Vraag & Antwoord
Windows openingsscherm verschijnt maar Windows start niet op
13 antwoorden
- Erg vreemd dat er iets gewijzigd zou zijn door de laatste run van Combofix, want - om één of andere onduidelijke reden - heeft die zijn werk niet goed gedaan en zijn de te verwijderen bestanden nog steeds aanwezig in je laatste log.
Verwijder deze dan ook eens manueel via Windows Verkenner :
[b:9e9be92f9e]c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
c:\program files\ccsetup213.exe
c:\program files\mbam-setup.exe
C:\urban_sketch.7z
c:\program files\ccsetup212_slim.exe [/b:9e9be92f9e]
En dan verder afwachten hoe het evolueert :? - Zo, die zijn weg.
Bedankt KAPE ! - Hallo, ik heb dit probleem - met dezelfde titel - twee dagen geleden gepost onder "software –>anders" en dank zij het gekregen advies is het euvel blijkbaar opgelost, dwz. Windows start tot nu toe weer meteen op als ik op een van de gebruikers klik.
Er werd mij echter aanbevolen om veiligheidshalve toch maar een Hijack-this log te posten. Het lijkt mij een betere plaats om dat hier, onder "beveiliging & privacy" te doen.
Voor omschrijving van het probleem verwijs in naar:
http://forum.computertotaal.nl/phpBB2/viewtopic.php?t=195164
en hier volgt dus de log.
Zo iemand die even willen controleren ? Alvast bedankt.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:52:05, on 24/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\GIGABYTE\GEST\gest.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\GIGABYTE\GEST\GSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tijd.be/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [GEST] C:\Program Files\GIGABYTE\GEST\RUN.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Mediacontrole Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: PDF in Word openen (PDF Converter 3.0) - res://C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /700
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.spector.be/DesktopModules/SpectorAlbum/ImageUploader5.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224070674171
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jdk/6u10/jinstall-6u10-windows-i586-jc.cab?e=1225996135685&h=0cfd885a40e24ea8ca3b40657a1f4539/&filename=jinstall-6u10-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
–
End of file - 11916 bytes - Dit logje ziet er piccobello uit
Misschien enkele programma's die nodeloos mee opstarten met Windows, maar zeker niets problematisch. Je andere acties schijnen dus alles - gelukkig - opgeruimd te hebben. - Bedankt Kape !
- Vanmorgen terug hetzelfde probleem: Windows valt niet op te starten na verschijnen van het opstartscherm. Na zo'n keer of acht lukte het dan eindelijk toch…
Lavasoft vond deze keer Win32.backdoor.agent. Daarna dezelfde procedure gevolgd als de vorige keer.
Hier volgt de nieuwe HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:20, on 30/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\GIGABYTE\GEST\gest.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\GIGABYTE\GEST\GSvr.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tijd.be/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [GEST] C:\Program Files\GIGABYTE\GEST\RUN.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Mediacontrole Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: PDF in Word openen (PDF Converter 3.0) - res://C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /700
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.spector.be/DesktopModules/SpectorAlbum/ImageUploader5.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224070674171
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jdk/6u10/jinstall-6u10-windows-i586-jc.cab?e=1225996135685&h=0cfd885a40e24ea8ca3b40657a1f4539/&filename=jinstall-6u10-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
–
End of file - 11871 bytes
Kun je deze alsjeblieft nog eens controleren ? - Download [b:bc1c465269] naar je Bureaublad.
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:bc1c465269]download Combofix opnieuw[/b:bc1c465269].
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![list:bc1c465269]
Dubbelklik op [b:bc1c465269]Combofix.exe[/b:bc1c465269] om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Volg de instructies, aanvaard de disclaimer door op [b:bc1c465269]Ja[/b:bc1c465269] te klikken.
Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op [b:bc1c465269]JA[/b:bc1c465269] te klikken in het "Query - Recovery Console" venster.
Klik op [b:bc1c465269]OK[/b:bc1c465269] en [b:bc1c465269]Ja[/b:bc1c465269] om automatisch de Recovery Console te laten installeren.
Klik na afloop terug op [b:bc1c465269]Ja[/b:bc1c465269] om het scannen op malware te starten.
Tijdens het runnen van de fix, [b:bc1c465269]NIET[/b:bc1c465269] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:bc1c465269]
Wanneer de fix voltooid is en na herstart, zal de log [b:bc1c465269]Combofix.txt[/b:bc1c465269] openen.
Post dit logje in je volgende antwoord. - Cobofix log:
ComboFix 08-11-30.01 - paul 2008-11-30 18:28:35.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2598 [GMT 1:00]
Gestart vanuit: c:\documents and settings\paul\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\paul\Application Data\.#
c:\documents and settings\paul\Application Data\.#\MBX@E70@3832D8.###
c:\documents and settings\paul\Application Data\.#\MBX@E70@3832E8.###
c:\documents and settings\paul\Application Data\.#\MBX@E70@3832F8.###
c:\documents and settings\paul\Application Data\.#\MBX@E70@383308.###
c:\documents and settings\paul\Application Data\.#\MBX@E84@3832E8.###
c:\documents and settings\paul\Application Data\.#\MBX@E84@3832F8.###
c:\documents and settings\paul\Application Data\.#\MBX@E84@383308.###
c:\windows\system32\svuvFfii.ini
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-10-28 to 2008-11-30 ))))))))))))))))))))))))))))))
.
