Welcome to Omgili,
Omgili ( Oh My God I Love It ;) is a search engine for discussions. With Omgili you can find answers and solutions, debates, discussions, personal experiences, opinions and more... To learn more about Omgili click here.
This is a complete preview of the discussion as it was indexed by Omgili crawlers. Use this preview if the original discussion is unavailable.
Click here to view the original discussion.
[http://www.nucia.nl/forum/showthread.php?t=38...]
Click here to search for discussions with Omgili discussions search engine.
 |
Traag en crashes van acrobat reader en TR/CRYPT problemen - Nucia / ASO forums
Ik krijg sinds enkele dagen last van TR/CRYPT en dan vanalles erachter.
Antivir komt me dit vertellen, ookal druk ik deny, delete, quarantine, dit blijft terugkomen.
Een volledige scan merkt deze dingen op, maar ik krijg ze niet verwijderd.
Misschien hebben jullie ideeën?
Mijn logje:
17:02:58, on 16/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\ISP Monitor\isp.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\explorer.exe
C:\Program Files\Winamp\winamp.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
//www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ISPMonitor] C:\Program Files\ISP Monitor\isp.exe
O4 - HKCU\..\Run: [Packard Bell Software Suite] C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe /run
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\LuintoST\AppData\Local\Temp\xxyyyxUk.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Avira AntiVir Personal Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc.
- C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc.
- C:\Windows\System32\StkCSrv.exe
--
End of file - 7940 bytes
Bij msconfig staat dit
cmds - Onbekend - rundll32.exe C:\Users\LuintoST\AppData\Local\Temp\xxyyyxUk.dll,c (komt twee keer voor)
en
MSServer - Onbekend - rundll32.exe C:\Users\LuintoST\AppData\Local\Temp\qoMddEuS.dll,#1
Ook niet echt normaal denk ik..
|
|
Hmm, ik heb SUPERantispyware er eens op los gelaten, en dat doet meer dan de virusscanner en spyware removers.
Nieuw logje:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:22:52, on 16/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ASScrPro.exe
C:\Program Files\P4P\P4P.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\ISP Monitor\isp.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ISPMonitor] C:\Program Files\ISP Monitor\isp.exe
O4 - HKCU\..\Run: [Packard Bell Software Suite] C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe /run
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Avira AntiVir Personal Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc.
- C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd.
- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc.
- C:\Windows\System32\StkCSrv.exe
--
End of file - 8778 bytes
|
|
Wil je toch deze even runnen aub.
Download ATF cleaner (gemaakt door Atribune)
Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.
Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.
Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.
Download Malwarebytes' Anti-Malware via hier of hier.
Dubbelklik mbam-setup.exe om het programma te installeren.Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Launch Malwarebytes' Anti-Malware, Klik daarna op "finish".
Indien een update gevonden werd, zal het die downloaden en de laatste versie installeren.
Wanneer het programma volledig up to date is, selecteer "Perform Quick Scan", daarna klik Scan.
Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik OK, daarna "Show Results" om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik: Remove Selected.
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
(Zie extra nota onderaan) De log wordt automatisch bewaard door MBAM die je kan zien door de "Logs" tab te klikken in MBAM.
Kopieer en plak de resultaten van de log in je volgend antwoord, samen met een nieuw HijackThislog.
Extra opmerking:
Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.
Daarna zal het vragen om de Computer opnieuw op te starten...
Dus sta toe dat MBAM de computer opnieuw opstart.
Herstart de computer en plaats ook een nieuw HJT logje
|
|
Het moet er nog niet helemaal afgeweest zijn na die scan met superantispyware.
Vandaag stond er een melding van TR/xxx iets anders dan crypt.
Het was er wel maar 1 maar toch.
Nu, ATF cleaner done, 170MB vrijgemaakt.
De tweede tool had niets gevonden.
En hier mijn nieuw logje.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:05:30, on 17/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ASScrPro.exe
C:\Program Files\P4P\P4P.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\ISP Monitor\isp.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ISPMonitor] C:\Program Files\ISP Monitor\isp.exe
O4 - HKCU\..\Run: [Packard Bell Software Suite] C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe /run
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Avira AntiVir Personal Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc.
- C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd.
- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc.
- C:\Windows\System32\StkCSrv.exe
--
End of file - 8906 bytes
|
|
|
Volg de instructies zoals beschreven op de volgende pagina: hoe-dient-combofix-gebruikt-te-worden
Gebruik je Vista, dan hoeft de Recovery Console niet te worden geinstalleerd.
Is er iets niet duidelijk, dan vraag je het.
Als het tooltje klaar is, opent er een logfile (C:\combofix.txt).
Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
|
|
Bedankt voor de hulp al.
Hier de logs!
ComboFix 08-06-16.5 - LuintoST 2008-06-17 23:46:16.1 - NTFSx86
Microsoft® Windows Vista Home Premium 6.0.6001.1.1252.1.1043.18.1073 [GMT 2:00]
Gestart vanuit: C:\Users\LuintoST\Desktop\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
Andere Verwijderingen
.
C:\Program Files\p4p
C:\Program Files\p4p\Bookmark.ini
C:\Program Files\p4p\P4P.exe
C:\Program Files\p4p\RING.WAV
.
Bestanden Gemaakt van 2008-05-17 to 2008-06-17
.
2008-06-17 22:41 .
2008-06-17 22:41 <DIR>
D C:\Windows\LastGood
2008-06-17 22:41 .
2008-06-17 22:41 0 --ah C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-17 17:55 .
2008-06-17 17:55 <DIR>
D C:\Users\LuintoST\AppData\Roaming\Malwarebytes
2008-06-17 17:54 .
2008-06-17 17:54 <DIR>
D C:\ProgramData\Malwarebytes
2008-06-17 17:54 .
2008-06-17 17:55 <DIR>
D C:\Program Files\Malwarebytes' Anti-Malware
2008-06-17 17:54 .
2008-06-10 19:02 34,296 --a C:\Windows\System32\drivers\mbamcatchme.sys
2008-06-17 17:54 .
2008-06-10 19:02 15,864 --a C:\Windows\System32\drivers\mbam.sys
2008-06-17 12:52 .
2008-05-10 05:35 885,248 --a C:\Windows\System32\RacEngn.dll
2008-06-17 12:52 .
2008-05-10 00:22 9,127 --a C:\Windows\System32\RacUR.xml
2008-06-17 12:52 .
2008-05-10 00:22 153 --a C:\Windows\System32\RacUREx.xml
2008-06-16 17:38 .
2008-06-16 17:38 <DIR>
D C:\Users\LuintoST\AppData\Roaming\SUPERAntiSpyware.com
2008-06-16 17:38 .
2008-06-16 17:38 <DIR>
D C:\ProgramData\SUPERAntiSpyware.com
2008-06-16 17:38 .
2008-06-16 17:38 <DIR>
D C:\Program Files\SUPERAntiSpyware
2008-06-16 17:37 .
2008-06-16 17:37 <DIR>
D C:\Program Files\Common Files\Wise Installation Wizard
2008-06-16 17:15 .
2008-06-16 17:35 <DIR>
D C:\ProgramData\Spybot - Search & Destroy
2008-06-16 17:15 .
2008-06-16 17:17 <DIR>
D C:\Program Files\SpywareGuard
2008-06-16 17:15 .
2008-06-16 17:15 <DIR>
D C:\Program Files\Spybot - Search & Destroy
2008-06-16 16:43 .
2008-06-16 16:43 <DIR>
D C:\Program Files\Trend Micro
2008-06-15 23:56 .
2008-06-15 23:56 <DIR>
D C:\Program Files\CSR
2008-06-15 22:27 .
2008-06-15 22:27 <DIR>
D C:\Users\LuintoST\AppData\Roaming\InstallShield
2008-06-15 21:31 .
2008-06-15 21:31 <DIR>
D C:\Users\LuintoST\AppData\Roaming\Autodesk
2008-06-15 21:31 .
2008-06-15 21:43 <DIR>
D C:\ProgramData\Autodesk
2008-06-15 21:31 .
2008-06-15 21:41 <DIR>
D C:\Program Files\AutoCAD 2008
2008-06-15 21:21 .
2008-06-15 21:42 <DIR>
D C:\Program Files\Common Files\Autodesk Shared
2008-06-15 21:21 .
2008-06-15 21:21 <DIR>
D C:\Program Files\Autodesk
2008-06-15 21:03 .
2008-06-15 21:03 <DIR>
D C:\Program Files\PowerISO
2008-06-15 20:59 .
2006-10-26 19:56 32,592 --a C:\Windows\System32\msonpmon.dll
2008-06-15 20:54 .
2008-06-15 20:54 <DIR>
D C:\Program Files\Microsoft Works
2008-06-15 20:52 .
2008-06-15 20:52 <DIR>
D C:\Windows\PCHEALTH
2008-06-15 20:52 .
2008-06-15 20:52 <DIR>
D C:\Program Files\Microsoft.NET
2008-06-15 20:49 .
2008-06-15 20:49 <DIR>
D C:\Program Files\Microsoft Visual Studio 8
2008-06-15 20:46 .
2008-06-15 20:46 <DIR>
Dr-h C:\MSOCache
2008-06-15 20:21 .
2008-06-15 20:21 <DIR>
D C:\Users\LuintoST\AppData\Roaming\DAEMON Tools
2008-06-15 20:21 .
2008-06-15 20:21 717,296 --a C:\Windows\System32\drivers\sptd.sys
2008-06-15 20:06 .
2008-06-15 20:06 <DIR>
D C:\Program Files\Packard Bell External HDD
2008-06-15 20:06 .
