 12:00 61952 ----a-w-
c:\windows\system32\ctfmon.exe
2010-04-06 14:28 . 2008-12-21 00:14 155648 ----a-w-
c:\windows\system32\wscript.exe
2010-04-06 14:28 . 2009-08-27 13:06 107008 ----a-w-
c:\windows\system32\tlntsess.exe
2010-04-06 14:28 . 2009-06-15 11:14 104448 ----a-w-
c:\windows\system32\telnet.exe
2010-04-06 14:27 . 2009-08-27 13:06 59904 ----a-w-
c:\windows\system32\sc.exe
2010-04-06 14:27 . 2008-04-15 12:00 58368 ----a-w-
c:\windows\system32\rundll32.exe
2010-04-06 14:26 . 2002-12-31 12:00 184320 ----a-w-
c:\windows\system32\nvsvc32.exe
2010-04-06 14:26 . 2009-09-19 20:31 370176 ----a-w-
c:\windows\system32\mspaint.exe
2010-04-06 14:26 . 2008-04-15 12:00 103424 ----a-w-
c:\windows\system32\msiexec.exe
2010-04-06 14:25 . 2008-04-15 12:00 539648 ----a-w-
c:\windows\system32\logonui.exe
2010-04-06 14:25 . 2008-12-21 00:07 100864 ----a-w-
c:\windows\system32\logagent.exe
2010-04-06 14:25 . 2008-04-15 12:00 175104 ----a-w-
c:\windows\system32\imapi.exe
2010-04-06 14:24 . 2008-12-21 00:14 135168 ----a-w-
c:\windows\system32\cscript.exe
2010-04-06 14:24 . 2008-04-15 12:00 424448 ----a-w-
c:\windows\system32\cmd.exe
2010-04-06 14:24 . 2010-03-05 16:27 293376 ----a-w-
c:\windows\system32\browserchoice.exe
2010-04-06 14:21 . 2000-06-26 06:44 77824 ----a-w-
c:\windows\system32\mspmspsv.exe
2010-04-06 14:20 . 2010-02-24 12:12 68608 ----a-w-
c:\windows\system32\ctsvccda.exe
2010-04-06 14:08 . 2010-04-06 14:08 28515 ----a-w-
c:\documents and settings\peter\23.tmp
2010-04-06 14:08 . 2010-04-06 14:08 90112 ----a-w-
c:\documents and settings\peter\22.tmp
2010-04-06 14:08 . 2010-04-06 14:08 168 ----a-w-
c:\documents and settings\peter\1a.tmp
2010-04-06 14:07 . 2010-04-06 14:07 12 ----a-w-
c:\windows\system32\config\systemprofile\application data\jvmoxh.dat
2010-04-06 07:47 . 2010-04-06 07:47 90112 ----a-w-
c:\documents and settings\peter\4a.tmp
2010-04-06 07:47 . 2010-04-06 07:47 30208 ----a-w-
c:\documents and settings\peter\49.tmp
2010-04-06 07:47 . 2010-04-06 07:47 29494 ----a-w-
c:\documents and settings\peter\48.tmp
2010-04-06 07:47 . 2010-04-06 07:47 70144 ----a-w-
c:\documents and settings\peter\47.tmp
2010-04-06 07:47 . 2010-04-06 07:47 23552 ----a-w-
c:\documents and settings\peter\46.tmp
2010-04-06 07:47 . 2010-04-06 07:47 208 ----a-w-
c:\documents and settings\peter\45.tmp
2010-04-06 07:46 . 2010-04-06 07:46 90112 ----a-w-
c:\documents and settings\peter\3d.tmp
2010-04-06 07:46 . 2010-04-06 07:46 29494 ----a-w-
c:\documents and settings\peter\3b.tmp
2010-04-06 07:46 . 2010-04-06 07:46 70144 ----a-w-
c:\documents and settings\peter\3a.tmp
2010-04-06 07:46 . 2010-04-06 07:46 23552 ----a-w-
c:\documents and settings\peter\39.tmp
2010-04-06 07:46 . 2010-04-06 07:46 208 ----a-w-
c:\documents and settings\peter\38.tmp
2010-04-06 07:45 . 2010-04-06 07:45 90112 ----a-w-
c:\documents and settings\peter\30.tmp
2010-04-06 07:45 . 2010-04-06 07:45 70144 ----a-w-
c:\documents and settings\peter\2c.tmp
2010-04-06 07:45 . 2010-04-06 07:45 29494 ----a-w-
c:\documents and settings\peter\2e.tmp
2010-04-06 07:45 . 2010-04-06 07:45 208 ----a-w-
c:\documents and settings\peter\2a.tmp
2010-04-06 07:45 . 2010-04-06 07:45 90112 ----a-w-