2008-11-28 20:42 . 2008-11-28 20:43 <DIR> d——– c:\windows\system32\Adobe
2008-11-27 23:29 . 2008-11-27 23:29 <DIR> d——– c:\program files\iTunes
2008-11-27 23:29 . 2008-11-27 23:29 <DIR> d——– c:\program files\iPod
2008-11-27 23:29 . 2008-11-27 23:29 <DIR> d——– c:\documents and settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-23 15:16 . 2008-11-23 15:16 <DIR> d——– c:\documents and settings\All Users.WINDOWS\Application Data\Avira
2008-11-23 13:02 . 2008-11-23 13:02 <DIR> d——– c:\program files\TrendMicro_Downloader
2008-11-23 13:02 . 2008-11-23 13:02 1,958,864 –a—— c:\program files\TrendMicro_Downloader.exe
2008-11-23 12:47 . 2008-11-23 12:47 <DIR> d——– c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2008-11-23 12:31 . 2008-11-30 10:21 <DIR> d——– c:\documents and settings\paul\.housecall6.6
2008-11-23 00:44 . 2008-11-30 17:05 <DIR> dr-h—– c:\documents and settings\paul\Onlangs geopend
2008-11-22 11:53 . 2008-11-22 11:54 2,955,128 –a—— c:\program files\ccsetup213.exe
2008-11-22 11:37 . 2008-11-22 11:37 2,372,472 –a—— c:\program files\mbam-setup.exe
2008-11-21 13:02 . 2008-11-21 18:06 <DIR> d——– c:\documents and settings\paul\.assistant
2008-11-20 12:10 . 2008-11-20 12:10 292,278,256 –a—— c:\program files\SPU_Upgrade0805a.exe
2008-11-12 15:46 . 2008-10-24 12:21 455,296 —–c— c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 15:48 . 2008-11-11 15:48 157,436 –a—— C:\urban_sketch.7z
2008-11-11 15:44 . 2008-11-11 15:44 <DIR> d——– c:\program files\7-Zip
2008-11-11 15:44 . 2008-11-11 15:44 860,391 –a—— c:\program files\7z457.exe
2008-11-08 12:47 . 2008-11-11 12:12 <DIR> d——– c:\documents and settings\paul\Application Data\Apple Computer
2008-11-08 12:47 . 2008-04-17 13:12 107,368 –a—— c:\windows\system32\GEARAspi.dll
2008-11-08 12:47 . 2008-04-17 13:12 15,464 –a—— c:\windows\system32\drivers\GEARAspiWDM.sys
2008-11-08 12:45 . 2008-11-08 12:45 <DIR> d——– c:\program files\Apple Software Update
2008-11-08 12:45 . 2008-11-08 12:46 <DIR> d——– c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
2008-11-08 12:44 . 2008-11-27 23:29 <DIR> d——– c:\program files\Common Files\Apple
2008-11-08 12:44 . 2008-11-08 12:44 <DIR> d——– c:\documents and settings\All Users.WINDOWS\Application Data\Apple
2008-11-06 19:28 . 2008-11-06 19:28 <DIR> d——– c:\windows\Sun
2008-11-06 19:28 . 2008-11-06 19:28 <DIR> d——– c:\program files\Java
2008-11-06 19:28 . 2008-11-06 19:28 410,976 –a—— c:\windows\system32\deploytk.dll
2008-11-06 19:28 . 2008-11-06 19:28 73,728 –a—— c:\windows\system32\javacpl.cpl
2008-11-04 10:30 . 2008-11-04 10:30 90,112 –a—— c:\windows\system32\QuickTimeVR.qtx
2008-11-04 10:30 . 2008-11-04 10:30 57,344 –a—— c:\windows\system32\QuickTime.qts
2008-11-03 12:10 . 2008-11-03 12:10 <DIR> d——– c:\documents and settings\paul\Application Data\SPB
2008-11-03 12:07 . 2008-11-16 11:08 <DIR> d——– c:\program files\Spector Photo Software
2008-10-30 09:59 . 2008-10-30 09:59 4,526 –a—— c:\windows\system32\PerfStringBackup.TMP
2008-10-29 23:59 . 2008-10-29 23:59 <DIR> d——– c:\program files\Real
2008-10-29 23:59 . 2008-10-30 09:56 <DIR> d——– c:\program files\Common Files\Real
2008-10-24 06:52 . 2008-10-24 06:52 <DIR> d——– c:\documents and settings\arno\Application Data\Zeon
2008-10-22 14:25 . 2008-10-22 14:25 <DIR> d——– c:\windows\system32\LogFiles
2008-10-22 14:25 . 2008-10-22 14:26 <DIR> d——– C:\cd998c7e7b9dcc450061de2b695b
2008-10-22 14:25 . 2008-10-22 14:25 <DIR> d——– C:\6cdd4f04b06f4e6afa5e06d6b7
2008-10-22 12:19 . 2002-10-01 13:14 1,088,512 –a—— c:\program files\VDNF.exe
2008-10-22 12:19 . 2002-10-01 13:15 1,088,512 –a—— c:\program files\VDFN.exe
2008-10-22 12:19 . 2008-10-22 12:19 86,016 –a—— c:\program files\setupfnnf.dll
2008-10-22 12:12 . 2008-10-22 12:34 522 –a—— c:\windows\vdgwwin.ini
2008-10-22 12:10 . 2008-10-22 12:10 <DIR> d——– c:\program files\cfg
2008-10-22 12:10 . 2005-03-25 10:31 1,233,408 –a—— c:\program files\vdne.exe
2008-10-22 12:10 . 2005-03-25 10:31 1,233,408 –a—— c:\program files\vden.exe
2008-10-22 12:10 . 1998-12-23 06:10 291,840 –a—— c:\program files\LTKRN10N.DLL
2008-10-22 12:10 . 1997-11-08 14:44 233,472 –a—— c:\program files\ilda32.dll
2008-10-22 12:10 . 1998-12-23 06:10 226,304 –a—— c:\program files\ltdis10n.dll
2008-10-22 12:10 . 2002-07-01 13:23 177,235 –a—— c:\program files\hbserv32.dll
2008-10-22 12:10 . 1998-12-23 06:10 102,912 –a—— c:\program files\LTFIL10N.DLL
2008-10-22 12:10 . 2002-07-01 15:55 81,920 –a—— c:\program files\thsqry32.dll
2008-10-22 12:09 . 2002-07-01 14:20 462,848 –a—— c:\program files\cdclnt32.dll
2008-10-22 12:09 . 2002-06-25 12:32 339,968 –a—— c:\program files\cdserv32.dll
2008-10-22 12:09 . 2002-02-01 14:54 320,512 –a—— c:\program files\gb.dll
2008-10-22 12:09 . 2004-09-29 10:04 127,488 –a—— c:\program files\ccklb32.dll
2008-10-22 12:09 . 2002-07-02 08:49 94,208 –a—— c:\program files\cdutil32.dll
2008-10-22 12:09 . 2008-10-22 12:33 86,016 –a—— c:\program files\setupenne.dll
2008-10-22 11:50 . 2006-10-26 18:56 32,592 –a—— c:\windows\system32\msonpmon.dll
2008-10-22 11:49 . 2008-10-22 11:49 <DIR> d——– c:\program files\Microsoft Works
2008-10-22 11:48 . 2008-10-22 11:48 <DIR> d——– c:\program files\Microsoft.NET