2008-06-15 20:06 <DIR>
D C:\Program Files\Packard Bell
2008-06-15 19:02 .
2008-06-15 19:02 <DIR>
D C:\PerfLogs
2008-06-15 17:19 .
2008-06-16 02:15 <DIR>
D C:\Users\LuintoST\AppData\Roaming\ISP Monitor
2008-06-15 17:18 .
2008-06-15 17:19 <DIR>
D C:\Program Files\ISP Monitor
2008-06-15 17:18 .
2008-06-15 17:18 737,280 --a C:\Windows\iun6002.exe
2008-06-15 17:03 .
2008-01-19 09:35 9,847,296 --a C:\Windows\System32\NlsData000a.dll
2008-06-15 17:02 .
2008-01-19 08:06 8,147,456 --a C:\Windows\System32\wmploc.DLL
2008-06-15 17:01 .
2008-01-19 09:36 357,888 --a C:\Windows\System32\wbemcomn.dll
2008-06-15 17:00 .
2008-01-19 09:36 704,512 --a C:\Windows\System32\SmiEngine.dll
2008-06-15 17:00 .
2008-01-19 09:36 218,624 --a C:\Windows\System32\wdscore.dll
2008-06-15 17:00 .
2008-01-19 09:36 139,264 --a C:\Windows\System32\SmiInstaller.dll
2008-06-15 17:00 .
2008-01-19 09:33 130,560 --a C:\Windows\System32\PkgMgr.exe
2008-06-15 16:59 .
2008-01-19 09:34 305,152 --a C:\Windows\System32\msdelta.dll
2008-06-15 16:59 .
2008-01-19 09:34 258,560 --a C:\Windows\System32\dpx.dll
2008-06-15 16:59 .
2008-01-19 09:34 246,784 --a C:\Windows\System32\drvstore.dll
2008-06-15 16:59 .
2008-01-19 09:35 35,328 --a C:\Windows\System32\mspatcha.dll
2008-06-15 16:59 .
2006-11-02 11:39 6,656 --a C:\Windows\System32\kbd106.dll
2008-06-13 23:56 .
2008-06-14 00:00 <DIR>
D C:\Users\LuintoST\AppData\Roaming\Winamp
2008-06-13 23:56 .
2008-06-13 23:56 <DIR>
D C:\ProgramData\Winamp Toolbar
2008-06-13 23:56 .
2008-06-13 23:56 <DIR>
D C:\Program Files\Winamp Toolbar
2008-06-13 23:56 .
2008-06-13 23:59 <DIR>
D C:\Program Files\Winamp
2008-06-13 23:56 .
2007-03-08 01:51 129,784 C:\Windows\System32\pxafs.dll
2008-06-13 23:47 .
2008-06-13 23:47 59 --a C:\Windows\pp.enc
2008-06-13 23:46 .
2008-06-17 19:08 <DIR>
D C:\Users\LuintoST\AppData\Roaming\Microgaming
2008-06-13 23:44 .
2008-06-13 23:44 <DIR>
D C:\Microgaming
2008-06-13 23:25 .
2008-06-17 23:44 <DIR>
D C:\Users\LuintoST\AppData\Roaming\uTorrent
2008-06-13 23:25 .
2008-06-13 23:25 <DIR>
D C:\Program Files\uTorrent
2008-06-13 23:11 .
2008-06-13 23:11 <DIR>
D C:\Program Files\Winwap Technologies
2008-06-13 23:11 .
2006-05-10 12:43 1,069,056 --a-s---- C:\Windows\System32\libeay32.dll
2008-06-13 23:11 .
2006-07-13 15:31 200,704 --a-s---- C:\Windows\System32\libssl32.dll
2008-06-13 22:51 .
2008-06-13 22:51 <DIR>
D C:\Program Files\Microsoft Silverlight
2008-06-13 22:48 .
2008-06-13 22:48 <DIR>
D C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-13 19:38 .
2008-06-13 19:38 <DIR>
D C:\Users\LuintoST\AppData\Roaming\Ahead
2008-06-13 19:38 .
2008-06-13 19:38 <DIR>
D C:\ProgramData\LightScribe
2008-06-13 19:01 .
2008-06-13 19:01 <DIR>
D C:\ProgramData\Avira
2008-06-13 19:01 .
2008-06-13 19:01 <DIR>
D C:\Program Files\Avira
2008-06-13 19:01 .
2008-06-13 19:01 220,160 --a C:\Windows\System32\drivers\bthport.sys
2008-06-13 19:01 .
2008-06-13 19:01 181,760 --a C:\Windows\System32\fsquirt.exe
2008-06-13 19:01 .
2008-06-13 19:01 29,184 --a C:\Windows\System32\drivers\BTHUSB.SYS
2008-06-13 19:01 .
2008-06-13 19:01 19,456 --a C:\Windows\System32\drivers\bthenum.sys
2008-06-13 18:59 .
2008-06-13 18:59 988,216 --a C:\Windows\System32\winload.exe
2008-06-13 18:59 .
2008-06-13 18:59 927,288 --a C:\Windows\System32\winresume.exe
2008-06-13 18:59 .
2008-06-13 18:59 615,992 --a C:\Windows\System32\ci.dll
2008-06-13 18:59 .
2008-06-13 18:59 378,368 --a C:\Windows\System32\srcore.dll
2008-06-13 18:59 .
2008-06-13 18:59 318,464 --a C:\Windows\System32\rstrui.exe
2008-06-13 18:59 .
2008-06-13 18:59 46,592 --a C:\Windows\System32\setbcdlocale.dll
2008-06-13 18:59 .
2008-06-13 18:59 40,960 --a C:\Windows\System32\srclient.dll
2008-06-13 18:59 .
2008-06-13 18:59 19,000 --a C:\Windows\System32\kd1394.dll
2008-06-13 18:59 .
2008-06-13 18:59 14,848 --a C:\Windows\System32\srdelayed.exe
2008-06-13 18:59 .
2008-06-13 18:59 6,656 --a C:\Windows\System32\kbd106n.dll
2008-06-13 18:58 .
2008-06-13 18:58 2,032,128 --a C:\Windows\System32\win32k.sys
2008-06-13 18:58 .
2008-06-13 18:58 295,936 --a C:\Windows\System32\gdi32.dll
2008-06-13 18:57 .
2008-06-13 18:57 4,240,384 --a C:\Windows\System32\GameUXLegacyGDFs.dll
2008-06-13 18:57 .
2008-06-13 18:57 1,695,744 --a C:\Windows\System32\gameux.dll
2008-06-13 18:57 .
2008-06-13 18:57 113,664 --a C:\Windows\System32\drivers\rmcast.sys
2008-06-13 18:57 .
2008-06-13 18:57 14,848 --a C:\Windows\System32\wshrm.dll
2008-06-13 18:56 .
2008-06-13 18:56 1,314,816 --a C:\Windows\System32\quartz.dll
2008-06-13 18:56 .
2008-06-13 18:56 428,544 --a C:\Windows\System32\EncDec.dll
2008-06-13 18:56 .
2008-06-13 18:56 293,376 --a C:\Windows\System32\psisdecd.dll
2008-06-13 18:56 .
2008-06-13 18:56 218,624 --a C:\Windows\System32\psisrndr.ax
2008-06-13 18:56 .
2008-06-13 18:56 80,896 --a C:\Windows\System32\MSNP.ax
2008-06-13 18:56 .
2008-06-13 18:56 69,632 --a C:\Windows\System32\Mpeg2Data.ax
2008-06-13 18:56 .
2008-06-13 18:56 57,856 --a C:\Windows\System32\MSDvbNP.ax
2008-06-13 18:52 .
2008-06-13 18:52 1,383,424 --a C:\Windows\System32\mshtml.tlb
2008-06-13 18:52 .
2008-06-13 18:52 826,880 --a C:\Windows\System32\wininet.dll
2008-06-13 18:35 .
2008-06-13 18:35 <DIR>
D C:\Program Files\Common Files\Adobe
2008-06-13 18:09 .
2008-06-13 18:09 546 --a C:\Windows\System32\ABA7K.DAT
2008-06-13 18:03 .
2008-06-13 18:03 0 --a C:\Windows\System32\drivers\1043_ASUSTeK_A7K.alu
2008-06-13 17:54 .
2008-06-13 17:54 <DIR>
D C:\Users\LuintoST\AppData\Roaming\ATI
2008-06-13 17:53 .
2008-06-13 17:53 <DIR>
Dr C:\Users\LuintoST\Searches
2008-06-13 17:53 .
2008-06-13 17:53 <DIR>
Dr C:\Users\LuintoST\Contacts
2008-06-13 17:53 .
2008-06-13 17:53 <DIR>
D--hs---- C:\$RECYCLE.BIN
2008-06-13 17:43 .
2008-06-13 22:41 <DIR>
D C:\ProgramData\Symantec
2008-06-13 17:43 .
2008-06-13 19:38 <DIR>
D C:\Program Files\Common Files\Symantec Shared
2008-06-13 17:41 .
2008-06-13 17:41 <DIR>
D C:\ProgramData\Ahead
2008-06-13 17:41 .
2008-06-13 17:41 <DIR>
D C:\Program Files\Common Files\LightScribe
2008-06-13 17:40 .
2008-06-13 17:40 <DIR>
D C:\ProgramData\Nero
2008-06-13 17:40 .
2008-06-13 17:40 <DIR>
D C:\Program Files\Nero
2008-06-13 17:40 .
