|
| |||||||
 |
 |
| | Thread Tools |
|
#1
16 okt 2008, 09:51
| |||
| |||
| Ik heb vele malen met Malwarebytes te verwijderen VUNDO.H virus. Er wordt gevraagd om opnieuw op te starten en ik Malwarebytes weer alleen te vinden is het nog steeds op het systeem. Ik heb ook uitgeschakeld systemen herstellen voordat u begint deze. Bedankt voor je hulp! |
|
#2
16 okt 2008, 11:27
| |||
| |||
| Open HijackThis en selecteer Doe een systeemscan alleen. Plaats een vinkje naast de volgende items: (indien aanwezig)
Afsluiten HijackThis. ---------- Downloaden OTMoveIt2 door Oldtimer en sla het op uw Desktop. Opmerking: Als u werkt met Vista, klik met de rechtermuisknop op en kies OTMoveIt2.exe Run as administrator. 1. Dubbelklik op OTMoveIt2.exe om het uit te voeren. 2. Kopieer de lijnen in de codebox hieronder. Code: [doden explorer] C: \ WINDOWS \ SYSTEM32 \ digestp.dll EmptyTemp [start explorer] 4. Klik op de rode Moveit! knop. 5. Kopieer alles in het venster Resultaten (onder de groene balk) en plak het in je volgende antwoord. 6. Sluiten OTMoveIt2 Opmerking: Als een bestand of map kan niet worden verplaatst u onmiddellijk kan worden gevraagd de computer opnieuw opstarten om te eindigen in beweging proces. Als gevraagd om opnieuw op te starten, kiest u Ja. Zo niet, toch opnieuw opstarten.
__________________  |
|
#3
16 okt 2008, 12:39
| |||
| |||
| Ik liep alles wat je hebt gepost. De kaping ging prima en de 2-bestanden worden verwijderd. De OTMOVEIT2 programma - ik gekopieerd de 4 lijnen [doden explorer] C: \ WINDOWS \ SYSTEM32 \ digestp.dll EmptyTemp [Start explorer onder de gele balk en geselecteerd MOVEIT. Onder het groene vak het programma zei verkennen gedood succes maar ik heb een fout dialoogvenster. Said OTMOVEIT2 OTMOVEIT2.EXE - Slecht beeld De toepassing of DLL-bestand c: \ windows \ rakxhfy.dll is geen geldige Windows Image. Controleer dit tegen uw installatie schijf. Ik had opnieuw op te starten en OTMOVEIT kwam weer en ik kwam met dezelfde fout dialoogvenster als hierboven. Hoe kan ik dit probleem OTMOVEIT2 wanneer herstart. Is er iets anders dat gedaan moet worden? |
|
#4
16 okt 2008, 12:45
| |||
| |||
| Ja er is meer te doen. Maak je geen zorgen over de foutmelding ... Downloaden random het systeem informatie-instrument (RSIT) door random / willekeurig uit en sla het op uw bureaublad.
__________________ |
|
#5
16 okt 2008, 13:26
| |||
| |||
| log.txt: Uw bestand van 28.7 KB bytes meer dan het forum van de limiet van 19,5 KB voor dit bestandstype. Ik moest WinZip het logboekbestand te krijgen voor u doen om cdonstraints van COMPUTER JUICE bevestiging van bestanden. |
|
#6
16 okt 2008, 13:34
| |||
| |||
| Logbestand Logbestand van de random-systeem informatie-instrument 1,04 (geschreven door random / random) Gerund door de eigenaar op 2008-10-16 15:56:08 Microsoft Windows XP Home Edition Service Pack 3 Systeem station C: is 136 GB (92%) vrij van 149 GB Totaal RAM: 382 MB (30% gratis) Logbestand van Trend Micro HijackThis v2.0.2 Scan opgeslagen in 3:56:33 uur, op 10.16.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Draaiende processen: C: \ WINDOWS \ System32 \ Smss.exe C: \ WINDOWS \ system32 \ winlogon.exe C: \ WINDOWS \ system32 \ Services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ explorer.exe C: \ WINDOWS \ system32 \ Spoolsv.exe C: \ Program Files \ Symantec \ LiveUpdate \ AluSchedulerSvc.exe C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe C: \ Program Files \ Ahead \ InCD \ InCDsrv.exe C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ Mdm.exe C: \ Program Files \ Common Files \ New Boundary \ PrismXL \ PRISMXL.SYS C: \ Program Files \ QuickTime \ qttask.exe C: \ Program Files \ Adobe \ Photoshop Album Starter Edition \ 3.0 \ Apps \ apdproxy.exe C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe C: \ Program Files \ Messenger \ msmsgs.exe C: \ WINDOWS \ system32 \ Ctfmon.exe C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe C: \ Program Files \ Olympus \ DeviceDetector \ DevDtct2.exe C: \ Program Files \ Google \ Google Updater \ GoogleUpdater.