2008-10-22 11:45 . 2008-10-22 11:45 <DIR> d——– c:\program files\Microsoft Visual Studio 8
2008-10-22 11:44 . 2008-11-18 12:33 <DIR> d——– c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-10-22 11:43 . 2008-10-22 11:43 <DIR> dr-h—– C:\MSOCache
2008-10-21 19:50 . 2008-10-21 19:50 <DIR> d——– c:\program files\CCleaner
2008-10-21 19:49 . 2008-10-21 19:50 872,264 –a—— c:\program files\ccsetup212_slim.exe
2008-10-21 14:29 . 2008-11-30 09:16 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
2008-10-21 14:29 . 2008-10-21 14:29 <DIR> d——– c:\documents and settings\paul\Application Data\Malwarebytes
2008-10-21 14:29 . 2008-10-21 14:29 <DIR> d——– c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-10-21 14:29 . 2008-10-22 16:10 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-21 14:29 . 2008-10-22 16:10 15,504 –a—— c:\windows\system32\drivers\mbam.sys
2008-10-21 10:56 . 2008-10-21 12:33 211 –a—— c:\windows\wininit.ini
2008-10-21 09:59 . 2008-11-28 15:56 <DIR> d——– c:\documents and settings\paul\Application Data\U3
2008-10-21 09:26 . 2008-10-21 09:26 <DIR> d——– c:\program files\Lavasoft
2008-10-20 19:43 . 2008-10-20 19:43 <DIR> d——– c:\program files\DAEMON Tools Toolbar
2008-10-20 19:43 . 2008-10-21 08:53 <DIR> d——– c:\program files\DAEMON Tools Lite
2008-10-20 19:41 . 2008-10-20 19:41 <DIR> d——– c:\documents and settings\paul\Application Data\DAEMON Tools
2008-10-20 19:41 . 2008-10-20 19:41 4,743,112 –a—— c:\program files\daemon4301-lite.exe
2008-10-20 19:41 . 2008-10-20 19:41 717,296 –a—— c:\windows\system32\drivers\sptd.sys
2008-10-20 19:28 . 2008-10-20 19:46 <DIR> d——– c:\program files\MagicISO
2008-10-20 18:25 . 2008-10-20 18:25 9,085,368 –a—— c:\program files\Vuze_Installer.exe
2008-10-20 12:44 . 2008-10-20 12:44 <DIR> d——– c:\documents and settings\paul\Application Data\VanDale
2008-10-20 12:40 . 2008-10-22 12:19 <DIR> d——– c:\program files\macro
2008-10-20 12:40 . 2008-10-22 12:19 <DIR> d——– c:\program files\img
2008-10-20 12:40 . 2008-10-22 12:19 <DIR> d——– c:\program files\help
2008-10-20 12:40 . 2008-10-22 12:11 <DIR> d——– c:\program files\data
2008-10-20 12:40 . 2008-10-22 12:19 <DIR> d——– c:\program files\css
2008-10-20 12:28 . 2008-10-20 12:28 <DIR> d——– c:\program files\VanDale
2008-10-17 08:17 . 2008-10-02 22:07 <DIR> d–h—– c:\documents and settings\arno\Sjablonen
2008-10-17 08:17 . 2008-10-24 06:52 <DIR> dr-h—– c:\documents and settings\arno\Onlangs geopend
2008-10-17 08:17 . 2008-10-02 23:58 <DIR> d–h—– c:\documents and settings\arno\Netwerkprinteromgeving
2008-10-17 08:17 . 2008-10-17 08:17 <DIR> dr——- c:\documents and settings\arno\Mijn documenten
2008-10-17 08:17 . 2008-10-02 23:58 <DIR> dr——- c:\documents and settings\arno\Menu Start
2008-10-17 08:17 . 2008-10-17 08:17 <DIR> dr——- c:\documents and settings\arno\Favorieten
2008-10-17 08:17 . 2008-10-02 23:58 <DIR> d——– c:\documents and settings\arno\Bureaublad
2008-10-17 08:17 . 2008-10-30 09:56 <DIR> d——– c:\documents and settings\arno
2008-10-16 20:51 . 2008-11-03 10:15 <DIR> d——– c:\documents and settings\paul\Application Data\DigiLeen
2008-10-16 14:06 . 2008-10-16 20:51 <DIR> d——– c:\program files\DigiLeen
2008-10-16 14:06 . 2004-04-23 15:01 297,984 –a—— c:\windows\system32\midas.dll
2008-10-16 14:06 . 2007-01-21 21:03 84,536 –a—— c:\windows\system32\bass.dll
2008-10-16 12:23 . 2008-10-16 12:23 5,763,258 –a—— c:\program files\DigiLeenSetup_v1.1.00.0027.exe
2008-10-16 11:05 . 2008-10-16 11:20 <DIR> d——– c:\windows\system32\NtmsData
2008-10-16 09:10 . 2008-10-16 14:06 268,648 –a—— c:\windows\system32\mucltui.dll
2008-10-16 09:10 . 2008-10-16 14:06 27,496 –a—— c:\windows\system32\mucltui.dll.mui
2008-10-15 14:18 . 2008-10-15 14:18 2,160,115 –a—— c:\program files\NeatSetup.exe
2008-10-15 12:50 . 2008-10-15 12:50 <DIR> d——– c:\program files\CDBurnerXP
2008-10-15 12:50 . 2008-10-15 12:50 <DIR> d——– c:\documents and settings\paul\Application Data\Canneverbe_Limited
2008-10-15 12:43 . 2008-10-15 12:43 <DIR> d——– c:\program files\Microsoft CAPICOM 2.1.0.2
2008-10-15 12:42 . 2008-08-14 14:27 2,193,536 —–c— c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 12:42 . 2008-08-14 14:27 2,149,888 —–c— c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 12:42 . 2008-08-14 14:27 2,070,400 —–c— c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 12:42 . 2008-08-14 14:27 2,028,544 —–c— c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-15 12:32 . 2008-10-15 12:33 <DIR> d——– C:\[u:63268e6168]0[/u:63268e6168]ff6e3c717bbd942afea47f3cb2162b9
2008-10-15 12:32 . 2008-07-06 13:06 1,676,288 ——— c:\windows\system32\xpssvcs.dll
2008-10-15 12:32 . 2008-07-06 13:06 1,676,288 —–c— c:\windows\system32\dllcache\xpssvcs.dll
2008-10-15 12:32 . 2008-07-06 11:50 597,504 —–c— c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2008-10-15 12:32 . 2008-07-06 13:06 575,488 ——— c:\windows\system32\xpsshhdr.dll
2008-10-15 12:32 . 2008-07-06 13:06 575,488 —–c— c:\windows\system32\dllcache\xpsshhdr.dll
2008-10-15 12:32 . 2008-07-06 13:06 117,760 ——— c:\windows\system32\prntvpt.dll
2008-10-15 12:32 . 2008-07-06 13:06 89,088 —–c— c:\windows\system32\dllcache\filterpipelineprintproc.dll
2008-10-15 12:18 . 2008-10-15 12:46 <DIR> d——– C:\3605804ba40585210060076f07a3cc