c:\documents and settings\peter\1f.tmp
2010-04-06 07:45 . 2010-04-06 07:45 70144 ----a-w-
c:\documents and settings\peter\18.tmp
2010-04-06 07:45 . 2010-04-06 07:45 208 ----a-w-
c:\documents and settings\peter\16.tmp
2010-04-06 07:38 . 2010-04-06 07:38 0 ----a-w-
c:\documents and settings\peter\2d.tmp
2010-04-06 07:38 . 2010-04-06 07:38 90112 ----a-w-
c:\documents and settings\peter\1e.tmp
2010-04-06 07:38 . 2010-04-06 07:38 29494 ----a-w-
c:\documents and settings\peter\1c.tmp
2010-04-06 07:38 . 2010-04-06 07:38 70144 ----a-w-
c:\documents and settings\peter\1b.tmp
2010-04-06 07:38 . 2010-04-06 07:38 208 ----a-w-
c:\documents and settings\peter\19.tmp
2010-04-06 07:38 . 2010-04-06 07:38 90112 ----a-w-
c:\documents and settings\peter\10.tmp
2010-04-06 07:37 . 2010-04-06 07:37 208 ----a-w-
c:\documents and settings\peter\a.tmp
2010-04-06 07:34 . 2010-04-06 07:34 0 ----a-w-
c:\documents and settings\peter\9.tmp
2010-04-06 07:20 . 2010-04-06 07:20 0 ----a-w-
c:\documents and settings\peter\33.tmp
2010-04-06 07:20 . 2008-04-15 12:00 212480 ----a-w-
c:\windows\system32\drivers\ndis.sys
2010-04-06 07:20 . 2010-04-06 07:20 12 ----a-w-
c:\documents and settings\networkservice\application data\jvmoxh.dat
2010-04-05 16:17 . 2010-02-27 20:22 -------- d-----w- c:\documents and settings\peter\application data\utorrent
2010-03-28 09:21 . 2008-04-15 12:00 92112 ----a-w-
c:\windows\system32\perfc013.dat
2010-03-28 09:21 . 2008-04-15 12:00 513150 ----a-w-
c:\windows\system32\perfh013.dat
2010-03-27 19:14 . 2009-09-20 12:22 -------- d--h--w- c:\program files\installshield installation information
2010-03-25 15:01 . 2010-02-22 19:47 -------- d-----w- c:\program files\glary utilities
2010-03-23 11:51 . 2010-03-03 21:41 -------- d-----w- c:\documents and settings\peter\application data\belastingdienst
2010-03-17 18:57 . 2009-09-20 13:05 69280 ----a-w-
c:\documents and settings\peter\local settings\application data\gdipfontcachev1.dat
2010-03-10 11:00 . 2010-03-05 16:01 -------- d-----w- c:\documents and settings\all users\application data\microsoft help
2010-03-09 19:42 . 2010-02-24 15:36 -------- d-----w- c:\documents and settings\all users\application data\lavasoft
2010-03-05 18:32 . 2010-03-05 18:32 -------- d-----w- c:\documents and settings\all users\application data\office genuine advantage
2010-03-05 18:32 . 2010-03-05 18:32 -------- d-----w- c:\documents and settings\peter\application data\office genuine advantage
2010-03-05 16:33 . 2009-09-19 20:44 -------- d-----w- c:\program files\microsoft works
2010-03-04 14:18 . 2010-03-04 14:18 -------- d-----w- c:\documents and settings\peter\application data\convivea
2010-03-04 13:14 . 2010-03-04 13:14 128 ----a-w-
c:\documents and settings\peter\local settings\application data\fusioncache.dat
2010-03-02 21:45 . 2010-03-02 21:45 -------- d-----w- c:\documents and settings\peter\application data\installshield
2010-03-02 19:47 . 2010-03-02 19:47 -------- d-----w- c:\program files\common files\logitech
2010-03-02 19:47 . 2010-03-02 19:47 -------- d-----w- c:\program files\logitech
2010-02-28 14:10 . 2010-02-28 14:10 -------- d-----w- c:\documents and settings\peter\application data\teamspeak2