2008-06-13 17:40 <DIR>
D C:\Program Files\Common Files\Ahead
2008-06-13 17:37 .
2008-06-13 17:53 <DIR>
Dr C:\Users\LuintoST\Videos
2008-06-13 17:37 .
2008-06-13 17:53 <DIR>
Dr C:\Users\LuintoST\Saved Games
2008-06-13 17:37 .
2008-06-13 17:53 <DIR>
Dr C:\Users\LuintoST\Pictures
2008-06-13 17:37 .
2008-06-13 17:53 <DIR>
Dr C:\Users\LuintoST\Music
2008-06-13 17:37 .
2008-06-13 17:53 <DIR>
Dr C:\Users\LuintoST\Links
2008-06-13 17:37 .
2008-06-17 19:03 <DIR>
Dr C:\Users\LuintoST\Downloads
2008-06-13 17:37 .
2008-06-14 01:10 <DIR>
Dr C:\Users\LuintoST\Documents
2008-06-13 17:37 .
2006-11-02 14:37 <DIR>
D C:\Users\LuintoST\AppData\Roaming\Media Center Programs
2008-06-13 17:37 .
2008-06-13 17:39 <DIR>
D--h C:\Users\LuintoST\AppData
2008-06-13 17:37 .
2008-06-13 22:51 <DIR>
D C:\Users\LuintoST
2008-06-13 17:29 .
2008-06-13 17:29 <DIR>
Dr C:\Windows\System32\config\systemprofile\Contacts
.
Find3M Rapport
.
2008-06-15 21:56 d--h--w C:\Program Files\InstallShield Installation Information
2008-06-15 20:37 d w C:\ProgramData\Microsoft Help
2008-06-15 19:22 d w C:\Program Files\Common Files\InstallShield
2008-06-15 18:54 d w C:\Program Files\MSBuild
2008-06-15 17:17 174 --sha-w C:\Program Files\desktop.ini
2008-06-15 17:08 d w C:\Program Files\Windows Sidebar
2008-06-15 17:08 d w C:\Program Files\Windows Photo Gallery
2008-06-15 17:08 d w C:\Program Files\Windows Mail
2008-06-15 17:08 d w C:\Program Files\Windows Journal
2008-06-15 17:08 d w C:\Program Files\Windows Defender
2008-06-15 17:08 d w C:\Program Files\Windows Collaboration
2008-06-15 17:08 d w C:\Program Files\Windows Calendar
2008-06-13 16:57 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-13 16:57 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-06-13 16:57 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-06-13 16:57 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-06-13 16:57 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-13 16:03 d w C:\Program Files\ASUS
2008-05-07 07:55 767,488 ----a-w C:\Windows\system32\drivers\athr.sys
2008-05-07 02:59 d w C:\ProgramData\ATI
2008-05-07 02:57 606,848 ----a-w C:\Windows\flashax.exe
2008-05-07 02:57 503,808 ----a-w C:\Windows\Asus_Camera_ScreenSaver.scr
2008-05-07 02:57 4,814,371 ----a-w C:\Windows\ASUS Camera ScreenSaver.exe
2008-05-07 02:57 37,232 ----a-w C:\Windows\ASScrProlog.exe
2008-05-07 02:57 33,136 ----a-w C:\Windows\ASScrPro.exe
2008-05-07 02:57 274,800 ----a-w C:\Windows\ASUS Camera ScreenSaver Uninstaller.exe
2008-05-07 02:57 12,288 ----a-w C:\Windows\impborl.dll
2008-05-07 02:57 d w C:\ProgramData\P4G
2008-05-07 02:57 d w C:\Program Files\P4G
2008-05-07 02:57 d w C:\Program Files\ATKGFNEX
2008-05-07 02:55 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2008-05-07 02:54 d w C:\Program Files\Synaptics
2008-05-07 02:50 d w C:\Program Files\ITECIR
2008-05-07 02:49 d w C:\Program Files\MainConcept
2008-05-07 02:43 d w C:\ProgramData\ASUS
2008-05-07 02:42 d w C:\Program Files\Wireless Console 2
2008-05-07 02:40 d w C:\Program Files\Atheros
2008-05-07 02:39 d w C:\ProgramData\Atheros
2008-05-07 02:39 d w C:\Program Files\Motorola
2008-05-07 02:38 d w C:\Program Files\Realtek
2008-05-07 02:36 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-05-07 02:35 315,392 ----a-w C:\Windows\HideWin.exe
2008-05-07 02:29 d w C:\Program Files\ATKOSD2
2008-05-07 02:28 d w C:\Program Files\ATK Hotkey
2008-05-07 02:26 d w C:\Program Files\ATI Technologies
2008-05-07 02:24 d w C:\Program Files\ATI
2008-05-06 23:56 d w C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
2008-05-06 23:56 d w C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
.
Reg Opstartpunten
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2008-03-20 00:36 1267040 --a C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 00:36 1267040]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@={A8D448F4-0431-45AC-9F5E-E1B434AB2249}
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 02:08 143360 --a C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 12:49 451872]
"ISPMonitor"="C:\Program Files\ISP Monitor\isp.exe" [2008-06-10 00:12 446192]
"Packard Bell Software Suite"="C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe" [2008-01-09 17:14 1914168]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 21:35 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 11:07 4390912 C:\Windows\RtHDVCpl.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 11:31 630784]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 17:27 61440]
"JMB36X IDE Setup"="C:\Windows\JM\JMInsIDE.exe" [2006-10-30 14:44 36864]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 15:24 857648]
"ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [2008-05-07 04:57 37232]
"ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2008-05-07 04:57 33136]
"PowerForPhone"="C:\Program Files\P4P\P4P.exe" [ ]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
C:\Users\LuintoST\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [29-8-2003 19:05:35 360448]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]
C:\Users\LuintoST\AppData\Local\Temp\xxyyyxUk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
C:\Users\LuintoST\AppData\Local\Temp\qoMddEuS.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a 2008-03-15 01:50 233472 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword: 1
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword: 1
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword: 1
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{FBB25EAD-D8F3-40C7-A7DB-DF584FA194D4}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{3BC18551-AC48-4DB3-BE91-D19F82AD2872}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{68AC059C-21CA-4128-9C35-1EF87CC892E7}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{ADF2549A-A9B6-4468-9C2B-CC507BAD5147}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{242FD4B9-44D2-4944-A609-980A9B17E9B3}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{A4BB963D-098E-4EB6-A7D4-416EEBAC4155}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FA0E2084-3784-465C-B91A-869F176FDC6E}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{5FD80CC2-CD5A-4780-9EFF-3AA2B459AD32}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{0245D26F-988F-4B86-9FA4-C447284F79BA}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
R2 ISPMonitorSrv;ISP Monitor;C:\Program Files\ISP Monitor\ISPMonitorSrv.exe [2008-06-10 00:06]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\Windows\System32\StkCSrv.exe [2007-02-07 12:44]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-04 17:01]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys [2006-11-25 00:38]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\Windows\system32\Drivers\StkCMini.sys [2007-02-13 06:41]
S3 OxUSBTIMOUT;OxUSBTIMOUT;C:\Windows\system32\DRIVERS\OxUSBTIMOUT.sys [2007-06-07 08:48]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\ClickMe.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f54f85e1-3962-11dd-9c1c-001fc66b4359}]
\shell\AutoRun\command - G:\ClickMe.exe
*Newly Created Service* - CATCHME
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 23:58:25
Windows 6.0.6001 Service Pack 1 NTFS
scannen van verborgen processen ...
?
[24424]
? [30376]
?
[30584]
? [29108]
?
[30572]
? [29684]
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
C:\ADSM_PData_0150
Scan succesvol afgerond
verborgen bestanden: 1
|
|
Kijk via taakbeheer of het volgend proces actief is, zo ja, dan dit stoppen:
ClickMe.exe Het lijkt wel in je usb te zitten.
Download het volgende programma en start het.
Flash_Disinfector.exe
Het programma sluit Internet Explorer en de Windows Verkenner.
Er wordt gevraagd om de USB-disk aan te sluiten.
Herhaal dit als je meerdere USB apparaten hebt.
plaats even een nieuw gemaakt combofix logje aub.
|
|
Zou raar zijn, want de eerste combofix heb ik uitgevoerd met niets in de usb poorten buiten m'n muis.
Dat programma heb ik gedownload, uitgevoerd, daarna combofix en hier een nieuw logje.
Clickme zit er nog bij zie ik ....
Grote problemen? Het process zelf was wel niet gestart.
ComboFix 08-06-16.5 - LuintoST 2008-06-18 22:18:12.2 - NTFSx86
Microsoft® Windows Vista Home Premium 6.0.6001.1.1252.1.1043.18.1265 [GMT 2:00]
Gestart vanuit: C:\Users\LuintoST\Desktop\ComboFix.exe
.
Bestanden Gemaakt van 2008-05-18 to 2008-06-18
.
2008-06-17 22:41 .
2008-06-17 22:41 0 --ah C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-17 17:55 .
2008-06-17 17:55 <DIR>
D C:\Users\LuintoST\AppData\Roaming\Malwarebytes
2008-06-17 17:54 .
2008-06-17 17:54 <DIR>
D C:\ProgramData\Malwarebytes
2008-06-17 17:54 .
2008-06-17 17:55 <DIR>
D C:\Program Files\Malwarebytes' Anti-Malware
2008-06-17 17:54 .
2008-06-10 19:02 34,296 --a C:\Windows\System32\drivers\mbamcatchme.sys
2008-06-17 17:54 .