2008-10-15 12:18 . 2008-10-15 12:18 2,959,376 –a—— c:\program files\dotnetfx35setup.exe
2008-10-15 12:16 . 2008-10-15 12:48 3,172,459 –a—— c:\program files\cdbxp_setup_4.2.2.984.exe
2008-10-15 12:12 . 2008-10-15 12:12 4,057,200 –a—— c:\program files\wmfdist.exe
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-27 18:44 196,608 —-a-w c:\windows\system32\drivers\nStandard.bin
2008-10-24 11:21 455,296 —-a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 13:26 ——— d—–w c:\program files\Windows Media Connect 2
2008-10-22 11:34 359 —-a-w c:\program files\cdsearch.cfg
2008-10-22 11:30 47 —-a-w c:\program files\cdserver.rep
2008-10-22 11:21 28,064 —-a-w c:\program files\Uninst.isu
2008-10-22 10:49 ——— d—–w c:\program files\MSBuild
2008-10-20 14:36 11,644 —-a-w c:\program files\Office_2007_Enterprise_Edition.4453250.TPB.torrent
2008-10-16 13:13 202,776 —-a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 —-a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 —-a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 —-a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 —-a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 —-a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 —-a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 —-a-w c:\windows\system32\wups.dll
2008-10-16 13:06 208,744 —-a-w c:\windows\system32\muweb.dll
2008-10-06 17:28 20,992 —-a-w c:\windows\system32\drivers\vga.sys
2008-10-05 10:05 ——— d–h–w c:\program files\InstallShield Installation Information
2008-10-04 09:35 ——— d—–w c:\program files\microsoft frontpage
2008-10-03 14:05 ——— d—–w c:\program files\Common Files\InstallShield
2008-10-02 22:19 315,392 —-a-w c:\windows\HideWin.exe
2008-10-02 08:09 ——— d—–w c:\program files\Microsoft Silverlight
2008-10-01 16:30 ——— d—–w c:\program files\Prime95
2008-10-01 16:30 ——— d—–w c:\program files\CyberLink
2008-10-01 16:30 ——— d—–w c:\program files\Common Files\Ahead
2008-10-01 16:30 ——— d—–w c:\program files\Ahead
2008-10-01 15:34 ——— d—–w c:\program files\Futuremark
2008-10-01 15:33 ——— d—–w c:\program files\Windows Media Components
2008-10-01 15:27 86 —-a-w c:\documents and settings\Default User\DelB0C.bat
2008-10-01 15:25 ——— d—–w c:\program files\Reference Assemblies
2008-09-30 15:43 1,286,152 —-a-w c:\windows\system32\msxml4.dll
2008-09-15 15:28 1,846,528 —-a-w c:\windows\system32\win32k.sys
2008-09-10 01:16 1,307,648 —-a-w c:\windows\system32\msxml6.dll
2008-09-04 17:17 1,106,944 —-a-w c:\windows\system32\msxml3.dll
2008-09-04 07:31 288,024 —-a-w c:\windows\system32\PhysXCplUI.exe
2008-08-29 09:18 87,336 —-a-w c:\windows\system32\dns-sd.exe
2008-08-29 08:53 61,440 —-a-w c:\windows\system32\dnssd.dll
2008-08-29 06:57 70,936 —-a-w c:\windows\system32\PhysXLoader.dll
2008-08-26 08:27 826,368 —-a-w c:\windows\system32\wininet.dll
2008-08-14 13:27 2,149,888 —-a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 13:27 2,028,544 —-a-w c:\windows\system32\ntkrnlpa.exe
2005-03-31 11:11 15,950 —-a-w c:\program files\vden.res
2005-03-31 11:10 15,878 —-a-w c:\program files\vdne.res
2005-03-23 10:02 2,364 —-a-w c:\program files\leesmij.txt
2002-09-10 07:57 18,326 —-a-w c:\program files\Vdfn.res
2002-09-10 07:57 18,262 —-a-w c:\program files\Vdnf.res
2002-07-12 09:34 284,370 —-a-w c:\program files\VDwin_g.res
1997-05-15 14:07 4,590 —-a-w c:\program files\doswin32.daf
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="c:\program files\GIGABYTE\GEST\RUN.exe" [2008-10-06 236040]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-26 172032]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-06 136600]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
c:\documents and settings\paul\Menu Start\Programma's\Opstarten\
Mediacontrole Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-10-05 368640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
–a—— 2007-09-13 14:54 380928 c:\program files\ASUS\GamerOSD\GamerOSD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
–a—— 2002-12-02 19:56 40960 c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gStart]
–a—— 2007-03-04 22:08 1891416 c:\garmin\gStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
——— 2008-04-14 21:33 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
–a—— 2006-10-11 11:45 75304 c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF3 Registry Controller]
–a—— 2005-08-25 08:33 106496 c:\program files\ScanSoft\PDF Professional 3.0\registrycontroller.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
–a—— 2008-10-05 10:08 39408 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\GIGABYTE\\GEST\\run.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\DigiLeen\\Digileen.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
R0 hotcore;hotcore;c:\windows\system32\drivers\hotcore.sys [2008-10-04 30820]
R3 ASUSVRC;ASUSTeK Virtual Capture Device;c:\windows\system32\DRIVERS\AsusVRC.sys [2007-01-29 18432]
R3 GEST Service;GEST Service for program management.;"c:\program files\GIGABYTE\GEST\GSvr.exe" [2008-10-02 55816]
R3 Video3D;ASUS Video3D Service;c:\windows\system32\Drivers\Video3D32.sys [2008-10-03 10752]
S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe []
*Newly Created Service* - PROCEXP90
.