2010-02-27 20:16 . 2010-02-27 20:16 -------- d-----w- c:\documents and settings\peter\application data\arcticline
2010-02-26 20:59 . 2010-02-26 20:59 -------- d-----w- c:\program files\common files\creative labs shared
2010-02-26 20:58 . 2010-02-24 12:01 -------- d-----w- c:\program files\creative
2010-02-26 20:57 . 2010-02-26 20:49 288 ----a-w-
c:\windows\system32\dvcstatebkp-{00000002-00000000-0000000b-00001102-00000004-10021102}.dat
2010-02-26 20:57 . 2010-02-26 20:49 288 ----a-w-
c:\windows\system32\dvcstate-{00000002-00000000-0000000b-00001102-00000004-10021102}.dat
2010-02-26 20:57 . 2010-02-24 12:02 444952 ----a-w-
c:\windows\system32\wrap_oal.dll
2010-02-26 20:57 . 2010-02-24 12:02 109080 ----a-w-
c:\windows\system32\openal32.dll
2010-02-26 18:55 . 2010-02-26 18:48 288 ----a-w-
c:\windows\system32\dvcstatebkp-{00000002-00000000-0000000b-00001102-00000004-10001102}.dat
2010-02-26 16:09 . 2010-02-26 16:09 90 --sh--w-
c:\windows\cnerolf.dat
2010-02-25 06:20 . 2009-06-29 16:15 916480 ----a-w-
c:\windows\system32\wininet.dll
2010-02-24 15:55 . 2010-02-24 15:55 95024 ----a-w-
c:\windows\system32\drivers\sbredrv.sys
2010-02-24 15:02 . 2010-02-26 15:31 97364760 ----a-w-
c:\ad-awareinstaller.exe
2010-02-24 12:17 . 2010-02-24 12:02 -------- d-----w- c:\documents and settings\peter\application data\creative
2010-02-24 12:13 . 2010-02-24 12:11 -------- d--h--w- c:\program files\creative installation information
2010-02-24 12:11 . 2010-02-24 12:11 -------- d-----w- c:\program files\common files\creative
2010-02-24 12:11 . 2010-02-24 12:10 6390815 ----a-w-
c:\documents and settings\all users\application data\creative\software update\cache\creative soundfont bank manager web update ver 1.00.21__\sfbm_web_030909.exe
2010-02-24 12:10 . 2010-02-24 12:09 12907880 ----a-w-
c:\documents and settings\all users\application data\creative\software update\cache\creative wavestudio 7.12.00__\wavestd_pcapp_lb_7_12_00.exe
2010-02-24 12:09 . 2010-02-24 12:07 37634288 ----a-w-
c:\documents and settings\all users\application data\creative\software update\cache\creative mediasource 5 player_organizer 5.26.02__\cms5_pcapp_lb_5_26_02.exe
2010-02-24 12:05 . 2010-02-24 12:05 -------- d-----w- c:\documents and settings\all users\application data\creative
2010-02-23 15:58 . 2010-02-23 15:58 1392304 ----a-w-
c:\windows\system32\autopartnt.exe
2010-02-23 15:51 . 2009-09-19 21:11 -------- d-----w- c:\program files\common files\acronis
2010-02-23 13:38 . 2010-02-23 13:38 -------- d-----w- c:\documents and settings\all users\application data\ati
2010-02-23 13:38 . 2010-02-23 13:38 -------- d-----w- c:\documents and settings\peter\application data\ati
2010-02-23 13:35 . 2010-02-23 13:34 -------- d-----w- c:\program files\ati technologies
2010-02-23 13:35 . 2010-02-23 13:35 0 ----a-w-
c:\windows\ativpsrm.bin
2010-02-23 13:34 . 2010-02-23 13:34 10134 ----a-r-
c:\documents and settings\peter\application data\microsoft\installer\{d679b939-2ff1-58de-40e0-4876f5c482a5}\arpproducticon.exe
2010-02-23 13:34 . 2010-02-23 13:34 -------- d-----w- c:\program files\ati
2010-02-23 11:25 . 2010-02-23 11:25 4096 ----a-w-
c:\windows\d3dx.dat
.