2008-06-10 19:02 15,864 --a C:\Windows\System32\drivers\mbam.sys
2008-06-17 12:52 .
2008-05-10 05:35 885,248 --a C:\Windows\System32\RacEngn.dll
2008-06-17 12:52 .
2008-05-10 00:22 9,127 --a C:\Windows\System32\RacUR.xml
2008-06-17 12:52 .
2008-05-10 00:22 153 --a C:\Windows\System32\RacUREx.xml
2008-06-16 17:38 .
2008-06-16 17:38 <DIR>
D C:\Users\LuintoST\AppData\Roaming\SUPERAntiSpyware.com
2008-06-16 17:38 .
2008-06-16 17:38 <DIR>
D C:\ProgramData\SUPERAntiSpyware.com
2008-06-16 17:38 .
2008-06-16 17:38 <DIR>
D C:\Program Files\SUPERAntiSpyware
2008-06-16 17:37 .
2008-06-16 17:37 <DIR>
D C:\Program Files\Common Files\Wise Installation Wizard
2008-06-16 17:15 .
2008-06-16 17:35 <DIR>
D C:\ProgramData\Spybot - Search & Destroy
2008-06-16 17:15 .
2008-06-16 17:17 <DIR>
D C:\Program Files\SpywareGuard
2008-06-16 17:15 .
2008-06-16 17:15 <DIR>
D C:\Program Files\Spybot - Search & Destroy
2008-06-16 16:43 .
2008-06-16 16:43 <DIR>
D C:\Program Files\Trend Micro
2008-06-15 23:56 .
2008-06-15 23:56 <DIR>
D C:\Program Files\CSR
2008-06-15 22:27 .
2008-06-15 22:27 <DIR>
D C:\Users\LuintoST\AppData\Roaming\InstallShield
2008-06-15 21:31 .
2008-06-15 21:31 <DIR>
D C:\Users\LuintoST\AppData\Roaming\Autodesk
2008-06-15 21:31 .
2008-06-15 21:43 <DIR>
D C:\ProgramData\Autodesk
2008-06-15 21:31 .
2008-06-15 21:41 <DIR>
D C:\Program Files\AutoCAD 2008
2008-06-15 21:21 .
2008-06-15 21:42 <DIR>
D C:\Program Files\Common Files\Autodesk Shared
2008-06-15 21:21 .
2008-06-15 21:21 <DIR>
D C:\Program Files\Autodesk
2008-06-15 21:03 .
2008-06-15 21:03 <DIR>
D C:\Program Files\PowerISO
2008-06-15 20:59 .
2006-10-26 19:56 32,592 --a C:\Windows\System32\msonpmon.dll
2008-06-15 20:54 .
2008-06-15 20:54 <DIR>
D C:\Program Files\Microsoft Works
2008-06-15 20:52 .
2008-06-15 20:52 <DIR>
D C:\Windows\PCHEALTH
2008-06-15 20:52 .
2008-06-15 20:52 <DIR>
D C:\Program Files\Microsoft.NET
2008-06-15 20:49 .
2008-06-15 20:49 <DIR>
D C:\Program Files\Microsoft Visual Studio 8
2008-06-15 20:46 .
2008-06-15 20:46 <DIR>
Dr-h C:\MSOCache
2008-06-15 20:21 .
2008-06-15 20:21 <DIR>
D C:\Users\LuintoST\AppData\Roaming\DAEMON Tools
2008-06-15 20:21 .
2008-06-15 20:21 717,296 --a C:\Windows\System32\drivers\sptd.sys
2008-06-15 20:06 .
2008-06-15 20:06 <DIR>
D C:\Program Files\Packard Bell External HDD
2008-06-15 20:06 .
2008-06-15 20:06 <DIR>
D C:\Program Files\Packard Bell
2008-06-15 19:02 .
2008-06-15 19:02 <DIR>
D C:\PerfLogs
2008-06-15 17:19 .
2008-06-16 02:15 <DIR>
D C:\Users\LuintoST\AppData\Roaming\ISP Monitor
2008-06-15 17:18 .
2008-06-15 17:19 <DIR>
D C:\Program Files\ISP Monitor
2008-06-15 17:18 .
2008-06-15 17:18 737,280 --a C:\Windows\iun6002.exe
2008-06-15 17:03 .
2008-01-19 09:35 9,847,296 --a C:\Windows\System32\NlsData000a.dll
2008-06-15 17:02 .
2008-01-19 08:06 8,147,456 --a C:\Windows\System32\wmploc.DLL
2008-06-15 17:01 .
2008-01-19 09:36 357,888 --a C:\Windows\System32\wbemcomn.dll
2008-06-15 17:00 .
2008-01-19 09:36 704,512 --a C:\Windows\System32\SmiEngine.dll
2008-06-15 17:00 .
2008-01-19 09:36 218,624 --a C:\Windows\System32\wdscore.dll
2008-06-15 17:00 .
2008-01-19 09:36 139,264 --a C:\Windows\System32\SmiInstaller.dll
2008-06-15 17:00 .
2008-01-19 09:33 130,560 --a C:\Windows\System32\PkgMgr.exe
2008-06-15 16:59 .
2008-01-19 09:34 305,152 --a C:\Windows\System32\msdelta.dll
2008-06-15 16:59 .
2008-01-19 09:34 258,560 --a C:\Windows\System32\dpx.dll
2008-06-15 16:59 .
2008-01-19 09:34 246,784 --a C:\Windows\System32\drvstore.dll
2008-06-15 16:59 .
2008-01-19 09:35 35,328 --a C:\Windows\System32\mspatcha.dll
2008-06-15 16:59 .
2006-11-02 11:39 6,656 --a C:\Windows\System32\kbd106.dll
2008-06-13 23:56 .
2008-06-14 00:00 <DIR>
D C:\Users\LuintoST\AppData\Roaming\Winamp
2008-06-13 23:56 .
2008-06-13 23:56 <DIR>
D C:\ProgramData\Winamp Toolbar
2008-06-13 23:56 .
2008-06-13 23:56 <DIR>
D C:\Program Files\Winamp Toolbar
2008-06-13 23:56 .
2008-06-13 23:59 <DIR>
D C:\Program Files\Winamp
2008-06-13 23:56 .
2007-03-08 01:51 129,784 C:\Windows\System32\pxafs.dll
2008-06-13 23:47 .
2008-06-13 23:47 59 --a C:\Windows\pp.enc
2008-06-13 23:46 .
2008-06-18 00:07 <DIR>
D C:\Users\LuintoST\AppData\Roaming\Microgaming
2008-06-13 23:44 .
2008-06-13 23:44 <DIR>
D C:\Microgaming
2008-06-13 23:25 .
2008-06-18 02:14 <DIR>
D C:\Users\LuintoST\AppData\Roaming\uTorrent
2008-06-13 23:25 .
2008-06-13 23:25 <DIR>
D C:\Program Files\uTorrent
2008-06-13 23:11 .
2008-06-13 23:11 <DIR>
D C:\Program Files\Winwap Technologies
2008-06-13 23:11 .
2006-05-10 12:43 1,069,056 --a-s---- C:\Windows\System32\libeay32.dll
2008-06-13 23:11 .
2006-07-13 15:31 200,704 --a-s---- C:\Windows\System32\libssl32.dll
2008-06-13 22:51 .
2008-06-13 22:51 <DIR>
D C:\Program Files\Microsoft Silverlight
2008-06-13 22:48 .
2008-06-13 22:48 <DIR>
D C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-13 19:38 .
2008-06-13 19:38 <DIR>
D C:\Users\LuintoST\AppData\Roaming\Ahead
2008-06-13 19:38 .
2008-06-13 19:38 <DIR>
D C:\ProgramData\LightScribe
2008-06-13 19:01 .
2008-06-13 19:01 <DIR>
D C:\ProgramData\Avira
2008-06-13 19:01 .
2008-06-13 19:01 <DIR>
D C:\Program Files\Avira
2008-06-13 19:01 .
2008-06-13 19:01 220,160 --a C:\Windows\System32\drivers\bthport.sys
2008-06-13 19:01 .
2008-06-13 19:01 181,760 --a C:\Windows\System32\fsquirt.exe
2008-06-13 19:01 .
2008-06-13 19:01 29,184 --a C:\Windows\System32\drivers\BTHUSB.SYS
2008-06-13 19:01 .
2008-06-13 19:01 19,456 --a C:\Windows\System32\drivers\bthenum.sys
2008-06-13 18:59 .
2008-06-13 18:59 988,216 --a C:\Windows\System32\winload.exe
2008-06-13 18:59 .
2008-06-13 18:59 927,288 --a C:\Windows\System32\winresume.exe
2008-06-13 18:59 .
2008-06-13 18:59 615,992 --a C:\Windows\System32\ci.dll
2008-06-13 18:59 .
2008-06-13 18:59 378,368 --a C:\Windows\System32\srcore.dll
2008-06-13 18:59 .
2008-06-13 18:59 318,464 --a C:\Windows\System32\rstrui.exe
2008-06-13 18:59 .
2008-06-13 18:59 46,592 --a C:\Windows\System32\setbcdlocale.dll
2008-06-13 18:59 .
2008-06-13 18:59 40,960 --a C:\Windows\System32\srclient.dll
2008-06-13 18:59 .
2008-06-13 18:59 19,000 --a C:\Windows\System32\kd1394.dll
2008-06-13 18:59 .
2008-06-13 18:59 14,848 --a C:\Windows\System32\srdelayed.exe
2008-06-13 18:59 .
