Ukash politie vergrendeling
Geplaatst: 16 jun 2012 18:04
Mijn vaders pc was geinfecteerd met het Ukashvirus. Na de vergrendeling weg te hebben gewerkt zijn dit de logjes:
Mbam
Malwarebytes Anti-Malware 1.61.0.1400
http://www.malwarebytes.org" onclick="window.open(this.href);return false;
Databaseversie: v2012.06.15.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ger_anita :: GER_ANITA-PC [administrator]
15-6-2012 18:05:13
mbam-log-2012-06-15 (18-05-13).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 209675
Verstreken tijd: 4 minuut/minuten, 50 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 3
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Trojan.Agent.WNL) -> Data: C:\Users\ger_anita\AppData\Roaming\CodeArchiver.exe,C:\WINDOWS\System32\userinit.exe, -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Trojan.Agent.WNL) -> Data: C:\Users\ger_anita\AppData\Roaming\CodeArchiver.exe -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Vs6sXYle8XGBDXh (Trojan.Agent.WNL) -> Data: C:\Users\ger_anita\AppData\Roaming\CodeArchiver.exe -> Succesvol in quarantaine geplaatst en verwijderd.
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 1
C:\Users\ger_anita\AppData\Roaming\Vyse\hegoe.exe (Trojan.XBuild) -> Succesvol in quarantaine geplaatst en verwijderd.
(einde)
-------------------------------------------------------
Emsisoft
Emsisoft Emergency Kit - Versie 1.0
Laatste Update: 6/15/2012 6:21:44 PM
Scaninstellingen:
Scantype: Diepe Scan
Objecten: Geheugen, Sporen, Cookies, C:\
Scan archieven: Aan
Heuristieken: Uit
ADS Scan: Aan
Scan gestart: 6/15/2012 6:26:00 PM
C:\Users\ger_anita\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\411d4b70-368c2c26/a\c.class Ontdekt: Exploit.Java.CVE-2012!IK
Gescand
Bestanden: 488256
Sporen: 409585
Cookies: 2379
Processen: 62
Gevonden
Bestanden: 1
Sporen: 0
Cookies: 0
Processen: 0
Registersleutels: 0
Scan Geëindigd: 6/15/2012 9:22:52 PM
Scantijd: 2:56:52
C:\Users\ger_anita\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\411d4b70-368c2c26/a\c.class Verwijderd Exploit.Java.CVE-2012!IK
Verwijderd
Bestanden: 1
Sporen: 0
Cookies: 0
------------------------------------------
DDS
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by ger_anita at 17:49:32 on 2012-06-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4091.2699 [GMT 2:00]
.
AV: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\fsgk32st.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\FSGK32.EXE
C:\Program Files (x86)\Internetbeveiliging\Common\FSMA32.EXE
C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe
C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\fssm32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\WUDFHost.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe
C:\Program Files (x86)\Internetbeveiliging\Common\FSLAUNCH.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.kadaza.nl/" onclick="window.open(this.href);return false;
uWindow Title = Windows Internet Explorer wordt aangeboden door MSN and Bing
mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=easynote_tj67&r=27361010v6b6l0470z195f4421w20o" onclick="window.open(this.href);return false;
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=easynote_tj67&r=27361010v6b6l0470z195f4421w20o" onclick="window.open(this.href);return false;
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
uURLSearchHooks: H - No File
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
BHO: DataMngr: {9d717f81-9148-4f12-8568-69135f087db0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - C:\Program Files (x86)\Internetbeveiliging\NRS\iescript\baselitmus.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - C:\Program Files (x86)\Internetbeveiliging\NRS\iescript\baselitmus.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
TB: {B81767E1-672D-4DA1-B5CC-D277185815A6} - No File
uRun: [FNdaswJw7alnn8R] C:\Users\ger_anita\AppData\Roaming\Kartoffelpuerree.exe
uRun: [hkpcyxfqfsujdtz] C:\ProgramData\hkpcyxfq.exe
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [F-Secure Manager] "C:\Program Files (x86)\Internetbeveiliging\Common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "C:\Program Files (x86)\Internetbeveiliging\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE
uPolicies-system: DisableTaskMgr = 0
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
LSP: C:\Program Files (x86)\Internetbeveiliging\FSPS\program\FSLSP.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab" onclick="window.open(this.href);return false;
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab" onclick="window.open(this.href);return false;
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{A7ACCDB0-D251-4D82-8FFD-3505702F5D47} : DhcpNameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{DF0CBB1F-E5CC-45BD-8BD3-3468F89A39E4} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{DF0CBB1F-E5CC-45BD-8BD3-3468F89A39E4}\3596475636F6D6242383132403 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{DF0CBB1F-E5CC-45BD-8BD3-3468F89A39E4}\E4544574541425 : DhcpNameServer = 192.168.1.1
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{30F9B915-B755-4826-820B-08FBA6BD249D}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{99079a25-328f-4bd4-be04-00955acaa0a7}
{9D717F81-9148-4f12-8568-69135F087DB0}
{ba14329e-9550-4989-b3f2-9732e92d17cc}
{C6867EB7-8350-4856-877F-93CF8AE3DC9C}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{ba14329e-9550-4989-b3f2-9732e92d17cc}
{30F9B915-B755-4826-820B-08FBA6BD249D}
{265EEE8E-3228-44D3-AEA5-F7FDF5860049}
{99079a25-328f-4bd4-be04-00955acaa0a7}
TB-X64: {B81767E1-672D-4DA1-B5CC-D277185815A6} - No File
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [F-Secure Manager] "C:\Program Files (x86)\Internetbeveiliging\Common\FSM32.EXE" /splash
mRun-x64: [F-Secure TNB] "C:\Program Files (x86)\Internetbeveiliging\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE
AppInit_DLLs-X64: C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;C:\Windows\System32\drivers\fsbts.sys [2010-10-26 42672]
R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\Internetbeveiliging\HIPS\drivers\fshs.sys [2010-10-26 57920]
R1 FSES;F-Secure Email Scanning Driver;C:\Windows\system32\drivers\fses.sys --> C:\Windows\system32\drivers\fses.sys [?]
R1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys --> C:\Windows\system32\drivers\fsdfw.sys [?]
R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\minifilter\fsvista.sys [2010-10-26 14904]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 acedrv11;acedrv11;\??\C:\Windows\system32\drivers\acedrv11.sys --> C:\Windows\system32\drivers\acedrv11.sys [?]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-3-3 844320]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\fsgk32st.exe [2010-10-26 215648]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 Updater Service;Updater Service;C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-10-30 240160]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\minifilter\fsgk.sys [2010-10-26 199848]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\Internetbeveiliging\ORSP Client\fsorsp.exe [2010-10-26 61088]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2012-06-15 08:30:20 -------- d-----w- C:\ProgramData\orhoifovanrqjyz
2012-06-15 06:11:27 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6C85BCB8-20A0-4F4F-9D8B-DE8F05E70063}\mpengine.dll
2012-06-14 22:51:53 -------- d-----w- C:\ProgramData\Windows
2012-06-14 17:17:55 -------- d-----w- C:\Program Files (x86)\NetBeans 7.1.2
2012-06-14 17:14:06 -------- d-----w- C:\Program Files\Oracle
2012-06-14 17:13:26 955800 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-06-14 17:13:26 839056 ----a-w- C:\Windows\System32\deployJava1.dll
2012-06-14 17:06:46 -------- d-----w- C:\Users\ger_anita\.nbi
2012-06-14 07:14:59 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-14 07:14:58 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2012-06-14 07:14:58 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2012-06-14 07:14:58 499200 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll
2012-06-14 07:14:58 387584 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
2012-06-13 22:43:51 -------- d-----w- C:\Users\ger_anita\AppData\Roaming\Vyse
2012-06-13 22:43:51 -------- d-----w- C:\Users\ger_anita\AppData\Roaming\Uzucum
2012-06-13 22:43:51 -------- d-----w- C:\Users\ger_anita\AppData\Roaming\Omzaa
2012-06-08 05:47:01 -------- d-----w- C:\Users\ger_anita\AppData\Local\Ilivid Player