Inhoud van de 'Gedeelde Taken' map
2008-11-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS VERWIJDERD - - - -
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.tijd.be/home
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: PDF in Word openen (PDF Converter 3.0) - c:\program files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /700
c:\windows\Downloaded Program Files\sysreqlab3.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
c:\windows\Downloaded Program Files\SysReqLab3.osd
c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\ImageUploader5.ocx
O16 -: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
hxxp://www.spector.be/DesktopModules/SpectorAlbum/ImageUploader5.cab
c:\windows\Downloaded Program Files\ImageUploader5.inf
c:\windows\Downloaded Program Files\CTSUEng.ocx - c:\windows\Downloaded Program Files\CTSUEngn.ocx
O16 -: {6C269571-C6D7-4818-BCA4-32A035E8C884}
hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
c:\windows\Downloaded Program Files\CTSUEng.inf
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-30 18:30:30
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2008-11-30 18:31:46
ComboFix-quarantined-files.txt 2008-11-30 17:31:32
Pre-Run: 388.362.739.712 bytes beschikbaar
Post-Run: 389,547,278,336 bytes beschikbaar
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
319 — E O F — 2008-11-01 23:55:24 - Open een kladblokbestand.
Kopieer en plak daarin de onderstaande vetgedrukte tekst.
[b:d8b606196e]File::
c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
c:\program files\ccsetup213.exe
c:\program files\mbam-setup.exe
C:\urban_sketch.7z
c:\program files\ccsetup212_slim.exe[/b:d8b606196e]
Sla dit bestand op je bureaublad op als [b:d8b606196e]CFScript.txt[/b:d8b606196e].
Sleep CFScript.txt in ComboFix.exe
Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.
Post na herstart de inhoud van de Combofix.txt in je volgende bericht en laat eens horen of er verbetering merkbaar is ? - hier volgt de log:
ComboFix 08-11-30.01 - paul 2008-11-30 19:03:13.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2980 [GMT 1:00]
Gestart vanuit: c:\documents and settings\paul\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\paul\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-10-28 to 2008-11-30 ))))))))))))))))))))))))))))))
.
2008-11-28 20:42 . 2008-11-28 20:43 <DIR> d——– c:\windows\system32\Adobe
2008-11-27 23:29 . 2008-11-27 23:29 <DIR> d——– c:\program files\iTunes
2008-11-27 23:29 . 2008-11-27 23:29 <DIR> d——– c:\program files\iPod
2008-11-27 23:29 . 2008-11-27 23:29 <DIR> d——– c:\documents and settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-23 15:16 . 2008-11-23 15:16 <DIR> d——– c:\documents and settings\All Users.WINDOWS\Application Data\Avira
2008-11-23 13:02 . 2008-11-23 13:02 <DIR> d——– c:\program files\TrendMicro_Downloader
2008-11-23 13:02 . 2008-11-23 13:02 1,958,864 –a—— c:\program files\TrendMicro_Downloader.exe
2008-11-23 12:47 . 2008-11-23 12:47 <DIR> d——– c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2008-11-23 12:31 . 2008-11-30 10:21 <DIR> d——– c:\documents and settings\paul\.housecall6.6
2008-11-23 00:44 . 2008-11-30 19:01 <DIR> dr-h—– c:\documents and settings\paul\Onlangs geopend
2008-11-22 11:53 . 2008-11-22 11:54 2,955,128 –a—— c:\program files\ccsetup213.exe
2008-11-22 11:37 . 2008-11-22 11:37 2,372,472 –a—— c:\program files\mbam-setup.exe
2008-11-21 13:02 . 2008-11-21 18:06 <DIR> d——– c:\documents and settings\paul\.assistant
2008-11-20 12:10 . 2008-11-20 12:10 292,278,256 –a—— c:\program files\SPU_Upgrade0805a.exe
2008-11-12 15:46 . 2008-10-24 12:21 455,296 —–c— c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 15:48 . 2008-11-11 15:48 157,436 –a—— C:\urban_sketch.7z
2008-11-11 15:44 . 2008-11-11 15:44 <DIR> d——– c:\program files\7-Zip
2008-11-11 15:44 . 2008-11-11 15:44 860,391 –a—— c:\program files\7z457.exe
2008-11-08 12:47 . 2008-11-11 12:12 <DIR> d——– c:\documents and settings\paul\Application Data\Apple Computer
2008-11-08 12:47 . 2008-04-17 13:12 107,368 –a—— c:\windows\system32\GEARAspi.dll
2008-11-08 12:47 . 2008-04-17 13:12 15,464 –a—— c:\windows\system32\drivers\GEARAspiWDM.sys
2008-11-08 12:45 . 2008-11-08 12:45 <DIR> d——– c:\program files\Apple Software Update
2008-11-08 12:45 . 2008-11-08 12:46 <DIR> d——– c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
2008-11-08 12:44 . 2008-11-27 23:29 <DIR> d——– c:\program files\Common Files\Apple
2008-11-08 12:44 . 2008-11-08 12:44 <DIR> d——– c:\documents and settings\All Users.WINDOWS\Application Data\Apple
2008-11-06 19:28 . 2008-11-06 19:28 <DIR> d——– c:\windows\Sun
2008-11-06 19:28 . 2008-11-06 19:28 <DIR> d——– c:\program files\Java
2008-11-06 19:28 . 2008-11-06 19:28 410,976 –a—— c:\windows\system32\deploytk.dll
2008-11-06 19:28 . 2008-11-06 19:28 73,728 –a—— c:\windows\system32\javacpl.cpl