2008-06-13 18:59 6,656 --a C:\Windows\System32\kbd106n.dll
2008-06-13 18:58 .
2008-06-13 18:58 2,032,128 --a C:\Windows\System32\win32k.sys
2008-06-13 18:58 .
2008-06-13 18:58 295,936 --a C:\Windows\System32\gdi32.dll
2008-06-13 18:57 .
2008-06-13 18:57 4,240,384 --a C:\Windows\System32\GameUXLegacyGDFs.dll
2008-06-13 18:57 .
2008-06-13 18:57 1,695,744 --a C:\Windows\System32\gameux.dll
2008-06-13 18:57 .
2008-06-13 18:57 113,664 --a C:\Windows\System32\drivers\rmcast.sys
2008-06-13 18:57 .
2008-06-13 18:57 14,848 --a C:\Windows\System32\wshrm.dll
2008-06-13 18:56 .
2008-06-13 18:56 1,314,816 --a C:\Windows\System32\quartz.dll
2008-06-13 18:56 .
2008-06-13 18:56 428,544 --a C:\Windows\System32\EncDec.dll
2008-06-13 18:56 .
2008-06-13 18:56 293,376 --a C:\Windows\System32\psisdecd.dll
2008-06-13 18:56 .
2008-06-13 18:56 218,624 --a C:\Windows\System32\psisrndr.ax
2008-06-13 18:56 .
2008-06-13 18:56 80,896 --a C:\Windows\System32\MSNP.ax
2008-06-13 18:56 .
2008-06-13 18:56 69,632 --a C:\Windows\System32\Mpeg2Data.ax
2008-06-13 18:56 .
2008-06-13 18:56 57,856 --a C:\Windows\System32\MSDvbNP.ax
2008-06-13 18:52 .
2008-06-13 18:52 1,383,424 --a C:\Windows\System32\mshtml.tlb
2008-06-13 18:52 .
2008-06-13 18:52 826,880 --a C:\Windows\System32\wininet.dll
2008-06-13 18:35 .
2008-06-13 18:35 <DIR>
D C:\Program Files\Common Files\Adobe
2008-06-13 18:09 .
2008-06-13 18:09 546 --a C:\Windows\System32\ABA7K.DAT
2008-06-13 18:03 .
2008-06-13 18:03 0 --a C:\Windows\System32\drivers\1043_ASUSTeK_A7K.alu
2008-06-13 17:54 .
2008-06-13 17:54 <DIR>
D C:\Users\LuintoST\AppData\Roaming\ATI
2008-06-13 17:53 .
2008-06-13 17:53 <DIR>
Dr C:\Users\LuintoST\Searches
2008-06-13 17:53 .
2008-06-13 17:53 <DIR>
Dr C:\Users\LuintoST\Contacts
2008-06-13 17:53 .
2008-06-13 17:53 <DIR>
D--hs---- C:\$RECYCLE.BIN
2008-06-13 17:43 .
2008-06-13 22:41 <DIR>
D C:\ProgramData\Symantec
2008-06-13 17:43 .
2008-06-13 19:38 <DIR>
D C:\Program Files\Common Files\Symantec Shared
2008-06-13 17:41 .
2008-06-13 17:41 <DIR>
D C:\ProgramData\Ahead
2008-06-13 17:41 .
2008-06-13 17:41 <DIR>
D C:\Program Files\Common Files\LightScribe
2008-06-13 17:40 .
2008-06-13 17:40 <DIR>
D C:\ProgramData\Nero
2008-06-13 17:40 .
2008-06-13 17:40 <DIR>
D C:\Program Files\Nero
2008-06-13 17:40 .
2008-06-13 17:40 <DIR>
D C:\Program Files\Common Files\Ahead
2008-06-13 17:37 .
2008-06-13 17:53 <DIR>
Dr C:\Users\LuintoST\Videos
2008-06-13 17:37 .
2008-06-13 17:53 <DIR>
Dr C:\Users\LuintoST\Saved Games
2008-06-13 17:37 .
2008-06-13 17:53 <DIR>
Dr C:\Users\LuintoST\Pictures
2008-06-13 17:37 .
2008-06-13 17:53 <DIR>
Dr C:\Users\LuintoST\Music
2008-06-13 17:37 .
2008-06-13 17:53 <DIR>
Dr C:\Users\LuintoST\Links
2008-06-13 17:37 .
2008-06-17 19:03 <DIR>
Dr C:\Users\LuintoST\Downloads
2008-06-13 17:37 .
2008-06-14 01:10 <DIR>
Dr C:\Users\LuintoST\Documents
2008-06-13 17:37 .
2006-11-02 14:37 <DIR>
D C:\Users\LuintoST\AppData\Roaming\Media Center Programs
2008-06-13 17:37 .
2008-06-13 17:39 <DIR>
D--h C:\Users\LuintoST\AppData
2008-06-13 17:37 .
2008-06-13 22:51 <DIR>
D C:\Users\LuintoST
2008-06-13 17:29 .
2008-06-13 17:29 <DIR>
Dr C:\Windows\System32\config\systemprofile\Contacts
.
Find3M Rapport
.
2008-06-15 21:56 d--h--w C:\Program Files\InstallShield Installation Information
2008-06-15 20:37 d w C:\ProgramData\Microsoft Help
2008-06-15 19:22 d w C:\Program Files\Common Files\InstallShield
2008-06-15 18:54 d w C:\Program Files\MSBuild
2008-06-15 17:17 174 --sha-w C:\Program Files\desktop.ini
2008-06-15 17:08 d w C:\Program Files\Windows Sidebar
2008-06-15 17:08 d w C:\Program Files\Windows Photo Gallery
2008-06-15 17:08 d w C:\Program Files\Windows Mail
2008-06-15 17:08 d w C:\Program Files\Windows Journal
2008-06-15 17:08 d w C:\Program Files\Windows Defender
2008-06-15 17:08 d w C:\Program Files\Windows Collaboration
2008-06-15 17:08 d w C:\Program Files\Windows Calendar
2008-06-13 16:57 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-13 16:57 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-06-13 16:57 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-06-13 16:57 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-06-13 16:57 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-13 16:03 d w C:\Program Files\ASUS
2008-05-07 07:55 767,488 ----a-w C:\Windows\system32\drivers\athr.sys
2008-05-07 02:59 d w C:\ProgramData\ATI
2008-05-07 02:57 606,848 ----a-w C:\Windows\flashax.exe
2008-05-07 02:57 503,808 ----a-w C:\Windows\Asus_Camera_ScreenSaver.scr
2008-05-07 02:57 4,814,371 ----a-w C:\Windows\ASUS Camera ScreenSaver.exe
2008-05-07 02:57 37,232 ----a-w C:\Windows\ASScrProlog.exe
2008-05-07 02:57 33,136 ----a-w C:\Windows\ASScrPro.exe
2008-05-07 02:57 274,800 ----a-w C:\Windows\ASUS Camera ScreenSaver Uninstaller.exe
2008-05-07 02:57 12,288 ----a-w C:\Windows\impborl.dll
2008-05-07 02:57 d w C:\ProgramData\P4G
2008-05-07 02:57 d w C:\Program Files\P4G
2008-05-07 02:57 d w C:\Program Files\ATKGFNEX
2008-05-07 02:55 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2008-05-07 02:54 d w C:\Program Files\Synaptics
2008-05-07 02:50 d w C:\Program Files\ITECIR
2008-05-07 02:49 d w C:\Program Files\MainConcept
2008-05-07 02:43 d w C:\ProgramData\ASUS
2008-05-07 02:42 d w C:\Program Files\Wireless Console 2
2008-05-07 02:40 d w C:\Program Files\Atheros
2008-05-07 02:39 d w C:\ProgramData\Atheros
2008-05-07 02:39 d w C:\Program Files\Motorola
2008-05-07 02:38 d w C:\Program Files\Realtek
2008-05-07 02:36 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-05-07 02:35 315,392 ----a-w C:\Windows\HideWin.exe
2008-05-07 02:29 d w C:\Program Files\ATKOSD2
2008-05-07 02:28 d w C:\Program Files\ATK Hotkey
2008-05-07 02:26 d w C:\Program Files\ATI Technologies
2008-05-07 02:24 d w C:\Program Files\ATI
2008-05-06 23:56 d w C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
2008-05-06 23:56 d w C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
.
snapshot@2008-06-17_23.59.28,94
.