2012-06-08 05:46:31 -------- d-----w- C:\Program Files (x86)\iLivid
2012-06-08 05:44:35 -------- d-----w- C:\Program Files (x86)\Searchqu Toolbar
2012-06-03 11:45:29 505104 ----a-w- C:\Windows\SysWow64\msxml.dll
2012-06-03 11:45:29 115016 ----a-w- C:\Windows\SysWow64\MSINET.OCX
2012-06-03 11:45:26 89360 ----a-w- C:\Windows\SysWow64\VB5DB.DLL
2012-06-03 11:45:26 69632 ----a-w- C:\Windows\SysWow64\xmltok.dll
2012-06-03 11:45:26 36864 ----a-w- C:\Windows\SysWow64\xmlparse.dll
2012-06-03 11:45:26 35840 ----a-w- C:\Windows\SysWow64\comdlg32.oca
2012-06-03 11:45:26 29184 ----a-w- C:\Windows\SysWow64\MSINET.oca
2012-06-03 11:45:26 28432 ----a-w- C:\Windows\SysWow64\msxmlr.dll
2012-06-03 11:45:26 26096 ----a-w- C:\Windows\SysWow64\xmlinst.exe
2012-06-03 11:45:26 140488 ----a-w- C:\Windows\SysWow64\comdlg32.ocx
2012-06-03 11:41:52 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2012-06-03 11:41:52 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2012-06-03 11:41:52 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-06-03 11:41:52 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2012-06-03 11:41:52 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2012-06-03 11:41:51 696320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2012-06-03 11:41:40 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2012-06-03 11:41:40 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2012-05-30 15:40:07 -------- d-----w- C:\Users\ger_anita\AppData\Roaming\Malwarebytes
2012-05-30 15:39:51 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-30 15:39:49 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-18 08:45:44 -------- d-----w- C:\Users\ger_anita\AppData\Local\Conduit
2012-05-18 08:12:10 -------- d-----w- C:\Program Files (x86)\Team JPN
.
==================== Find3M ====================
.
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-09 07:13:12 55960 ----a-w- C:\Windows\System32\drivers\fsbts.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-22 19:12:12 4435968 ----a-w- C:\Windows\SysWow64\GPhotos.scr
.
============= FINISH: 17:49:56,35 ===============
Mvgr, Stenoss
Mbam
Malwarebytes Anti-Malware 1.61.0.1400
http://www.malwarebytes.org" onclick="window.open(this.href);return false;
Databaseversie: v2012.06.15.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ger_anita :: GER_ANITA-PC [administrator]
15-6-2012 18:05:13
mbam-log-2012-06-15 (18-05-13).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 209675
Verstreken tijd: 4 minuut/minuten, 50 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 3
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Trojan.Agent.WNL) -> Data: C:\Users\ger_anita\AppData\Roaming\CodeArchiver.exe,C:\WINDOWS\System32\userinit.exe, -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Trojan.Agent.WNL) -> Data: C:\Users\ger_anita\AppData\Roaming\CodeArchiver.exe -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Vs6sXYle8XGBDXh (Trojan.Agent.WNL) -> Data: C:\Users\ger_anita\AppData\Roaming\CodeArchiver.exe -> Succesvol in quarantaine geplaatst en verwijderd.
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 1
C:\Users\ger_anita\AppData\Roaming\Vyse\hegoe.exe (Trojan.XBuild) -> Succesvol in quarantaine geplaatst en verwijderd.
(einde)
-------------------------------------------------------
Emsisoft
Emsisoft Emergency Kit - Versie 1.0
Laatste Update: 6/15/2012 6:21:44 PM
Scaninstellingen:
Scantype: Diepe Scan
Objecten: Geheugen, Sporen, Cookies, C:\
Scan archieven: Aan
Heuristieken: Uit
ADS Scan: Aan
Scan gestart: 6/15/2012 6:26:00 PM
C:\Users\ger_anita\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\411d4b70-368c2c26/a\c.class Ontdekt: Exploit.Java.CVE-2012!IK
Gescand
Bestanden: 488256
Sporen: 409585
Cookies: 2379
Processen: 62
Gevonden
Bestanden: 1
Sporen: 0
Cookies: 0
Processen: 0
Registersleutels: 0
Scan Geëindigd: 6/15/2012 9:22:52 PM
Scantijd: 2:56:52
C:\Users\ger_anita\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\411d4b70-368c2c26/a\c.class Verwijderd Exploit.Java.CVE-2012!IK
Verwijderd
Bestanden: 1
Sporen: 0
Cookies: 0
------------------------------------------
DDS
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by ger_anita at 17:49:32 on 2012-06-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4091.2699 [GMT 2:00]
.