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ Program Files \ Internet Explorer \ iexplore.exe C: \ Documents and Settings \ Eigenaar \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 6QBVSP54 \ RSIT [1]. Exe C: \ Program Files \ Common Files \ Symantec Shared \ COH \ coh32.exe C: \ Program Files \ Trend Micro \ HijackThis \ Owner.exe R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.emachines.com/ R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin voor Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll O2 - BHO: NCO 2.0 IE BHO - (602ADB0E-4AFF-4217-8AA1-95DAC4DFA408) - C: \ Program Files \ Common Files \ Symantec Shared \ coShared \ Browser \ 2.6 \ coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - (6D53EC84-6AAE-4787-AEEE-F4628F01010C) - C: \ PROGRA ~ 1 \ COMMON ~ 1 \ SYMANT ~ 1 \ IDS \ IPSBHO.dll O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ Program Files \ Google \ googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 3.1.807.1746 \ sw g.dll O2 - BHO: (geen naam) - (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE) - c: \ windows \ system32 \ digestp.dll O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ installs \ CPN \ yt.dll O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ Program Files \ Google \ googletoolbar1.dll O3 - Toolbar: Show Norton Toolbar - (7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA) - C: \ Program Files \ Common Files \ Symantec Shared \ coShared \ Browser \ 2.6 \ CoIEPlg.dll O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime O4 - HKLM \ .. \ Run: [Adobe Photo Downloader] "C: \ Program Files \ Adobe \ Photoshop Album Starter Edition \ 3.0 \ Apps \ apdproxy.exe" O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe" O4 - HKLM \ .. \ Run: [osCheck] "C: \ Program Files \ Norton 360 \ osCheck.exe" O4 - HKCU \ .. \ Run: [msmsgs] "C: \ Program Files \ Messenger \ msmsgs.exe" / achtergrond O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe O4 - Global Startup: Device Detector 3.lnk = C: \ Program Files \ Olympus \ DeviceDetector \ DevDtct2.exe O4 - Global Startup: Google Updater.lnk = C: \ Program Files \ Google \ Google Updater \ GoogleUpdater.exe O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office \ OSA9.EXE O8 - Extra context menu item: E & xporteren naar Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MICROS ~ 2 \ Office11 \ EXCEL.EXE/3000 O9 - Extra button: Onderzoek - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MICROS ~ 2 \ Office11 \ REFIEBAR.DLL O9 - Extra button: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C: \ WINDOWS \ system32 \ Shdocvw.dll O9 - Extra button: (geen naam) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O16 - DPF: (215B8138-A3CF-44C5-803F-8226143CFC0A) (Trend Micro ActiveX Scan Agent 6.6) -- http://housecall65.trendmicro.com/ho...vex/hcImpl.cab O16 - DPF: (2D8ED06D-3C30-438B-96AE-4D110FDC1FB8) (ActiveScan 2.0 Installer Class) -- http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://www.update.microsoft.com/wind...?1211623928390 O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://www.update.microsoft.com/micr...?1211630845500 O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll O20 - Winlogon Notify: paubftzz - C: \ WINDOWS \ SYSTEM32 \ digestp.