2008-11-04 10:30 . 2008-11-04 10:30 90,112 –a—— c:\windows\system32\QuickTimeVR.qtx
2008-11-04 10:30 . 2008-11-04 10:30 57,344 –a—— c:\windows\system32\QuickTime.qts
2008-11-03 12:10 . 2008-11-03 12:10 <DIR> d——– c:\documents and settings\paul\Application Data\SPB
2008-11-03 12:07 . 2008-11-16 11:08 <DIR> d——– c:\program files\Spector Photo Software
2008-10-30 09:59 . 2008-10-30 09:59 4,526 –a—— c:\windows\system32\PerfStringBackup.TMP
2008-10-29 23:59 . 2008-10-29 23:59 <DIR> d——– c:\program files\Real
2008-10-29 23:59 . 2008-10-30 09:56 <DIR> d——– c:\program files\Common Files\Real
2008-10-24 06:52 . 2008-10-24 06:52 <DIR> d——– c:\documents and settings\arno\Application Data\Zeon
2008-10-22 14:25 . 2008-10-22 14:25 <DIR> d——– c:\windows\system32\LogFiles
2008-10-22 14:25 . 2008-10-22 14:26 <DIR> d——– C:\cd998c7e7b9dcc450061de2b695b
2008-10-22 14:25 . 2008-10-22 14:25 <DIR> d——– C:\6cdd4f04b06f4e6afa5e06d6b7
2008-10-22 12:19 . 2002-10-01 13:14 1,088,512 –a—— c:\program files\VDNF.exe
2008-10-22 12:19 . 2002-10-01 13:15 1,088,512 –a—— c:\program files\VDFN.exe
2008-10-22 12:19 . 2008-10-22 12:19 86,016 –a—— c:\program files\setupfnnf.dll
2008-10-22 12:12 . 2008-10-22 12:34 522 –a—— c:\windows\vdgwwin.ini
2008-10-22 12:10 . 2008-10-22 12:10 <DIR> d——– c:\program files\cfg
2008-10-22 12:10 . 2005-03-25 10:31 1,233,408 –a—— c:\program files\vdne.exe
2008-10-22 12:10 . 2005-03-25 10:31 1,233,408 –a—— c:\program files\vden.exe
2008-10-22 12:10 . 1998-12-23 06:10 291,840 –a—— c:\program files\LTKRN10N.DLL
2008-10-22 12:10 . 1997-11-08 14:44 233,472 –a—— c:\program files\ilda32.dll
2008-10-22 12:10 . 1998-12-23 06:10 226,304 –a—— c:\program files\ltdis10n.dll
2008-10-22 12:10 . 2002-07-01 13:23 177,235 –a—— c:\program files\hbserv32.dll
2008-10-22 12:10 . 1998-12-23 06:10 102,912 –a—— c:\program files\LTFIL10N.DLL
2008-10-22 12:10 . 2002-07-01 15:55 81,920 –a—— c:\program files\thsqry32.dll
2008-10-22 12:09 . 2002-07-01 14:20 462,848 –a—— c:\program files\cdclnt32.dll
2008-10-22 12:09 . 2002-06-25 12:32 339,968 –a—— c:\program files\cdserv32.dll
2008-10-22 12:09 . 2002-02-01 14:54 320,512 –a—— c:\program files\gb.dll
2008-10-22 12:09 . 2004-09-29 10:04 127,488 –a—— c:\program files\ccklb32.dll
2008-10-22 12:09 . 2002-07-02 08:49 94,208 –a—— c:\program files\cdutil32.dll
2008-10-22 12:09 . 2008-10-22 12:33 86,016 –a—— c:\program files\setupenne.dll
2008-10-22 11:50 . 2006-10-26 18:56 32,592 –a—— c:\windows\system32\msonpmon.dll
2008-10-22 11:49 . 2008-10-22 11:49 <DIR> d——– c:\program files\Microsoft Works
2008-10-22 11:48 . 2008-10-22 11:48 <DIR> d——– c:\program files\Microsoft.NET
2008-10-22 11:45 . 2008-10-22 11:45 <DIR> d——– c:\program files\Microsoft Visual Studio 8
2008-10-22 11:44 . 2008-11-18 12:33 <DIR> d——– c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-10-22 11:43 . 2008-10-22 11:43 <DIR> dr-h—– C:\MSOCache
2008-10-21 19:50 . 2008-10-21 19:50 <DIR> d——– c:\program files\CCleaner
2008-10-21 19:49 . 2008-10-21 19:50 872,264 –a—— c:\program files\ccsetup212_slim.exe
2008-10-21 14:29 . 2008-11-30 09:16 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
2008-10-21 14:29 . 2008-10-21 14:29 <DIR> d——– c:\documents and settings\paul\Application Data\Malwarebytes
2008-10-21 14:29 . 2008-10-21 14:29 <DIR> d——– c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-10-21 14:29 . 2008-10-22 16:10 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-21 14:29 . 2008-10-22 16:10 15,504 –a—— c:\windows\system32\drivers\mbam.sys
2008-10-21 10:56 . 2008-10-21 12:33 211 –a—— c:\windows\wininit.ini
2008-10-21 09:59 . 2008-11-28 15:56 <DIR> d——– c:\documents and settings\paul\Application Data\U3
2008-10-21 09:26 . 2008-10-21 09:26 <DIR> d——– c:\program files\Lavasoft
2008-10-20 19:43 . 2008-10-20 19:43 <DIR> d——– c:\program files\DAEMON Tools Toolbar
2008-10-20 19:43 . 2008-10-21 08:53 <DIR> d——– c:\program files\DAEMON Tools Lite
2008-10-20 19:41 . 2008-10-20 19:41 <DIR> d——– c:\documents and settings\paul\Application Data\DAEMON Tools
2008-10-20 19:41 . 2008-10-20 19:41 4,743,112 –a—— c:\program files\daemon4301-lite.exe
2008-10-20 19:41 . 2008-10-20 19:41 717,296 –a—— c:\windows\system32\drivers\sptd.sys
2008-10-20 19:28 . 2008-10-20 19:46 <DIR> d——– c:\program files\MagicISO
2008-10-20 18:25 . 2008-10-20 18:25 9,085,368 –a—— c:\program files\Vuze_Installer.exe
2008-10-20 12:44 . 2008-10-20 12:44 <DIR> d——– c:\documents and settings\paul\Application Data\VanDale
2008-10-20 12:40 . 2008-10-22 12:19 <DIR> d——– c:\program files\macro
2008-10-20 12:40 . 2008-10-22 12:19 <DIR> d——– c:\program files\img
2008-10-20 12:40 . 2008-10-22 12:19 <DIR> d——– c:\program files\help
2008-10-20 12:40 . 2008-10-22 12:11 <DIR> d——– c:\program files\data
2008-10-20 12:40 . 2008-10-22 12:19 <DIR> d——– c:\program files\css