infected
c:\windows\system32\user32.dll hex repaired
Code:
[/b]<pre>
[color=teal]c:\program files\windows live\messenger\[/color][color=blue]msnmsgr .exe[/color]
</pre>[b]
------- sigcheck -------
[-] 2010-04-06 . 1df7f42665c94b825322fae71721130d . 212480 . . [5.1.2600.5512] . .
c:\windows\system32\drivers\ndis.sys
[-] 2010-04-06 . 1df7f42665c94b825322fae71721130d . 212480 . . [5.1.2600.5512] . .
c:\windows\system32\dllcache\ndis.sys
[-] 2008-04-15 . 3ba30158909dd17f01c8f08ab6c95a8b . 82432 . . [5.1.2600.5512] . .
c:\windows\system32\spoolsv.exe
[7] 2008-04-15 . db454135de1a09fe7feda7b554b5cca2 . 57856 . . [5.1.2600.5512] . .
c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-15 . 666c9d8c5d9d04cfcd6be30e78e073e7 . 38912 . . [5.1.2600.5512] . .
c:\windows\system32\svchost.exe
[7] 2008-04-15 . e410ec73e2be2a41d923b006f51c8427 . 14336 . . [5.1.2600.5512] . .
c:\windows\system32\dllcache\svchost.exe
[-] 2008-04-15 . 632c57bb7345b3b35b084d4ffcb98174 . 50688 . . [5.1.2600.5512] . .
c:\windows\system32\userinit.exe
[7] 2008-04-15 . 6818a533ed3b2fa9936df3daf45352df . 26112 . . [5.1.2600.5512] . .
c:\windows\system32\dllcache\userinit.exe
[-] 2008-04-15 . ab869e1994749bb7b3b5996ea023a9a9 . 1061888 . . [6.00.2900.5512] . .
c:\windows\explorer.exe
[7] 2008-04-15 . aa04f042a820bf1868e643575887e1a6 . 1037312 . . [6.00.2900.5512] . .
c:\windows\system32\dllcache\explorer.exe
[-] 2009-09-12 . 497bef5c5fad126ca16437c1682f64ea . 1571840 . . [5.1.2600.5512] . .
c:\windows\system32\sfcfiles.dll
[-] 2010-04-06 16:01 . 3a7e73de99a5624c904c57e737956f4a . 61952 . . [3.2.1203.2000] . .
c:\windows\system32\ctfmon.exe
[7] 2008-04-15 . e98a8c802cdb31fcf4121d9dfbea3677 . 15360 . . [5.1.2600.5512] . .