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C: \ Program Files \ Symantec \ LiveUpdate \ AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe O23 - Service: Symantec Lic Netconnect service (CLTNetCnService) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ VAScanner \ comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C: \ Program Files \ Ahead \ InCD \ InCDsrv.exe O23 - Service: LiveUpdate - Symantec Corporation - C: \ Program Files \ Symantec \ LiveUpdate \ LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe O23 - Service: PrismXL - New Boundary Technologies, Inc - C: \ Program Files \ Common Files \ New Boundary \ PrismXL \ PRISMXL.SYS O23 - Service: Symantec Core LC - Onbekende eigenaar - C: \ PROGRA ~ 1 \ COMMON ~ 1 \ SYMANT ~ 1 \ CCPD-LC \ symlcsvc.exe -- End of file - 7993 bytes ====== Geplande taken map ====== C: \ WINDOWS \ taken \ Automatische Volledige Backup.job C: \ WINDOWS \ taken \ Daily Gewijzigde Files.job C: \ WINDOWS \ taken \ PEACTREE WEKELIJKSE TERUG UP.job ====== Registry dump ====== [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3)] Adobe PDF Reader Link Helper - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (3049C3E9-B461-4BC5-8870-4C09146192CA)] RealPlayer Download and Record Plugin voor Internet Explorer - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll [2008-04-19 308856] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (602ADB0E-4AFF-4217-8AA1-95DAC4DFA408)] C: \ Program Files \ Common Files \ Symantec Shared \ coShared \ Browser \ 2.6 \ coIEPlg.dll [2008-06-30 349552] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (6D53EC84-6AAE-4787-AEEE-F4628F01010C)] Symantec Intrusion Prevention - C: \ PROGRA ~ 1 \ COMMON ~ 1 \ SYMANT ~ 1 \ IDS \ IPSBHO.dll [2008-10-16 116088] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (AA58ED58-01DD-4d91-8333-CF10577473F7)] Google Toolbar Helper - c: \ Program Files \ Google \ googletoolbar1.dll [2007-06-04 2554944] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (AF69DE43-7D58-4638-B6FA-CE66B5AD205D)] Google Toolbar Notifier BHO - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 3.1.807.1746 \ sw g.dll [2008-09-26 737776] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE)] c: \ windows \ system32 \ digestp.dll [2004-08-04 105984] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ Toolbar] (EF99BD32-C1FB-11D2-892F-0090271D4F88) - Yahoo! Toolbar - C: \ Program Files \ Yahoo! \ Companion \ installs \ CPN \ yt.dll [2005-08-04 343112] (2318C2B1-4965-11D4-9B18-009027A5CD4F) - & Google - C: \ Program Files \ Google \ googletoolbar1.dll [2007-06-04 2554944] ID (7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA) - Show Norton Toolbar - C: \ Program Files \ Common Files \ Symantec Shared \ coShared \ Browser \ 2.6 \ CoIEPlg.dll [2008-06-30 349552] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entVersion \ Run] "QuickTime Task" = C: \ Program Files \ QuickTime \ qttask.exe [2005-01-28 98304] "Adobe Photo Downloader" = C: \ Program Files \ Adobe \ Photoshop Album Starter Edition \ 3.0 \ Apps \ apdproxy.exe [2005-06-06 57344] "Adobe Reader Speed Launcher" = C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe [2008-01-11 39792] "TkBellExe" = C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe [2008-04-19 185896] "ccApp" = C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe [2008-02-18 51048] "osCheck" = C: \ Program Files \ Norton 360 \ osCheck.exe [2008-02-26 988512] [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run] "Msmsgs" = C: \ Program Files \ Messenger \ msmsgs.exe [2008-04-13 1695232] "Ctfmon.exe" = C: \ WINDOWS \ system32 \ Ctfmon.exe [2008-04-13 15360] "SUPERAntiSpyware" = C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe [2008-05-28 1506544] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ ATIPTA] C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe [2004-11-12 344064] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ ccApp] C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe [2008-02-18 51048] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ CHotkey] C: \ WINDOWS \ zHotkey.exe [2004-05-17 543232] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe [2008-04-13 15360] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ InCD] C: \ Program Files \ Ahead \ InCD \ InCD.exe [2003-09-01 1200178] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ msmsgs] C: \ Program Files \ Messenger \ msmsgs.exe [2008-04-13 1695232] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ NeroCheck] C: \ WINDOWS \ system32 \ \ NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Recguard] C: \ WINDOWS \ SMINST \ RECGUARD.EXE [2002-09-13 212992] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ afstandsbediening] C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe [2003-10-31 32768] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ ShowWnd] C: \ WINDOWS \ ShowWnd.exe [2003-09-19 36864] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ geluidsman] C: \ WINDOWS \ SOUNDMAN.EXE [2004-11-15 77824] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SunKistEM] C: \ Program Files \ Digital Media Reader \ shwiconem.exe [2004-11-15 135168] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ UpdateManager] C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe [2003-08-19 110592] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Start ^ Programma's ^ Opstarten ^ BigFix.lnk] C: \ PROGRA ~ 1 \ BigFix \ BigFix.exe [2002-07-31 1742384] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Start ^ Programma's ^ Opstarten ^ Microsoft Office.lnk] C: \ PROGRA ~ 1 \ MICROS ~ 2 \ Office \ OSA9.EXE [2000-01-21 65588] C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup Device Detector 3.lnk - C: \ Program Files \ Olympus \ DeviceDetector \ DevDtct2.exe Google Updater.lnk - C: \ Program Files \ Google \ Google Updater \ GoogleUpdater.exe Microsoft Office.lnk - C: \ Program Files \ Microsoft Office \ Office \ OSA9.EXE [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon] C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll [2007-04-19 294912] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ AtiExtEvent] C: \ WINDOWS \ system32 \ Ati2evxx.dll [2006-02-21 61440] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ paubftzz] C: \ WINDOWS \ system32 \ digestp.dll [2004-08-04 105984] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ ShellServiceObjectDelayLoad] UPnPMonitor - (e57ce738-33e8-4c51-8354-bb4de9d215d1) - C: \ WINDOWS \ system32 \ upnpui.dll [2008-04-13 239616] WPDShServiceObj - (AAA288BA-9A4C-45B0-95D7-94D524869DB5) - C: \ WINDOWS \ system32 \ WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL [2008-05-13 77824] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entVersion \ Policies \ System] "dontdisplaylastusername" = 0 "legalnoticecaption" = "LegalNoticeText" = "shutdownwithoutlogon" = 1 "undockwithoutlogon" = 1 [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Policies \ Explorer] "NoDriveTypeAutoRun" = 145 [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Servic es \ SharedAccess \ Parameters \ firewallpolicy \ standaard profiel \ authorizedapplications \ list] "% windir% \ system32 \ sessmgr.exe" = "% windir% \ system32 \ sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22019" "C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe" = "C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe: *: Enabled: AOL" "C: \ Program Files \ Common Files \ AOL \ ACS \ AOLacsd.exe" = "C: \ Program Files \ Common Files \ AOL \ ACS \ AOLacsd.exe: *: Enabled: AOL" "C: \ Program Files \ America Online 9.0 \ waol.exe" = "C: \ Program Files \ America Online 9.0 \ waol.exe: *: Enabled: America Online 9.0" "% windir% \ Network Diagnostic \ xpnetdiag.exe" = "% windir% \ Network Diagnostic \ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20000" "C: \ Program Files \ Internet Explorer \ iexplore.exe" = "C: \ Program Files \ Internet Explorer \ iexplore.exe: *: Disabled: Internet Explorer" "C: \ WINDOWS \ LMI42.tmp \ lmi_rescue.exe" = "C: \ WINDOWS \ LMI42.tmp \ lmi_rescue.exe: *: Enabled: LogMeIn