2008-10-20 12:28 . 2008-10-20 12:28 <DIR> d——– c:\program files\VanDale
2008-10-17 08:17 . 2008-10-02 22:07 <DIR> d–h—– c:\documents and settings\arno\Sjablonen
2008-10-17 08:17 . 2008-10-24 06:52 <DIR> dr-h—– c:\documents and settings\arno\Onlangs geopend
2008-10-17 08:17 . 2008-10-02 23:58 <DIR> d–h—– c:\documents and settings\arno\Netwerkprinteromgeving
2008-10-17 08:17 . 2008-10-17 08:17 <DIR> dr——- c:\documents and settings\arno\Mijn documenten
2008-10-17 08:17 . 2008-10-02 23:58 <DIR> dr——- c:\documents and settings\arno\Menu Start
2008-10-17 08:17 . 2008-10-17 08:17 <DIR> dr——- c:\documents and settings\arno\Favorieten
2008-10-17 08:17 . 2008-10-02 23:58 <DIR> d——– c:\documents and settings\arno\Bureaublad
2008-10-17 08:17 . 2008-10-30 09:56 <DIR> d——– c:\documents and settings\arno
2008-10-16 20:51 . 2008-11-03 10:15 <DIR> d——– c:\documents and settings\paul\Application Data\DigiLeen
2008-10-16 14:06 . 2008-10-16 20:51 <DIR> d——– c:\program files\DigiLeen
2008-10-16 14:06 . 2004-04-23 15:01 297,984 –a—— c:\windows\system32\midas.dll
2008-10-16 14:06 . 2007-01-21 21:03 84,536 –a—— c:\windows\system32\bass.dll
2008-10-16 12:23 . 2008-10-16 12:23 5,763,258 –a—— c:\program files\DigiLeenSetup_v1.1.00.0027.exe
2008-10-16 11:05 . 2008-10-16 11:20 <DIR> d——– c:\windows\system32\NtmsData
2008-10-16 09:10 . 2008-10-16 14:06 268,648 –a—— c:\windows\system32\mucltui.dll
2008-10-16 09:10 . 2008-10-16 14:06 27,496 –a—— c:\windows\system32\mucltui.dll.mui
2008-10-15 14:18 . 2008-10-15 14:18 2,160,115 –a—— c:\program files\NeatSetup.exe
2008-10-15 12:50 . 2008-10-15 12:50 <DIR> d——– c:\program files\CDBurnerXP
2008-10-15 12:50 . 2008-10-15 12:50 <DIR> d——– c:\documents and settings\paul\Application Data\Canneverbe_Limited
2008-10-15 12:43 . 2008-10-15 12:43 <DIR> d——– c:\program files\Microsoft CAPICOM 2.1.0.2
2008-10-15 12:42 . 2008-08-14 14:27 2,193,536 —–c— c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 12:42 . 2008-08-14 14:27 2,149,888 —–c— c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 12:42 . 2008-08-14 14:27 2,070,400 —–c— c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 12:42 . 2008-08-14 14:27 2,028,544 —–c— c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-15 12:32 . 2008-10-15 12:33 <DIR> d——– C:\[u:907bd56bf7]0[/u:907bd56bf7]ff6e3c717bbd942afea47f3cb2162b9
2008-10-15 12:32 . 2008-07-06 13:06 1,676,288 ——— c:\windows\system32\xpssvcs.dll
2008-10-15 12:32 . 2008-07-06 13:06 1,676,288 —–c— c:\windows\system32\dllcache\xpssvcs.dll
2008-10-15 12:32 . 2008-07-06 11:50 597,504 —–c— c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2008-10-15 12:32 . 2008-07-06 13:06 575,488 ——— c:\windows\system32\xpsshhdr.dll
2008-10-15 12:32 . 2008-07-06 13:06 575,488 —–c— c:\windows\system32\dllcache\xpsshhdr.dll
2008-10-15 12:32 . 2008-07-06 13:06 117,760 ——— c:\windows\system32\prntvpt.dll
2008-10-15 12:32 . 2008-07-06 13:06 89,088 —–c— c:\windows\system32\dllcache\filterpipelineprintproc.dll
2008-10-15 12:18 . 2008-10-15 12:46 <DIR> d——– C:\3605804ba40585210060076f07a3cc
2008-10-15 12:18 . 2008-10-15 12:18 2,959,376 –a—— c:\program files\dotnetfx35setup.exe
2008-10-15 12:16 . 2008-10-15 12:48 3,172,459 –a—— c:\program files\cdbxp_setup_4.2.2.984.exe
2008-10-15 12:12 . 2008-10-15 12:12 4,057,200 –a—— c:\program files\wmfdist.exe
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-27 18:44 196,608 —-a-w c:\windows\system32\drivers\nStandard.bin
2008-10-24 11:21 455,296 —-a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 13:26 ——— d—–w c:\program files\Windows Media Connect 2
2008-10-22 11:34 359 —-a-w c:\program files\cdsearch.cfg
2008-10-22 11:30 47 —-a-w c:\program files\cdserver.rep
2008-10-22 11:21 28,064 —-a-w c:\program files\Uninst.isu
2008-10-22 10:49 ——— d—–w c:\program files\MSBuild
2008-10-20 14:36 11,644 —-a-w c:\program files\Office_2007_Enterprise_Edition.4453250.TPB.torrent
2008-10-16 13:13 202,776 —-a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 —-a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 —-a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 —-a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 —-a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 —-a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 —-a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 —-a-w c:\windows\system32\wups.dll
2008-10-16 13:06 208,744 —-a-w c:\windows\system32\muweb.dll
2008-10-06 17:28 20,992 —-a-w c:\windows\system32\drivers\vga.sys
2008-10-05 10:05 ——— d–h–w c:\program files\InstallShield Installation Information
2008-10-04 09:35 ——— d—–w c:\program files\microsoft frontpage
2008-10-03 14:05 ——— d—–w c:\program files\Common Files\InstallShield
2008-10-02 22:19 315,392 —-a-w c:\windows\HideWin.exe
2008-10-02 08:09 ——— d—–w c:\program files\Microsoft Silverlight