c:\windows\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( reg opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
regedit4
[hkey_current_user\software\microsoft\windows\currentversion\run]
"syncman"=
c:\documents and settings\peter\wuaucldt.exe [n/a]
[hkey_local_machine\software\microsoft\windows\currentversion\run]
"syncman"=
c:\windows\system32\wuaucldt.exe [n/a]
"uxvefl"=
c:\windows\system32\mssapsmr.dll [n/a]
"adobe_reader"=
c:\program files\internet explorer\wmpscfgs.exe [n/a]
"fzwkht"=
c:\windows\system32\msuqddft.dll [2010-04-06 36865]
[hkey_users\.default\software\microsoft\windows\currentversion\run]
"ctfmon.exe"=
c:\windows\system32\ctfmon.exe [2010-04-06 61952]
"msnmsgr"=
c:\program files\windows live\messenger\msnmsgr.exe [2010-04-06 61952]
"syncman"=
c:\documents and settings\peter\wuaucldt.exe [n/a]
[hkey_users\.default\software\microsoft\windows\currentversion\runonce]
"showdeskfix"="shell32"
[x]
[hkey_local_machine\software\microsoft\windows\currentversion\policies\explorer\run]
"vrna"=
c:\windows\temp\s0q6.exe [2010-04-06 75264]
[hkey_local_machine\software\microsoft\windows\currentversion\policies\explorer]
"forceclassiccontrolpanel"= 1 (0x1)
"nosmhelp"= 1 (0x1)
[hkey_local_machine\system\currentcontrolset\control\session manager]
bootexecute reg_multi_sz pdboot.exe\0autocheck autochk *
[hkey_local_machine\software\microsoft\windows\currentversion\group policy\state\s-1-5-21-1644491937-790525478-1177238915-1005\scripts\logon\0\0]
"script"=autorun.bat
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\acronis scheduler2 service]
2009-01-20 21:34 377232 ----a-w-
c:\program files\common files\acronis\schedule2\schedhlp.exe
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\acronistimountermonitor]
2009-01-20 21:45 960536 ----a-w-
c:\program files\acronis\trueimagehome\timountermonitor.exe
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\adobe reader speed launcher]
2009-12-22 00:57 35760 ----a-w-
c:\program files\adobe\reader 9.0\reader\reader_sl.exe
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2010-04-06 16:01 61952 ----a-w-
c:\windows\system32\ctfmon.exe
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\nerofiltercheck]
2001-07-09 09:50 155648 ----a-w-
c:\windows\system32\nerocheck.exe
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\sunjavaupdatesched]
2009-09-19 21:10 149280 ----a-w-
c:\program files\java\jre6\bin\jusched.exe
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\trueimagemonitor.exe]
2009-01-20 21:06 4359280 ----a-w-
c:\program files\acronis\trueimagehome\trueimagemonitor.exe
[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"enablefirewall"= 0 (0x0)
[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\\network diagnostic\\xpnetdiag.exe=
%windir%\\system32\\sessmgr.exe=
c:\\program files\\windows live\\messenger\\msnmsgr.exe=
c:\\program files\\network associates\\common framework\\frameworkservice.exe=
c:\\program files\\ipswitch\\ws_ftp pro\\wsftpgui.exe=
f:\\flight simulator 9\\fs9.exe=
c:\\windows\\system32\\dpnsvr.exe=
c:\\vliegsoft\\fsfdt\\fwinn\\fwinn.exe=
c:\\utorrent\\utorrent.exe=
c:\\program files\\microsoft office\\office12\\onenote.exe=
[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list]
"4899:tcp"= 4899:tcp:radmin
r3 commonfx;commonfx;
c:\windows\system32\drivers\commonfx.sys [2009-06-23 99352]
r3 creative audio engine licensing service;creative audio engine licensing service;
c:\program files\common files\creative labs shared\service\ctaelicensing.exe [2010-02-26 79360]
r3 ctaudfx;ctaudfx;
c:\windows\system32\drivers\ctaudfx.sys [2009-06-23 555032]
r3 cterfxfx.sys;cterfxfx.sys;
c:\windows\system32\drivers\cterfxfx.sys [2009-06-23 100888]
r3 cterfxfx;cterfxfx;
c:\windows\system32\drivers\cterfxfx.sys [2009-06-23 100888]
r3 ctsblfx;ctsblfx;
c:\windows\system32\drivers\ctsblfx.sys [2009-06-23 566296]
s1 naiavtdi1;naiavtdi1;
c:\windows\system32\drivers\mvstdi5x.sys [2007-01-18 59904]
s2 btwsvc;btwsvc;
c:\windows\system32\svchost.exe [2008-04-15 38912]
s2 peresvc;peresvc service;
c:\windows\system32\peresvc.exe [2008-04-15 68608]
s3 commonfx.sys;commonfx.sys;
c:\windows\system32\drivers\commonfx.sys [2009-06-23 99352]
s3 ctaudfx.sys;ctaudfx.sys;
c:\windows\system32\drivers\ctaudfx.sys [2009-06-23 555032]
s3 ctgame;game port;
c:\windows\system32\drivers\ctgame.sys [2009-06-23 18840]
s3 ctsblfx.sys;ctsblfx.sys;
c:\windows\system32\drivers\ctsblfx.sys [2009-06-23 566296]
--- andere services/drivers in geheugen ---
*newlycreated* - btwsvc
*newlycreated* - peresvc
*deregistered* - jeorkj
.