- 2008-06-17 16:02:58 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-18 20:08:27 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-06-17 16:01:17 2,091 ----a-w C:\Windows\bthservsdp.dat
+ 2008-06-18 18:56:39 2,091 ----a-w C:\Windows\bthservsdp.dat
- 2008-06-17 16:02:59 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-06-18 20:08:28 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-06-17 20:41:43 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-18 20:09:52 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-18 20:09:52 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-06-17 16:04:00 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-18 20:09:57 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-18 20:09:57 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-06-17 16:02:59 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-18 18:34:28 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-17 16:02:59 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-18 18:34:28 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-17 16:02:59 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-18 18:34:28 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-17 20:42:47 101,250 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-06-18 20:12:49 101,250 ----a-w C:\Windows\System32\perfc009.dat
- 2008-06-17 20:42:47 126,854 ----a-w C:\Windows\System32\perfc013.dat
+ 2008-06-18 20:12:49 126,854 ----a-w C:\Windows\System32\perfc013.dat
- 2008-06-17 20:42:47 587,178 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-06-18 20:12:49 587,178 ----a-w C:\Windows\System32\perfh009.dat
- 2008-06-17 20:42:47 667,358 ----a-w C:\Windows\System32\perfh013.dat
+ 2008-06-18 20:12:49 667,358 ----a-w C:\Windows\System32\perfh013.dat
- 2008-06-17 16:04:51 4,832 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1587329385-2914863367-2033150089-1000_UserData.bin
+ 2008-06-18 20:10:14 4,864 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1587329385-2914863367-2033150089-1000_UserData.bin
- 2008-06-17 16:04:50 73,322 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-18 20:10:13 73,862 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-06-17 16:04:48 34,832 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-06-18 20:10:12 35,500 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
Reg Opstartpunten
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2008-03-20 00:36 1267040 --a C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 00:36 1267040]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@={A8D448F4-0431-45AC-9F5E-E1B434AB2249}
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 02:08 143360 --a C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 12:49 451872]
"ISPMonitor"="C:\Program Files\ISP Monitor\isp.exe" [2008-06-10 00:12 446192]
"Packard Bell Software Suite"="C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe" [2008-01-09 17:14 1914168]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 21:35 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 11:07 4390912 C:\Windows\RtHDVCpl.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 11:31 630784]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 17:27 61440]
"JMB36X IDE Setup"="C:\Windows\JM\JMInsIDE.exe" [2006-10-30 14:44 36864]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 15:24 857648]
"ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [2008-05-07 04:57 37232]
"ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2008-05-07 04:57 33136]
"PowerForPhone"="C:\Program Files\P4P\P4P.exe" [ ]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
C:\Users\LuintoST\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [29-8-2003 19:05:35 360448]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]
C:\Users\LuintoST\AppData\Local\Temp\xxyyyxUk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
C:\Users\LuintoST\AppData\Local\Temp\qoMddEuS.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a 2008-03-15 01:50 233472 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword: 1
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword: 1
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword: 1
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{FBB25EAD-D8F3-40C7-A7DB-DF584FA194D4}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{3BC18551-AC48-4DB3-BE91-D19F82AD2872}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{68AC059C-21CA-4128-9C35-1EF87CC892E7}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{ADF2549A-A9B6-4468-9C2B-CC507BAD5147}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{242FD4B9-44D2-4944-A609-980A9B17E9B3}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{A4BB963D-098E-4EB6-A7D4-416EEBAC4155}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FA0E2084-3784-465C-B91A-869F176FDC6E}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{5FD80CC2-CD5A-4780-9EFF-3AA2B459AD32}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{0245D26F-988F-4B86-9FA4-C447284F79BA}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
R2 ISPMonitorSrv;ISP Monitor;C:\Program Files\ISP Monitor\ISPMonitorSrv.exe [2008-06-10 00:06]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\Windows\System32\StkCSrv.exe [2007-02-07 12:44]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-04 17:01]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys [2006-11-25 00:38]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\Windows\system32\Drivers\StkCMini.sys [2007-02-13 06:41]
S3 OxUSBTIMOUT;OxUSBTIMOUT;C:\Windows\system32\DRIVERS\OxUSBTIMOUT.sys [2007-06-07 08:48]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\ClickMe.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f54f85e1-3962-11dd-9c1c-001fc66b4359}]
\shell\AutoRun\command - G:\ClickMe.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-18 22:30:29
Windows 6.0.6001 Service Pack 1 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
C:\ADSM_PData_0150
Scan succesvol afgerond
verborgen bestanden: 1
.
DLLs Geladen Onder Lopende Processen
|
|
|
Name: ClickMe
Filename: ClickMe.exe
Command: Unknown at this time.
Description: ClickM "JOKE" program
This is a valid program but it is not required to run on startup.
|
|
Ik heb enkele keren gereboot, maar ClickMe.exe staat niet in taakbeheer.
Is hij nu terug volledig clean, of nog niet helemaal?
|
|
|
Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
Folder::
C:\Users\LuintoST\AppData\Local\Temp\xxyyyxUk.dll
C:\Users\LuintoST\AppData\Local\Temp\qoMddEuS.dll
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
Sla dit op op je Bureaublad als CFScript.txt.
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
Dit zal ComboFix doen herstarten.
Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.
Ook even een nieuw HJT logje aub
|
|
Is dit al beter?
ComboFix 08-06-16.5 - LuintoST 2008-06-21 17:11:10.4 - NTFSx86
Microsoft® Windows Vista Home Premium 6.0.6001.1.1252.1.1043.18.1125 [GMT 2:00]
Gestart vanuit: C:\Users\LuintoST\Desktop\ComboFix.exe
Command switches used :: C:\Users\LuintoST\Desktop\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
.
Bestanden Gemaakt van 2008-05-21 to 2008-06-21
.
2008-06-21 17:10 .
2008-06-21 17:10 <DIR>
D C:\327882R2FWJFW
2008-06-18 22:34 .
2008-06-18 22:34 49 --a C:\Windows\NeroDigital.ini
2008-06-17 22:41 .
2008-06-17 22:41 0 --ah C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-17 17:55 .
2008-06-17 17:55 <DIR>
D C:\Users\LuintoST\AppData\Roaming\Malwarebytes
2008-06-17 17:54 .
2008-06-17 17:54 <DIR>
D C:\ProgramData\Malwarebytes
2008-06-17 17:54 .
2008-06-17 17:55 <DIR>
D C:\Program Files\Malwarebytes' Anti-Malware
2008-06-17 17:54 .
2008-06-10 19:02 34,296 --a C:\Windows\System32\drivers\mbamcatchme.sys
2008-06-17 17:54 .
2008-06-10 19:02 15,864 --a C:\Windows\System32\drivers\mbam.sys
2008-06-17 12:52 .
2008-05-10 05:35 885,248 --a C:\Windows\System32\RacEngn.dll
2008-06-17 12:52 .
2008-05-10 00:22 9,127 --a C:\Windows\System32\RacUR.xml
2008-06-17 12:52 .
2008-05-10 00:22 153 --a C:\Windows\System32\RacUREx.xml
2008-06-16 17:38 .
2008-06-16 17:38 <DIR>
D C:\Users\LuintoST\AppData\Roaming\SUPERAntiSpyware.com
2008-06-16 17:38 .
2008-06-16 17:38 <DIR>
D C:\ProgramData\SUPERAntiSpyware.com
2008-06-16 17:38 .
2008-06-16 17:38 <DIR>
D C:\Program Files\SUPERAntiSpyware
2008-06-16 17:37 .
2008-06-16 17:37 <DIR>
D C:\Program Files\Common Files\Wise Installation Wizard
2008-06-16 17:15 .
2008-06-16 17:35 <DIR>
D C:\ProgramData\Spybot - Search & Destroy
2008-06-16 17:15 .
2008-06-16 17:17 <DIR>
D C:\Program Files\SpywareGuard
2008-06-16 17:15 .
2008-06-16 17:15 <DIR>
D C:\Program Files\Spybot - Search & Destroy
2008-06-16 16:43 .
2008-06-16 16:43 <DIR>
D C:\Program Files\Trend Micro
2008-06-15 23:56 .
2008-06-15 23:56 <DIR>
D C:\Program Files\CSR
2008-06-15 22:27 .
2008-06-15 22:27 <DIR>
D C:\Users\LuintoST\AppData\Roaming\InstallShield
2008-06-15 21:31 .
2008-06-15 21:31 <DIR>
D C:\Users\LuintoST\AppData\Roaming\Autodesk
2008-06-15 21:31 .
2008-06-15 21:43 <DIR>
D C:\ProgramData\Autodesk
2008-06-15 21:31 .
2008-06-15 21:41 <DIR>
D C:\Program Files\AutoCAD 2008
2008-06-15 21:21 .
2008-06-15 21:42 <DIR>
D C:\Program Files\Common Files\Autodesk Shared
2008-06-15 21:21 .
2008-06-15 21:21 <DIR>
D C:\Program Files\Autodesk
2008-06-15 21:03 .
2008-06-15 21:03 <DIR>
D C:\Program Files\PowerISO
2008-06-15 20:59 .
2006-10-26 19:56 32,592 --a C:\Windows\System32\msonpmon.dll
2008-06-15 20:54 .
2008-06-15 20:54 <DIR>
D C:\Program Files\Microsoft Works
2008-06-15 20:52 .
2008-06-15 20:52 <DIR>
D C:\Windows\PCHEALTH
2008-06-15 20:52 .
2008-06-15 20:52 <DIR>
D C:\Program Files\Microsoft.NET
2008-06-15 20:49 .
2008-06-15 20:49 <DIR>
D C:\Program Files\Microsoft Visual Studio 8
2008-06-15 20:46 .
2008-06-15 20:46 <DIR>
Dr-h C:\MSOCache
2008-06-15 20:21 .
2008-06-15 20:21 <DIR>
D C:\Users\LuintoST\AppData\Roaming\DAEMON Tools
2008-06-15 20:21 .
2008-06-15 20:21 717,296 --a C:\Windows\System32\drivers\sptd.sys
2008-06-15 20:06 .
2008-06-15 20:06 <DIR>
D C:\Program Files\Packard Bell External HDD
2008-06-15 20:06 .
2008-06-15 20:06 <DIR>
D C:\Program Files\Packard Bell
2008-06-15 19:02 .
2008-06-15 19:02 <DIR>
D C:\PerfLogs
2008-06-15 17:19 .
2008-06-16 02:15 <DIR>
D C:\Users\LuintoST\AppData\Roaming\ISP Monitor
2008-06-15 17:18 .
2008-06-15 17:19 <DIR>
D C:\Program Files\ISP Monitor
2008-06-15 17:18 .