2008-10-01 16:30 ——— d—–w c:\program files\Prime95
2008-10-01 16:30 ——— d—–w c:\program files\CyberLink
2008-10-01 16:30 ——— d—–w c:\program files\Common Files\Ahead
2008-10-01 16:30 ——— d—–w c:\program files\Ahead
2008-10-01 15:34 ——— d—–w c:\program files\Futuremark
2008-10-01 15:33 ——— d—–w c:\program files\Windows Media Components
2008-10-01 15:27 86 —-a-w c:\documents and settings\Default User\DelB0C.bat
2008-10-01 15:25 ——— d—–w c:\program files\Reference Assemblies
2008-09-30 15:43 1,286,152 —-a-w c:\windows\system32\msxml4.dll
2008-09-15 15:28 1,846,528 —-a-w c:\windows\system32\win32k.sys
2008-09-10 01:16 1,307,648 —-a-w c:\windows\system32\msxml6.dll
2008-09-04 17:17 1,106,944 —-a-w c:\windows\system32\msxml3.dll
2008-09-04 07:31 288,024 —-a-w c:\windows\system32\PhysXCplUI.exe
2008-08-29 09:18 87,336 —-a-w c:\windows\system32\dns-sd.exe
2008-08-29 08:53 61,440 —-a-w c:\windows\system32\dnssd.dll
2008-08-29 06:57 70,936 —-a-w c:\windows\system32\PhysXLoader.dll
2008-08-26 08:27 826,368 —-a-w c:\windows\system32\wininet.dll
2008-08-14 13:27 2,149,888 —-a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 13:27 2,028,544 —-a-w c:\windows\system32\ntkrnlpa.exe
2005-03-31 11:11 15,950 —-a-w c:\program files\vden.res
2005-03-31 11:10 15,878 —-a-w c:\program files\vdne.res
2005-03-23 10:02 2,364 —-a-w c:\program files\leesmij.txt
2002-09-10 07:57 18,326 —-a-w c:\program files\Vdfn.res
2002-09-10 07:57 18,262 —-a-w c:\program files\Vdnf.res
2002-07-12 09:34 284,370 —-a-w c:\program files\VDwin_g.res
1997-05-15 14:07 4,590 —-a-w c:\program files\doswin32.daf
.
((((((((((((((((((((((((((((( snapshot@2008-11-30_18.30.55,32 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-30 17:30:32 16,608 —-a-w c:\windows\gdrv.sys
+ 2008-11-30 18:06:53 16,608 —-a-w c:\windows\gdrv.sys
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="c:\program files\GIGABYTE\GEST\RUN.exe" [2008-10-06 236040]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-26 172032]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-06 136600]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
c:\documents and settings\paul\Menu Start\Programma's\Opstarten\
Mediacontrole Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-10-05 368640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
–a—— 2007-09-13 14:54 380928 c:\program files\ASUS\GamerOSD\GamerOSD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
–a—— 2002-12-02 19:56 40960 c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gStart]
–a—— 2007-03-04 22:08 1891416 c:\garmin\gStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
——— 2008-04-14 21:33 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
–a—— 2006-10-11 11:45 75304 c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF3 Registry Controller]
–a—— 2005-08-25 08:33 106496 c:\program files\ScanSoft\PDF Professional 3.0\registrycontroller.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
–a—— 2008-10-05 10:08 39408 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\GIGABYTE\\GEST\\run.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\DigiLeen\\Digileen.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
R0 hotcore;hotcore;c:\windows\system32\drivers\hotcore.sys [2008-10-04 30820]
R3 ASUSVRC;ASUSTeK Virtual Capture Device;c:\windows\system32\DRIVERS\AsusVRC.sys [2007-01-29 18432]
R3 GEST Service;GEST Service for program management.;"c:\program files\GIGABYTE\GEST\GSvr.exe" [2008-10-02 55816]
R3 Video3D;ASUS Video3D Service;c:\windows\system32\Drivers\Video3D32.sys [2008-10-03 10752]
S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe []
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Inhoud van de 'Gedeelde Taken' map
2008-11-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-30 19:06:52
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2008-11-30 19:07:26
ComboFix-quarantined-files.txt 2008-11-30 18:07:17
ComboFix2.txt 2008-11-30 17:31:47
Pre-Run: 390.013.272.064 bytes beschikbaar
Post-Run: 390,005,239,808 bytes beschikbaar
280 — E O F — 2008-11-01 23:55:24 - Net eens de computer terug opgestart: verloopt vlekkeloos. Of het zo blijft is natuurlijk afwachten (maar ik heb er alle vertrouwen in)
- Perfect. Dan nog even de resten van de besmetting opruimen, de gebruikte programma's (Combofix) verwijderen en de besmette herstelpunten verwijderen.
Verwijder Combofix: Start -> Uitvoeren en typ: combofix /u
Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.
Een volledige cleaning met CCleaner (zowel de bestanden, als het register). Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Opschonen'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.
Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.
That's it ! - uitgevoerd.
Thanks !
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.