inhoud van de 'gedeelde taken' map
2010-04-06
c:\windows\tasks\glaryinitialize.job
-
c:\program files\glary utilities\initialize.exe [2010-02-22 12:03]
2010-04-06
c:\windows\tasks\ogalogon.job
-
c:\windows\system32\ogaexec.exe [2009-08-03 14:07]
.
.
------- bijkomende scan -------
.
ustart page = hxxp://tweakers.net/
ie: e&xporteren naar microsoft excel -
c:\progra~1\micros~2\office12\excel.exe/3000
dpf:
{1fec8b6f-250a-4293-b12c-67a7ef0b758a} - hxxp://www.kerkomroep.nl/ocx/siknplayer.cab
.
- - - - orphans verwijderd - - - -
ssodl-gootkitsso-
{7b35ad2c-0e4f-4861-af4c-ed793f45b589} -
c:\windows\system32\msxsltsso.dll
addremove-nemeth designs md helicopters md902 explorer for fsx -
g:\fsx\uninstall.exe
**************************************************************************
catchme 0.3.1398 w2k/xp/vista - rootkit/stealth malware detector by gmer,
[noparse]http://www.gmer.net[/noparse]
rootkit scan 2010-04-06 23:37
windows 5.1.2600 service pack 3 ntfs
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
c:\windows\system32\drivers\zpbwmexmbthw9.sys 81408 bytes executable
c:\windows\system32\drivers\zrokkdxlpg5.sys 81408 bytes executable
c:\windows\system32\w.exe 92672 bytes executable
c:\windows\system32\ms.bin 35840 bytes executable
c:\windows\system32\msuqddft.dll 36865 bytes executable
c:\windows\system32\so.bin 44032 bytes executable
c:\windows\system32\4201,166.exe 167554 bytes executable
c:\windows\system32\3467.exe 61440 bytes executable
scan succesvol afgerond
verborgen bestanden: 8
**************************************************************************
stealth mbr rootkit/mebroot/sinowal detector 0.3.7 by gmer,
[noparse]http://www.gmer.net[/noparse]
device: opened successfully
user: mbr read successfully
called modules: ntoskrnl.exe >>unknown
[0x8a515580]<<
kernel: mbr read successfully
detected mbr rootkit hooks:
\driver\disk -> classpnp.sys @ 0xf765bf28
\driver\acpi -> acpi.sys @ 0xf75adcb8
\driver\atapi -> atapi.sys @ 0xba672852
iodeviceobjecttype -> deleteprocedure -> ntoskrnl.exe @ 0x805e66b6
parseprocedure -> ntoskrnl.exe @ 0x80580a6f
\device\harddisk0\dr0 -> deleteprocedure -> ntoskrnl.exe @ 0x805e66b6
parseprocedure -> ntoskrnl.exe @ 0x80580a6f
ndis: marvell yukon gigabit ethernet 10/100/1000base-t adapter, coppe -> sendcompletehandler -> ndis.sys @ 0x8a4fcbb0
packetindicatehandler -> ndis.sys @ 0x8a509a21
sendhandler -> ndis.sys @ 0x8a4e787b
user & kernel mbr ok
**************************************************************************
[hkey_local_machine\system\controlset001\services\zpbwmexmbthw9]
"imagepath"="system32\drivers\zpbwmexmbthw9.sys"
[hkey_local_machine\system\controlset001\services\zrokkdxlpg5]
"imagepath"="system32\drivers\zrokkdxlpg5.sys"
[hkey_local_machine\system\controlset001\services\jeorkj]
.