AV: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\fsgk32st.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\FSGK32.EXE
C:\Program Files (x86)\Internetbeveiliging\Common\FSMA32.EXE
C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe
C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\fssm32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\WUDFHost.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe
C:\Program Files (x86)\Internetbeveiliging\Common\FSLAUNCH.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.kadaza.nl/" onclick="window.open(this.href);return false;
uWindow Title = Windows Internet Explorer wordt aangeboden door MSN and Bing
mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=easynote_tj67&r=27361010v6b6l0470z195f4421w20o" onclick="window.open(this.href);return false;
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=easynote_tj67&r=27361010v6b6l0470z195f4421w20o" onclick="window.open(this.href);return false;
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
uURLSearchHooks: H - No File
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
BHO: DataMngr: {9d717f81-9148-4f12-8568-69135f087db0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - C:\Program Files (x86)\Internetbeveiliging\NRS\iescript\baselitmus.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - C:\Program Files (x86)\Internetbeveiliging\NRS\iescript\baselitmus.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
TB: {B81767E1-672D-4DA1-B5CC-D277185815A6} - No File
uRun: [FNdaswJw7alnn8R] C:\Users\ger_anita\AppData\Roaming\Kartoffelpuerree.exe
uRun: [hkpcyxfqfsujdtz] C:\ProgramData\hkpcyxfq.exe
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [F-Secure Manager] "C:\Program Files (x86)\Internetbeveiliging\Common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "C:\Program Files (x86)\Internetbeveiliging\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE
uPolicies-system: DisableTaskMgr = 0
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
LSP: C:\Program Files (x86)\Internetbeveiliging\FSPS\program\FSLSP.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab" onclick="window.open(this.href);return false;
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab" onclick="window.open(this.href);return false;
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{A7ACCDB0-D251-4D82-8FFD-3505702F5D47} : DhcpNameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{DF0CBB1F-E5CC-45BD-8BD3-3468F89A39E4} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{DF0CBB1F-E5CC-45BD-8BD3-3468F89A39E4}\3596475636F6D6242383132403 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{DF0CBB1F-E5CC-45BD-8BD3-3468F89A39E4}\E4544574541425 : DhcpNameServer = 192.168.1.1
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{30F9B915-B755-4826-820B-08FBA6BD249D}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{99079a25-328f-4bd4-be04-00955acaa0a7}
{9D717F81-9148-4f12-8568-69135F087DB0}
{ba14329e-9550-4989-b3f2-9732e92d17cc}
{C6867EB7-8350-4856-877F-93CF8AE3DC9C}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{ba14329e-9550-4989-b3f2-9732e92d17cc}
{30F9B915-B755-4826-820B-08FBA6BD249D}
{265EEE8E-3228-44D3-AEA5-F7FDF5860049}
{99079a25-328f-4bd4-be04-00955acaa0a7}
TB-X64: {B81767E1-672D-4DA1-B5CC-D277185815A6} - No File
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [F-Secure Manager] "C:\Program Files (x86)\Internetbeveiliging\Common\FSM32.EXE" /splash
mRun-x64: [F-Secure TNB] "C:\Program Files (x86)\Internetbeveiliging\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE
AppInit_DLLs-X64: C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;C:\Windows\System32\drivers\fsbts.sys [2010-10-26 42672]
R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\Internetbeveiliging\HIPS\drivers\fshs.sys [2010-10-26 57920]
R1 FSES;F-Secure Email Scanning Driver;C:\Windows\system32\drivers\fses.sys --> C:\Windows\system32\drivers\fses.sys [?]
R1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys --> C:\Windows\system32\drivers\fsdfw.sys [?]