Rescue" [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Servic es \ SharedAccess \ Parameters \ firewallpolicy \ domainpr ofile \ authorizedapplications \ list] "% windir% \ system32 \ sessmgr.exe" = "% windir% \ system32 \ sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22019" "C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe" = "C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe: *: Enabled: AOL" "C: \ Program Files \ Common Files \ AOL \ ACS \ AOLacsd.exe" = "C: \ Program Files \ Common Files \ AOL \ ACS \ AOLacsd.exe: *: Enabled: AOL" "C: \ Program Files \ America Online 9.0 \ waol.exe" = "C: \ Program Files \ America Online 9.0 \ waol.exe: *: Enabled: America Online 9.0" "% windir% \ Network Diagnostic \ xpnetdiag.exe" = "% windir% \ Network Diagnostic \ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20000" [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ explorer \ mountpoints2 \ (4f63278d-8557-11d9-BE24-806d6172696f)] shell \ AutoRun \ command - C: \ WINDOWS \ system32 \ RUNDLL32.EXE Shell32.dll, ShellExec_RunDLL Info.exe Folder.htt 480 480 [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ explorer \ mountpoints2 \ (e1ec6b61-710 bis-11d9-B301-806d6172696f)] shell \ AutoRun \ command - C: \ WINDOWS \ system32 \ RUNDLL32.EXE Shell32.dll, ShellExec_RunDLL Info.exe Folder.htt 480 480 ====== Lijst van bestanden / mappen die in de laatste 1 maanden ====== 2008-10-16 15:56:08 ---- D ---- C: \ rsit 2008-10-16 15:19:05 ---- D ---- C: \ _OTMoveIt 2008-10-16 14:07:16 ---- D ---- C: \ Program Files \ Panda Security 2008-10-16 13:48:04 ---- A ---- C: \ WINDOWS \ system32 \ CF23987.exe 2008-10-16 13:47:57 ---- A ---- C: \ Bug.txt 2008-10-16 13:20:06 ---- D ---- C: \ VundoFix Backups 2008-10-16 13:20:06 ---- A ---- C: \ VundoFix.txt 2008-10-16 12:26:25 ---- D ---- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com 2008-10-16 12:25:40 ---- D ---- C: \ Program Files \ SUPERAntiSpyware 2008-10-16 12:25:39 ---- D ---- C: \ Documents and Settings \ Eigenaar \ Application Data \ SUPERAntiSpyware.com 2008-10-16 12:25:12 ---- D ---- C: \ Program Files \ Common Files \ Wise Installation Wizard 2008-10-16 11:20:45 ---- HDC ---- C: \ WINDOWS \ $ NtUninstallKB956803 $ 2008-10-16 11:20:36 ---- HDC ---- C: \ WINDOWS \ $ NtUninstallKB956391 $ 2008-10-16 11:20:27 ---- HDC ---- C: \ WINDOWS \ $ NtUninstallKB957095 $ 2008-10-16 11:17:11 ---- HDC ---- C: \ WINDOWS \ $ NtUninstallKB954211 $ 2008-10-16 11:16:54 ---- HDC ---- C: \ WINDOWS \ $ NtUninstallKB956841 $ 2008-10-16 11:08:22 ---- D ---- C: \ WINDOWS \ system32 \ N360_BACKUP 2008-10-16 10:48:03 ---- DC ---- C: \ WINDOWS \ system32 \ DRVSTORE 2008-10-16 10:47:42 ---- D ---- C: \ Documents and Settings \ All Users \ Application Data \ (3276BE95_AF08_429F_A64F_CA64CB79BCF6) 2008-10-16 10:24:37 ---- D ---- C: \ Program Files \ Windows Sidebar 2008-10-16 10:24:06 ---- D ---- C: \ Program Files \ Norton 360 2008-10-16 10:22:49 ---- A ---- C: \ WINDOWS \ system32 \ S32EVNT1.DLL 2008-10-15 17:26:20 ---- D ---- C: \ Program Files \ NoNAV 2008-10-15 16:41:28 ---- D ---- C: \ SymNoNav 2008-10-15 16:22:38 ---- D ---- C: \ WINDOWS \ LMI42.tmp 2008-10-15 15:10:33 ---- D ---- C: \ Program Files \ Trend Micro 2008-10-11 12:25:41 ---- D ---- C: \ WINDOWS \ zondag 2008-10-11 12:25:41 ---- D ---- C: \ Documents and Settings \ Eigenaar \ Application Data \ zondag 2008-10-11 12:00:57 ---- D ---- C: \ Program Files \ CCleaner 2008-10-11 11:38:42 ---- D ---- C: \ Documents and Settings \ Eigenaar \ Application Data \ Malwarebytes 2008-10-11 11:38:37 ---- D ---- C: \ Program Files \ Malwarebytes' Anti-Malware 2008-10-11 11:38:37 ---- D ---- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes ====== Lijst van bestanden / mappen gewijzigd in de laatste 1 maanden ====== 2008-10-16 15:44:12 ---- D ---- C: \ Program Files \ Common Files \ Symantec