--------------------- vergrendelde register sleutels ---------------------
[hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\localsystem\components\}|}|9~*]
"3140110900063d11c8ef10054038389c"="c?\\windows\\system32\\fm20enu.dll"
.
--------------------- dlls geladen onder lopende processen ---------------------
- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\ati2evxx.dll
c:\windows\system32\atiadlxx.dll
- - - - - - - > 'explorer.exe'(5940)
c:\windows\system32\msuqddft.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ andere aktieve processen ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\creative\shared files\ctaudsvc.exe
c:\program files\common files\acronis\schedule2\schedul2.exe
c:\windows\system32\ctsvccda.exe
c:\program files\java\jre6\bin\jqs.exe
c:\program files\network associates\common framework\frameworkservice.exe
c:\windows\system32\grouppolicy\user\scripts\logon\winlogo.exe
c:\program files\network associates\virusscan\vstskmgr.exe
c:\program files\common files\microsoft shared\vs7debug\mdm.exe
c:\program files\raxco\perfectdisk10\pdagent.exe
c:\program files\network associates\common framework\naprdmgr.exe
c:\windows\system32\mspmspsv.exe
c:\program files\microsoft office\office12\onenotem.exe
c:\windows\temp\vrt2.tmp
c:\windows\system32\w.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\3467.exe
.
**************************************************************************
.
voltooingstijd: 2010-04-06 23:44:19 - machine werd herstart
combofix-quarantined-files.txt 2010-04-06 21:44
pre-run: 30.817.796.096 bytes beschikbaar
post-run: 30.681.292.800 bytes beschikbaar
windowsxp-kb310994-sp2-home-bootdisk-nld.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\windows
[operating systems]
c:\cmdcons\bootsect.dat="microsoft windows recovery console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\windows="microsoft windows xp professional" /noexecute=optin /fastdetect
- - end of file - - 219efe7cb0b7473470144e416f36c058
[/hjt]
EN nu hijacklog
[hjt]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:47:26, on 6-4-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
c:\windows\system32\smss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\spoolsv.exe
c:\program files\creative\shared files\ctaudsvc.exe
c:\program files\common files\acronis\schedule2\schedul2.exe
c:\windows\system32\ctsvccda.exe
c:\program files\java\jre6\bin\jqs.exe
c:\windows\system32\cmd.exe
c:\program files\network associates\common framework\frameworkservice.exe
c:\windows\system32\grouppolicy\user\scripts\logon\winlogo.exe
c:\program files\network associates\virusscan\vstskmgr.exe
c:\program files\common files\microsoft shared\vs7debug\mdm.exe
c:\program files\raxco\perfectdisk10\pdagent.exe
c:\windows\system32\mspmspsv.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\program files\microsoft office\office12\onenotem.exe
c:\windows\temp\vrt2.tmp
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\w.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\peresvc.exe
c:\windows\system32\svchost.exe
c:\windows\temp\s0q6.exe
c:\windows\explorer.exe
c:\windows\system32\3467.exe
c:\program files\trend micro\hijackthis\hijackthis.exe
r0 - hkcu\software\microsoft\internet explorer\main,start page =
[noparse]http://tweakers.net/[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_page_url =
[noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url =
[noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page =
[noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hklm\software\microsoft\internet explorer\main,start page =
[noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hkcu\software\microsoft\internet connection wizard,shellnext =
[noparse]http://go.microsoft.com/fwlink/?linkid=74005[/noparse]
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername = koppelingen
o2 - bho: acroiehelperstub -
{18df081c-e8ad-4283-a596-fa578c2ebdc3} -