R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\minifilter\fsvista.sys [2010-10-26 14904]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 acedrv11;acedrv11;\??\C:\Windows\system32\drivers\acedrv11.sys --> C:\Windows\system32\drivers\acedrv11.sys [?]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-3-3 844320]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\fsgk32st.exe [2010-10-26 215648]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 Updater Service;Updater Service;C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-10-30 240160]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\Internetbeveiliging\Anti-Virus\minifilter\fsgk.sys [2010-10-26 199848]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\Internetbeveiliging\ORSP Client\fsorsp.exe [2010-10-26 61088]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2012-06-15 08:30:20 -------- d-----w- C:\ProgramData\orhoifovanrqjyz
2012-06-15 06:11:27 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6C85BCB8-20A0-4F4F-9D8B-DE8F05E70063}\mpengine.dll
2012-06-14 22:51:53 -------- d-----w- C:\ProgramData\Windows
2012-06-14 17:17:55 -------- d-----w- C:\Program Files (x86)\NetBeans 7.1.2
2012-06-14 17:14:06 -------- d-----w- C:\Program Files\Oracle
2012-06-14 17:13:26 955800 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-06-14 17:13:26 839056 ----a-w- C:\Windows\System32\deployJava1.dll
2012-06-14 17:06:46 -------- d-----w- C:\Users\ger_anita\.nbi
2012-06-14 07:14:59 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-14 07:14:58 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2012-06-14 07:14:58 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2012-06-14 07:14:58 499200 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll
2012-06-14 07:14:58 387584 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
2012-06-13 22:43:51 -------- d-----w- C:\Users\ger_anita\AppData\Roaming\Vyse
2012-06-13 22:43:51 -------- d-----w- C:\Users\ger_anita\AppData\Roaming\Uzucum
2012-06-13 22:43:51 -------- d-----w- C:\Users\ger_anita\AppData\Roaming\Omzaa
2012-06-08 05:47:01 -------- d-----w- C:\Users\ger_anita\AppData\Local\Ilivid Player
2012-06-08 05:46:31 -------- d-----w- C:\Program Files (x86)\iLivid
2012-06-08 05:44:35 -------- d-----w- C:\Program Files (x86)\Searchqu Toolbar
2012-06-03 11:45:29 505104 ----a-w- C:\Windows\SysWow64\msxml.dll
2012-06-03 11:45:29 115016 ----a-w- C:\Windows\SysWow64\MSINET.OCX
2012-06-03 11:45:26 89360 ----a-w- C:\Windows\SysWow64\VB5DB.DLL
2012-06-03 11:45:26 69632 ----a-w- C:\Windows\SysWow64\xmltok.dll
2012-06-03 11:45:26 36864 ----a-w- C:\Windows\SysWow64\xmlparse.dll
2012-06-03 11:45:26 35840 ----a-w- C:\Windows\SysWow64\comdlg32.oca
2012-06-03 11:45:26 29184 ----a-w- C:\Windows\SysWow64\MSINET.oca
2012-06-03 11:45:26 28432 ----a-w- C:\Windows\SysWow64\msxmlr.dll
2012-06-03 11:45:26 26096 ----a-w- C:\Windows\SysWow64\xmlinst.exe
2012-06-03 11:45:26 140488 ----a-w- C:\Windows\SysWow64\comdlg32.ocx
2012-06-03 11:41:52 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2012-06-03 11:41:52 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2012-06-03 11:41:52 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-06-03 11:41:52 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2012-06-03 11:41:52 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2012-06-03 11:41:51 696320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2012-06-03 11:41:40 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2012-06-03 11:41:40 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2012-05-30 15:40:07 -------- d-----w- C:\Users\ger_anita\AppData\Roaming\Malwarebytes
2012-05-30 15:39:51 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-30 15:39:49 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-18 08:45:44 -------- d-----w- C:\Users\ger_anita\AppData\Local\Conduit
2012-05-18 08:12:10 -------- d-----w- C:\Program Files (x86)\Team JPN
.
==================== Find3M ====================
.
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-09 07:13:12 55960 ----a-w- C:\Windows\System32\drivers\fsbts.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-22 19:12:12 4435968 ----a-w- C:\Windows\SysWow64\GPhotos.scr
.
============= FINISH: 17:49:56,35 ===============
Mvgr, Stenoss