Shared 2008-10-16 15:43:38 ---- D ---- C: \ WINDOWS \ Temp 2008-10-16 15:27:24 ---- D ---- C: \ WINDOWS \ system32 \ catroot2 2008-10-16 15:25:42 ---- A ---- C: \ WINDOWS \ SchedLgU.Txt 2008-10-16 15:12:27 ---- A ---- C: \ WINDOWS \ hpbafd.ini 2008-10-16 15:12:19 ---- A ---- C: \ WINDOWS \ system32 \ NTS5CSET.INI 2008-10-16 15:05:13 ---- D ---- C: \ WINDOWS 2008-10-16 14:13:35 ---- D ---- C: \ WINDOWS \ system32 \ drivers 2008-10-16 14:07:16 ---- RD ---- C: \ Program Files 2008-10-16 14:07:16 ---- HD ---- C: \ WINDOWS \ inf 2008-10-16 14:06:35 ---- SD ---- C: \ WINDOWS \ Downloaded Program Files 2008-10-16 13:49:56 ---- D ---- C: \ Documents and Settings \ All Users \ Application Data \ Google Updater 2008-10-16 13:48:11 ---- D ---- C: \ WINDOWS \ system32 2008-10-16 12:26:10 ---- SHD ---- C: \ WINDOWS \ Installer 2008-10-16 12:25:12 ---- D ---- C: \ Program Files \ Common Files 2008-10-16 11:50:16 ---- D ---- C: \ WINDOWS \ Minidump 2008-10-16 11:50:16 ---- D ---- C: \ WINDOWS \ Debug 2008-10-16 11:20:47 ---- RSHDC ---- C: \ WINDOWS \ system32 \ dllcache 2008-10-16 11:20:43 ---- HD ---- C: \ WINDOWS \ $ hf_mig $ 2008-10-16 11:20:07 ---- D ---- C: \ Program Files \ Internet Explorer 2008-10-16 11:19:54 ---- D ---- C: \ WINDOWS \ ie7updates 2008-10-16 11:19:07 ---- A ---- C: \ WINDOWS \ win.ini 2008-10-16 11:08:11 ---- D ---- C: \ Documents and Settings \ Eigenaar \ Application Data \ Symantec 2008-10-16 11:04:17 ---- D ---- C: \ Program Files \ Symantec 2008-10-16 11:01:12 ---- D ---- C: \ Documents and Settings \ All Users \ Application Data \ Symantec 2008-10-16 10:46:55 ---- D ---- C: \ WINDOWS \ Prefetch 2008-10-15 17:42:01 ---- D ---- C: \ Documents and Settings 2008-10-15 15:38:45 ---- D ---- C: \ WINDOWS \ WinSxS 2008-10-15 15:38:45 ---- D ---- C: \ Program Files \ Common Files \ Microsoft Shared 2008-10-15 14:55:27 ---- D ---- C: \ WINDOWS \ system32 \ Restore 2008-10-15 13:23:32 ---- A ---- C: \ WINDOWS \ PCW120.ini 2008-10-15 13:23:22 ---- D ---- C: \ SHAREDAT 2008-10-14 14:58:10 ---- D ---- C: \ Shardata 2008-10-11 11:30:23 ---- SHD ---- C: \ System Volume Information 2008-10-07 15:19:40 ---- A ---- C: \ WINDOWS \ system32 \ MRT.exe 2008-10-03 13:41:15 ---- A ---- C: \ WINDOWS \ system32 \ ieframe.dll 2008-09-24 08:36:56 ---- D ---- C: \ Program Files \ Common Files \ Peach ====== Lijst van de bestuurders (R = Running, S = Stopped, 0 = Boot, 1 = System, 2 = Auto, 3 = Demand, 4 = Disabled )====== R1 AmdPPM; AMD HwPState Processor Driver, C: \ WINDOWS \ system32 \ drivers \ AmdPPM.sys [2007-04-16 33792] R1 eeCtrl; Symantec Eraser Control driver \? \ C: \ Program Files \ Common Files \ Symantec Shared \ EENGINE \ eeCtrl.sys [] R1 InCDPass; InCDPass, C: \ Windows \ System32 \ Drivers \ InCDPass.sys [2003-09-01 28528] R1 incdrm; InCD EasyWrite Reader, C: \ WINDOWS \ system32 \ drivers \ incdrm.sys [2003-08-21 25520] R1 SASDIFSV; SASDIFSV; \? \ C: \ Program Files \ SUPERAntiSpyware \ SASDIFSV.SYS [] R1 SASKUTIL; SASKUTIL; \? \ C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.sys [] R1 SPBBCDrv; SPBBCDrv; \? \ C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCDrv.sys [] R1 SRTSPX; SRTSPX, C: \ WINDOWS \ System32 \ Drivers \ SRTSPX.SYS [2008-01-31 43696] R1 SYMTDI; SYMTDI, C: \ WINDOWS \ System32 \ Drivers \ SYMTDI.SYS [2008-06-13 184240] R2 CO_Mon; CO_Mon; \? \ C: \ WINDOWS \ system32 \ drivers \ CO_Mon.sys [] R2 mdmxsdk; mdmxsdk, C: \ WINDOWS \ system32 \ drivers \ mdmxsdk.sys [2004-03-17 13059] R2 tmcomm; tmcomm; \? \ C: \ WINDOWS \ system32 \ drivers \ tmcomm.sys [] R3 ALCXWDM; Service for Realtek AC97 Audio (WDM), C: \ WINDOWS \ system32 \ drivers \ ALCXWDM.SYS [2004-11-18 2297664] R3 Arp1394; 1394 ARP Client Protocol; C: \ WINDOWS \ system32 \ drivers \ arp1394.sys [2008-04-13 60800] R3 ati2mtag; ati2mtag, C: \ WINDOWS \ system32 \ drivers \ ati2mtag.sys [2006-02-21 1505792] R3 