c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
o2 - bho: ipswitch.wsftpbrowserhelper -
{601ed020-fb6c-11d3-87d8-0050da59922b} -
c:\program files\ipswitch\ws_ftp pro\wsbho2k0.dll
o2 - bho: java(tm) plug-in 2 ssv helper -
{dbc80044-a445-435b-bc74-9c25c1c588a9} -
c:\program files\java\jre6\bin\jp2ssv.dll
o2 - bho: jqsiestartdetectorimpl -
{e7e6f031-17ce-4c07-bc86-eabfe594f69c} -
c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
o4 - hklm\..\run:
[syncman] c:\windows\system32\wuaucldt.exe
o4 - hklm\..\run:
[uxvefl] rundll32.exe
c:\windows\system32\mssapsmr.dll,w
o4 - hklm\..\run:
[adobe_reader] c:\program files\internet explorer\wmpscfgs.exe
o4 - hklm\..\run:
[fzwkht] rundll32.exe
c:\windows\system32\msuqddft.dll,w
o4 - hkcu\..\run:
[syncman] c:\documents and settings\peter\wuaucldt.exe
o4 - hkus\s-1-5-18\..\run:
[ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'system')
o4 - hkus\s-1-5-18\..\run:
[msnmsgr] c:\program files\windows live\messenger\msnmsgr.exe /background (user 'system')
o4 - hkus\s-1-5-18\..\run:
[syncman] c:\documents and settings\peter\wuaucldt.exe (user 'system')
o4 - hkus\s-1-5-18\..\runonce:
[showdeskfix] regsvr32 /s /n /i:u shell32 (user 'system')
o4 - hkus\.default\..\run:
[ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'default user')
o4 - hkus\.default\..\runonce:
[showdeskfix] regsvr32 /s /n /i:u shell32 (user 'default user')
o4 - startup: onenote 2007 schermopname en snel starten.lnk =
c:\program files\microsoft office\office12\onenotem.exe
o8 - extra context menu item: e&xporteren naar microsoft excel - res://
c:\progra~1\micros~2\office12\excel.exe/3000
o9 - extra button: verzenden naar onenote -
{2670000a-7350-4f3c-8081-5663ee0c6c49} -
c:\progra~1\micros~2\office12\onbttnie.dll
o9 - extra 'tools' menuitem: verz&enden naar onenote -
{2670000a-7350-4f3c-8081-5663ee0c6c49} -
c:\progra~1\micros~2\office12\onbttnie.dll
o9 - extra button: research -
{92780b25-18cc-41c8-b9be-3c9c571a8263} -
c:\progra~1\micros~2\office12\refiebar.dll
o9 - extra button: (no name) -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra 'tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
c:\windows\network diagnostic\xpnetdiag.exe
o16 - dpf:
{1fec8b6f-250a-4293-b12c-67a7ef0b758a} (sikn speler) -
[noparse]http://www.kerkomroep.nl/ocx/siknplayer.cab[/noparse]
o16 - dpf:
{f6acf75c-c32c-447b-9bef-46b766368d29} (creative software autoupdate support package) -
[noparse]http://ccfiles.creative.com/web/softwareupdate/su2/ocx/15111/ctpid.cab[/noparse]
o23 - service: acronis scheduler2 service (acrsch2svc) - acronis -
c:\program files\common files\acronis\schedule2\schedul2.exe
o23 - service: ati hotkey poller - ati technologies inc. -
c:\windows\system32\ati2evxx.exe
o23 - service: creative audio engine licensing service - creative labs -
c:\program files\common files\creative labs shared\service\ctaelicensing.exe
o23 - service: creative service for cdrom access - creative technology ltd -
c:\windows\system32\ctsvccda.exe
o23 - service: creative audio service (ctaudsvcservice) - creative technology ltd -
c:\program files\creative\shared files\ctaudsvc.exe
o23 - service: java quick starter (javaquickstarterservice) - sun microsystems, inc. -
c:\program files\java\jre6\bin\jqs.exe
o23 - service: mcafee framework service (mcafeeframework) - mcafee, inc. -
c:\program files\network associates\common framework\frameworkservice.exe
o23 - service: network associates task manager (mctaskmanager) - network associates, inc. -
c:\program files\network associates\virusscan\vstskmgr.exe
o23 - service: nvidia display driver service (nvsvc) - nvidia corporation -
c:\windows\system32\nvsvc32.exe
o23 - service: pdagent - raxco software, inc. -
c:\program files\raxco\perfectdisk10\pdagent.exe
o23 - service: pdengine - raxco software, inc. -
c:\program files\raxco\perfectdisk10\pdengine.exe
--
end of file - 6573 bytes
[/hjt]:wink:
en voor straks Welterusten
tot next time.