2008-06-15 17:18 737,280 --a C:\Windows\iun6002.exe
2008-06-15 17:03 .
2008-01-19 09:35 9,847,296 --a C:\Windows\System32\NlsData000a.dll
2008-06-15 17:02 .
2008-01-19 08:06 8,147,456 --a C:\Windows\System32\wmploc.DLL
2008-06-15 17:01 .
2008-01-19 09:36 357,888 --a C:\Windows\System32\wbemcomn.dll
2008-06-15 17:00 .
2008-01-19 09:36 704,512 --a C:\Windows\System32\SmiEngine.dll
2008-06-15 17:00 .
2008-01-19 09:36 218,624 --a C:\Windows\System32\wdscore.dll
2008-06-15 17:00 .
2008-01-19 09:36 139,264 --a C:\Windows\System32\SmiInstaller.dll
2008-06-15 17:00 .
2008-01-19 09:33 130,560 --a C:\Windows\System32\PkgMgr.exe
2008-06-15 16:59 .
2008-01-19 09:34 305,152 --a C:\Windows\System32\msdelta.dll
2008-06-15 16:59 .
2008-01-19 09:34 258,560 --a C:\Windows\System32\dpx.dll
2008-06-15 16:59 .
2008-01-19 09:34 246,784 --a C:\Windows\System32\drvstore.dll
2008-06-15 16:59 .
2008-01-19 09:35 35,328 --a C:\Windows\System32\mspatcha.dll
2008-06-15 16:59 .
2006-11-02 11:39 6,656 --a C:\Windows\System32\kbd106.dll
2008-06-13 23:56 .
2008-06-14 00:00 <DIR>
D C:\Users\LuintoST\AppData\Roaming\Winamp
2008-06-13 23:56 .
2008-06-13 23:56 <DIR>
D C:\ProgramData\Winamp Toolbar
2008-06-13 23:56 .
2008-06-13 23:56 <DIR>
D C:\Program Files\Winamp Toolbar
2008-06-13 23:56 .
2008-06-13 23:59 <DIR>
D C:\Program Files\Winamp
2008-06-13 23:56 .
2007-03-08 01:51 129,784 C:\Windows\System32\pxafs.dll
2008-06-13 23:47 .
2008-06-13 23:47 59 --a C:\Windows\pp.enc
2008-06-13 23:46 .
2008-06-21 13:24 <DIR>
D C:\Users\LuintoST\AppData\Roaming\Microgaming
2008-06-13 23:44 .
2008-06-13 23:44 <DIR>
D C:\Microgaming
2008-06-13 23:25 .
2008-06-21 13:23 <DIR>
D C:\Users\LuintoST\AppData\Roaming\uTorrent
2008-06-13 23:25 .
2008-06-13 23:25 <DIR>
D C:\Program Files\uTorrent
2008-06-13 23:11 .
2008-06-13 23:11 <DIR>
D C:\Program Files\Winwap Technologies
2008-06-13 23:11 .
2006-05-10 12:43 1,069,056 --a-s---- C:\Windows\System32\libeay32.dll
2008-06-13 23:11 .
2006-07-13 15:31 200,704 --a-s---- C:\Windows\System32\libssl32.dll
2008-06-13 22:51 .
2008-06-13 22:51 <DIR>
D C:\Program Files\Microsoft Silverlight
2008-06-13 22:48 .
2008-06-13 22:48 <DIR>
D C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-13 19:38 .
2008-06-13 19:38 <DIR>
D C:\Users\LuintoST\AppData\Roaming\Ahead
2008-06-13 19:38 .
2008-06-13 19:38 <DIR>
D C:\ProgramData\LightScribe
2008-06-13 19:01 .
2008-06-13 19:01 <DIR>
D C:\ProgramData\Avira
2008-06-13 19:01 .
2008-06-13 19:01 <DIR>
D C:\Program Files\Avira
2008-06-13 19:01 .
2008-06-13 19:01 220,160 --a C:\Windows\System32\drivers\bthport.sys
2008-06-13 19:01 .
2008-06-13 19:01 181,760 --a C:\Windows\System32\fsquirt.exe
2008-06-13 19:01 .
2008-06-13 19:01 29,184 --a C:\Windows\System32\drivers\BTHUSB.SYS
2008-06-13 19:01 .
2008-06-13 19:01 19,456 --a C:\Windows\System32\drivers\bthenum.sys
2008-06-13 18:59 .
2008-06-13 18:59 988,216 --a C:\Windows\System32\winload.exe
2008-06-13 18:59 .
2008-06-13 18:59 927,288 --a C:\Windows\System32\winresume.exe
2008-06-13 18:59 .
2008-06-13 18:59 615,992 --a C:\Windows\System32\ci.dll
2008-06-13 18:59 .
2008-06-13 18:59 378,368 --a C:\Windows\System32\srcore.dll
2008-06-13 18:59 .
2008-06-13 18:59 318,464 --a C:\Windows\System32\rstrui.exe
2008-06-13 18:59 .
2008-06-13 18:59 46,592 --a C:\Windows\System32\setbcdlocale.dll
2008-06-13 18:59 .
2008-06-13 18:59 40,960 --a C:\Windows\System32\srclient.dll
2008-06-13 18:59 .
2008-06-13 18:59 19,000 --a C:\Windows\System32\kd1394.dll
2008-06-13 18:59 .
2008-06-13 18:59 14,848 --a C:\Windows\System32\srdelayed.exe
2008-06-13 18:59 .
2008-06-13 18:59 6,656 --a C:\Windows\System32\kbd106n.dll
2008-06-13 18:58 .
2008-06-13 18:58 2,032,128 --a C:\Windows\System32\win32k.sys
2008-06-13 18:58 .
2008-06-13 18:58 295,936 --a C:\Windows\System32\gdi32.dll
2008-06-13 18:57 .
2008-06-13 18:57 4,240,384 --a C:\Windows\System32\GameUXLegacyGDFs.dll
2008-06-13 18:57 .
2008-06-13 18:57 1,695,744 --a C:\Windows\System32\gameux.dll
2008-06-13 18:57 .
2008-06-13 18:57 113,664 --a C:\Windows\System32\drivers\rmcast.sys
2008-06-13 18:57 .
2008-06-13 18:57 14,848 --a C:\Windows\System32\wshrm.dll
2008-06-13 18:56 .
2008-06-13 18:56 1,314,816 --a C:\Windows\System32\quartz.dll
2008-06-13 18:56 .
2008-06-13 18:56 428,544 --a C:\Windows\System32\EncDec.dll
2008-06-13 18:56 .
2008-06-13 18:56 293,376 --a C:\Windows\System32\psisdecd.dll
2008-06-13 18:56 .
2008-06-13 18:56 218,624 --a C:\Windows\System32\psisrndr.ax
2008-06-13 18:56 .
2008-06-13 18:56 80,896 --a C:\Windows\System32\MSNP.ax
2008-06-13 18:56 .
2008-06-13 18:56 69,632 --a C:\Windows\System32\Mpeg2Data.ax
2008-06-13 18:56 .
2008-06-13 18:56 57,856 --a C:\Windows\System32\MSDvbNP.ax
2008-06-13 18:52 .
2008-06-13 18:52 1,383,424 --a C:\Windows\System32\mshtml.tlb
2008-06-13 18:52 .
2008-06-13 18:52 826,880 --a C:\Windows\System32\wininet.dll
2008-06-13 18:35 .
2008-06-13 18:35 <DIR>
D C:\Program Files\Common Files\Adobe
2008-06-13 18:09 .
2008-06-13 18:09 546 --a C:\Windows\System32\ABA7K.DAT
2008-06-13 18:03 .
2008-06-13 18:03 0 --a C:\Windows\System32\drivers\1043_ASUSTeK_A7K.alu
2008-06-13 17:54 .
2008-06-13 17:54 <DIR>
D C:\Users\LuintoST\AppData\Roaming\ATI
2008-06-13 17:53 .
2008-06-13 17:53 <DIR>
Dr C:\Users\LuintoST\Searches
2008-06-13 17:53 .
2008-06-13 17:53 <DIR>
Dr C:\Users\LuintoST\Contacts
2008-06-13 17:53 .
2008-06-13 17:53 <DIR>
D--hs---- C:\$RECYCLE.BIN
2008-06-13 17:43 .
2008-06-13 22:41 <DIR>
D C:\ProgramData\Symantec
2008-06-13 17:43 .
2008-06-13 19:38 <DIR>
D C:\Program Files\Common Files\Symantec Shared
2008-06-13 17:41 .
2008-06-13 17:41 <DIR>
D C:\ProgramData\Ahead
2008-06-13 17:41 .
2008-06-13 17:41 <DIR>
D C:\Program Files\Common Files\LightScribe
2008-06-13 17:40 .
2008-06-13 17:40 <DIR>
D C:\ProgramData\Nero
2008-06-13 17:40 .
2008-06-13 17:40 <DIR>
D C:\Program Files\Nero
2008-06-13 17:40 .
2008-06-13 17:40 <DIR>
D C:\Program Files\Common Files\Ahead
2008-06-13 17:37 .
2008-06-13 17:53 <DIR>
Dr C:\Users\LuintoST\Videos
2008-06-13 17:37 .
2008-06-13 17:53 <DIR>
Dr C:\Users\LuintoST\Saved Games
2008-06-13 17:37 .
2008-06-21 16:08 <DIR>
Dr C:\Users\LuintoST\Pictures
2008-06-13 17:37 .
2008-06-13 17:53 <DIR>
Dr C:\Users\LuintoST\Music
2008-06-13 17:37 .
2008-06-13 17:53 <DIR>
Dr C:\Users\LuintoST\Links
2008-06-13 17:37 .
2008-06-21 13:23 <DIR>
Dr C:\Users\LuintoST\Downloads
2008-06-13 17:37 .
2008-06-21 15:58 <DIR>
Dr C:\Users\LuintoST\Documents
2008-06-13 17:37 .
2006-11-02 14:37 <DIR>
D C:\Users\LuintoST\AppData\Roaming\Media Center Programs
2008-06-13 17:37 .
2008-06-13 17:39 <DIR>
D--h C:\Users\LuintoST\AppData
2008-06-13 17:37 .
2008-06-13 22:51 <DIR>
D C:\Users\LuintoST
.
Find3M Rapport
.
2008-06-18 20:34 d w C:\ProgramData\ASUS
2008-06-15 21:56 d--h--w C:\Program Files\InstallShield Installation Information
2008-06-15 20:37 d w C:\ProgramData\Microsoft Help
2008-06-15 19:22 d w C:\Program Files\Common Files\InstallShield
2008-06-15 18:54 d w C:\Program Files\MSBuild
2008-06-15 17:17 174 --sha-w C:\Program Files\desktop.ini
2008-06-15 17:08 d w C:\Program Files\Windows Sidebar
2008-06-15 17:08 d w C:\Program Files\Windows Photo Gallery
2008-06-15 17:08 d w C:\Program Files\Windows Mail
2008-06-15 17:08 d w C:\Program Files\Windows Journal
2008-06-15 17:08 d w C:\Program Files\Windows Defender
2008-06-15 17:08 d w C:\Program Files\Windows Collaboration
2008-06-15 17:08 d w C:\Program Files\Windows Calendar
2008-06-13 16:57 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-13 16:57 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-06-13 16:57 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-06-13 16:57 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-06-13 16:57 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-13 16:03 d w C:\Program Files\ASUS
2008-05-07 07:55 767,488 ----a-w C:\Windows\system32\drivers\athr.sys
2008-05-07 02:59 d w C:\ProgramData\ATI
2008-05-07 02:57 606,848 ----a-w C:\Windows\flashax.exe
2008-05-07 02:57 503,808 ----a-w C:\Windows\Asus_Camera_ScreenSaver.scr
2008-05-07 02:57 4,814,371 ----a-w C:\Windows\ASUS Camera ScreenSaver.exe
2008-05-07 02:57 37,232 ----a-w C:\Windows\ASScrProlog.exe
2008-05-07 02:57 33,136 ----a-w C:\Windows\ASScrPro.exe
2008-05-07 02:57 274,800 ----a-w C:\Windows\ASUS Camera ScreenSaver Uninstaller.exe
2008-05-07 02:57 12,288 ----a-w C:\Windows\impborl.dll
2008-05-07 02:57 d w C:\ProgramData\P4G
2008-05-07 02:57 d w C:\Program Files\P4G
2008-05-07 02:57 d w C:\Program Files\ATKGFNEX
2008-05-07 02:55 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2008-05-07 02:54 d w C:\Program Files\Synaptics
2008-05-07 02:50 d w C:\Program Files\ITECIR
2008-05-07 02:49 d w C:\Program Files\MainConcept
2008-05-07 02:42 d w C:\Program Files\Wireless Console 2
2008-05-07 02:40 d w C:\Program Files\Atheros
2008-05-07 02:39 d w C:\ProgramData\Atheros
2008-05-07 02:39 d w C:\Program Files\Motorola
2008-05-07 02:38 d w C:\Program Files\Realtek
2008-05-07 02:36 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-05-07 02:35 315,392 ----a-w C:\Windows\HideWin.exe
2008-05-07 02:29 d w C:\Program Files\ATKOSD2
2008-05-07 02:28 d w C:\Program Files\ATK Hotkey
2008-05-07 02:26 d w C:\Program Files\ATI Technologies
2008-05-07 02:24 d w C:\Program Files\ATI
2008-05-06 23:56 d w C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
2008-05-06 23:56 d w C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
.
snapshot_2008-06-18_22.31.37,74
.
- 2008-06-18 20:08:27 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-21 09:01:00 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-06-18 18:56:39 2,091 ----a-w C:\Windows\bthservsdp.dat
+ 2008-06-21 01:47:28 2,091 ----a-w C:\Windows\bthservsdp.dat
- 2008-06-18 20:08:28 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-06-21 09:01:01 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-06-21 09:01:01 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-06-18 20:09:52 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-21 10:50:44 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-06-18 20:09:57 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-21 09:01:51 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-21 09:01:51 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-06-17 16:03:22 45,056 ----a-w C:\Windows\System32\acovcnt.exe
+ 2008-06-20 13:59:42 45,056 ----a-w C:\Windows\System32\acovcnt.exe
- 2008-06-13 15:29:41 99,864 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
+ 2008-06-18 20:34:28 131,432 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
- 2008-06-18 18:34:28 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-21 13:57:14 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-18 18:34:28 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-21 13:57:14 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-18 18:34:28 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-21 13:57:14 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-18 20:12:49 101,250 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-06-21 13:57:18 101,250 ----a-w C:\Windows\System32\perfc009.dat
- 2008-06-18 20:12:49 126,854 ----a-w C:\Windows\System32\perfc013.dat
+ 2008-06-21 13:57:18 126,854 ----a-w C:\Windows\System32\perfc013.dat
- 2008-06-18 20:12:49 587,178 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-06-21 13:57:18 587,178 ----a-w C:\Windows\System32\perfh009.dat
- 2008-06-18 20:12:49 667,358 ----a-w C:\Windows\System32\perfh013.dat
+ 2008-06-21 13:57:18 667,358 ----a-w C:\Windows\System32\perfh013.dat
- 2008-06-18 20:10:14 4,864 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1587329385-2914863367-2033150089-1000_UserData.bin
+ 2008-06-21 09:03:05 5,012 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1587329385-2914863367-2033150089-1000_UserData.bin
- 2008-06-18 20:10:13 73,862 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-21 09:03:05 74,158 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-06-18 20:10:12 35,500 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-06-21 09:03:03 35,952 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
Reg Opstartpunten
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2008-03-20 00:36 1267040 --a C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 00:36 1267040]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@={A8D448F4-0431-45AC-9F5E-E1B434AB2249}
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 02:08 143360 --a-
|
|
|
Vertel even hoe het gaat nu ?
|
|
Ik lijk geen problemen meer te hebben.
Heb al twee dagen geen meldingen meer gekregen van antivir.
Hij voelt nog wel trager aan als eerst, maar misschien is dat maar een gevoel.
Mijn bureaubladachtergrond is wel weg na die runs van combofix.
Als ik ze opnieuw instel, blijf ik zwart behouden.
Dat is wel niet zo positief.
Maar toch bedankt voor alle tijd en moeite!
|
|
Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.
Verwijder ComboFix via Start >
Uitvoeren, kopiëer en plak Combofix /U
Klik op OK of toets Enter.
Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.
|
|
Thanks!
Toevallig een idee om mijn bureaublad tekening terug te krijgen?
Gewoon selecteren bij achtergronden doet het niet meer na die combofix.
|
|
|
Hmmm niet verbeterd na verwijdering combofix dus ??
|
|
Blijkbaar niet. Ik zie nu wel net dat ik wel een externe tekening als achtergrond kan gebruiken, maar niet de standaard windows achtergronden.
Op zich geen ramp, maar ik geef dit maar even mee.
Merci voor de hulp!
|
|
|
Dat is geen punt.
Probeer dit nog even .
Download Dial-a-fix-2006 en pak beide bestanden in hun eigen map uit naar je Bureaublad.In de map Dial-a-fix-v0.60.0.24, dubbelklik op Dial-a-fix.exe
In het venster dat opengaat, klik onderaan op het icoontje met het dubbele groene vinkje (check all).
Klik daarna op "GO" en laat de tool alle instellingen terugzetten.
Sluit dit venster na afloop door onderaan op "Exit" te klikken.
|
|
|
Ik krijg een foutmelding dat het niet op Vista werkt..
En de recentste versie heeft dit staan :
Known issues
Not ready for Windows Vista
|
|
Dan gaan we het anders proberen.
Kopieer onderstaande code in de codebox in een leeg kladblok venster:
(vergeet REGEDIT4 niet mee te kopieeren!)
Code: REGEDIT4 [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
Sla deze op als fixreg.reg en geef als type "Alle bestanden"
Wanneer je hem hebt opgeslagen ziet het icoontje als volgt eruit:
Dubbelklik vervolgens op fixreg.reg.
Bij de vraag of je de wijzigingen aan het register wil toevoegen zeg Ja/Ok
Herstart daarna je PC!
(belangrijk)
Vermeldt hoe het met je problemen is.
|
|
Werkte perfect. Mijn windowsachtergrond is terug!!
Heel hard bedankt!
Ik apprecieer echt de moeite die jullie hierin steken!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:58, on 2008-07-05
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\ISP Monitor\isp.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ISPMonitor] C:\Program Files\ISP Monitor\isp.exe
O4 - HKCU\..\Run: [Packard Bell Software Suite] C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe /run
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Avira AntiVir Personal Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc.
- C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc.
- C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd.
- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd.
- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc.
- C:\Windows\System32\StkCSrv.exe
--
End of file - 8866 bytes
|
|
|
Ziet er goed uit hoor, Meer info over hoe je een nieuwe infectie kan voorkomen vind je hier en hier.
De status van deze thread staat op opgelost.
Indien er niet | | | |