COH_Mon; COH_Mon; \? \ C: \ WINDOWS \ system32 \ drivers \ COH_Mon.sys [] R3 EraserUtilRebootDrv; EraserUtilRebootDrv; \? \ C: \ Program Files \ Common Files \ Symantec Shared \ EENGINE \ EraserUtilRebootDrv.sys [] R3 GEARAspiWDM; VISTUIG ASPI Filter Driver; C: \ WINDOWS \ System32 \ Drivers \ GEARAspiWDM.sys [2008-04-17 15464] R3 HSF_DP; HSF_DP, C: \ WINDOWS \ system32 \ drivers \ HSF_DP.sys [2004-06-17 1041536] R3 HSFHWBS2; HSFHWBS2, C: \ WINDOWS \ system32 \ drivers \ HSFHWBS2.sys [2004-06-17 220032] R3 NAVENG; NAVENG; \? \ C: \ PROGRA ~ 1 \ COMMON ~ 1 \ SYMANT ~ 1 \ VIRUSD ~ 1 \ 2008101 6,004 \ NAVENG.SYS [] R3 NAVEX15; NAVEX15; \? \ C: \ PROGRA ~ 1 \ COMMON ~ 1 \ SYMANT ~ 1 \ VIRUSD ~ 1 \ 2008101 6,004 \ NAVEX15.SYS [] R3 NIC1394; 1394 Netto Driver, C: \ WINDOWS \ system32 \ drivers \ nic1394.sys [2008-04-13 61824] R3 rtl8139; Realtek RTL8139 (A / B / C)-based PCI Fast Ethernet Adapter NT Driver; C: \ WINDOWS \ system32 \ drivers \ RTL8139.SYS [2004-08-04 20992] R3 SASENUM; SASENUM; \? \ C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [] R3 SRTSP; SRTSP, C: \ WINDOWS \ System32 \ Drivers \ SRTSP.SYS [2008-01-31 279088] R3 SunkFilt; Alcor Micro Corp Reader \? \ C: \ WINDOWS \ System32 \ Drivers \ sunkfilt.sys [] R3 SYMDNS; SYMDNS, C: \ WINDOWS \ System32 \ Drivers \ SYMDNS.SYS [2008-06-13 13616] R3 SymEvent; SymEvent; \? \ C: \ WINDOWS \ system32 \ drivers \ SYMEVENT.SYS [] R3 SYMFW; SYMFW, C: \ WINDOWS \ System32 \ Drivers \ SYMFW.SYS [2008-06-13 96432] R3 SYMIDS; SYMIDS, C: \ WINDOWS \ System32 \ Drivers \ SYMIDS.SYS [2008-06-13 38576] R3 SYMIDSCO; SYMIDSCO; \? \ C: \ PROGRA ~ 1 \ COMMON ~ 1 \ SYMANT ~ 1 \ SymcData \ ipsdefs \ 20081014.001 \ SymIDSCo.sys [] R3 SymIMMP; SymIMMP, C: \ WINDOWS \ system32 \ drivers \ SymIM.sys [2008-06-13 31280] R3 SYMNDIS; SYMNDIS, C: \ WINDOWS \ System32 \ Drivers \ SYMNDIS.SYS [2008-06-13 37424] R3 SYMREDRV; SYMREDRV, C: \ WINDOWS \ System32 \ Drivers \ SYMREDRV.SYS [2008-06-13 22320] R3 usbehci; Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C: \ WINDOWS \ system32 \ drivers \ Usbehci.sys [2008-04-13 30208] R3 usbhub; USB2 Enabled Hub, C: \ WINDOWS \ system32 \ drivers \ usbhub.sys [2008-04-13 59520] R3 usbohci; Microsoft USB Open Host Controller Miniport Driver; C: \ WINDOWS \ system32 \ drivers \ usbohci.sys [2008-04-13 17152] R3 USBSTOR; USB Mass Storage Driver, C: \ WINDOWS \ system32 \ drivers \ USBSTOR.SYS [2008-04-13 26368] R3 winachsf; winachsf, C: \ WINDOWS \ system32 \ drivers \ HSF_CNXT.sys [2004-06-17 685056] R4 InCDfs; InCD File System, C: \ WINDOWS \ system32 \ drivers \ InCDfs.sys [2003-09-01 88800] S1 P3; PentiumIII Intel Processor Driver, C: \ WINDOWS \ system32 \ drivers \ p3.sys [2008-04-13 42752] S3 Bridge; MAC Bridge, C: \ WINDOWS \ system32 \ drivers \ bridge.sys [2008-04-13 71552] S3 BridgeMP; MAC Bridge Miniport; C: \ WINDOWS \ system32 \ drivers \ bridge.sys [2008-04-13 71552] S3 mxnic; Macronix MX987xx Familie Fast Ethernet NT Driver; C: \ WINDOWS \ system32 \ drivers \ mxnic.sys [2001-08-17 19968] S3 nv; nv, C: \ WINDOWS \ system32 \ drivers \ nv4_mini.sys [2004-08-04 1897408] S3 SRTSPL; SRTSPL, C: \ WINDOWS \ System32 \ Drivers \ SRTSPL.SYS [2008-01-31 317616] S3 SymIM; Symantec Network Security Intermediate Filter Service; C: \ WINDOWS \ system32 \ drivers \ SymIM.sys [2008-06-13 31280] S3 usbuhci; Microsoft USB Universal Host Controller Miniport Driver; C: \ WINDOWS \ system32 \ drivers \ usbuhci.sys [2008-04-13 20608] S3 VNUSB; VN Series Device, C: \ WINDOWS \ system32 \ drivers \ VNUSB.sys [2003-12-15 38448] S3 wanatw; WAN Miniport (ATW), C: \ WINDOWS \ system32 \ drivers \ wanatw4.sys [] S3 WudfPf; Windows Driver Foundation - User-mode Driver Framework Platform Driver; C: \ WINDOWS \ system32 \ drivers \ WudfPf.sys [2006-09-28 77568] S3 WudfRd; Windows Driver Foundation - User-mode Driver Framework Reflector, C: \ WINDOWS \ system32 \ drivers \ wudfrd.sys [2006-09-28 82944] S4 sr; System Restore Filter Driver; C: \ WINDOWS \ system32 \ drivers \ sr.sys [2008-04-13 73472] ====== Lijst van diensten (R = Running, S = Stopped, 0 = Boot, 1 = System, 2 = Auto, 3 = Demand, 4 = Disabled )====== R2 Ati HotKey Poller, Ati HotKey Poller, C: \ WINDOWS \ system32 \ Ati2evxx.exe [2006-02-21 405504] R2 Automatische LiveUpdate Scheduler; Automatische LiveUpdate Scheduler, C: \ Program Files \ Symantec \ LiveUpdate \ AluSchedulerSvc.exe [2008-02-21 238968] R2 ccEvtMgr; Symantec Event Manager, C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe [2008-02-18 149352] R2 ccSetMgr; Symantec Settings Manager, C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe [2008-02-18 149352] R2 CLTNetCnService; Symantec Lic Netconnect dienst, C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe [2008-02-18 149352] R2 gusvc; Google Updater Service; C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe [2007-06-04 138680] R2 InCDsrv; InCD File System Service, C: \ Program Files \ Ahead \ InCD \ InCDsrv.exe [2003-09-01 798772] R2 LiveUpdate Notice; LiveUpdate Notice, C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe [2008-02-18 149352] R2 MDM; Machine Debug Manager, C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ Mdm.exe [2003-06-19 322120] R2 PrismXL; PrismXL, C: \ Program Files \ Common Files \ New Boundary \ PrismXL \ PRISMXL.SYS [2005-01-28 172032] S3 aspnet_state; ASP.NET State Service; C: \ WINDOWS \ Microsoft.NET \ Framework \ v1.1.4322 \ aspne t_state.exe [2004-07-15 32768] S3 comHost, COM Host, C: \ Program Files \ Common Files \ Symantec Shared \ VAScanner \ comHost.exe [2007-08-22 55640] S3 LiveUpdate; LiveUpdate, C: \ Program Files \ Symantec \ LiveUpdate \ LuComServer_3_4.EXE [2008-09-05 3220856] S3 OSE; Office Source Engine, C: \ Program Files \ Common Files \ Microsoft Shared \ Source Engine \ OSE.EXE [2003-07-28 89136] S3 Symantec Core LC; Symantec Core LC, C: \ PROGRA ~ 1 \ COMMON ~ 1 \ SYMANT ~ 1 \ CCPD-LC \ symlcsvc.exe [2008-10-16 1245064] S3 WMPNetworkSvc; Windows Media Player Network Sharing Service; C: \ Program Files \ Windows Media Player \ WMPNetwk.exe [2006-10-18 913408] S3 WudfSvc; Windows Driver Foundation - User-mode Driver Framework, C: \ WINDOWS \ system32 \ svchost.exe [2008-04-13 14336] ----------------- EOF ----------------- |
|
#7
16 okt 2008, 13:50
| |||
| |||
| De digestp.dll is nog steeds niet verdwenen. Voornaam: Downloaden Uitschakelen / Remove Windows Messenger op het bureaublad te verwijderen Windows Messenger. Niet te verwarren Windows Messenger met MSN Messenger want ze zijn niet hetzelfde. Windows Messenger is een veel voorkomende oorzaak van pop-ups. Unzip het bestand op het bureaublad. Open de MessengerDisable.exe en kies de onderste vak -- Windows Messenger en klik op Aanvragen. Afsluiten van MessengerDisable verwijder vervolgens de twee bestanden die zijn gelegd op het bureaublad. ---------- Opmerking: de onderstaande instructies zijn die speciaal voor deze gebruiker. Als u geen gebruiker, DO NOT Volg deze aanwijzingen als ze kunnen schade toebrengen aan de werking van uw systeem Ga naar Start> Uitvoeren en type notepad.exe klik op OK Kopieer en plak de onderstaande in Kladblok en sla op als fixme.reg om Uw Desktop Code: REGEDIT4 [-HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE)] [-HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ msmsgs] [-- HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ paubftzz] Zorg ervoor dat u mij vertellen of u ontvangt een succes bericht over het toevoegen van het bovenstaande tot het register. Als je niet een succes bericht, het werkte niet. Verwijder de fixme.reg vanaf het bureaublad. ---------- Uw Java is verouderd. Oudere versies hebben kwetsbaarheden die kwaadaardige sites kunt gebruiken om uw systeem te infecteren. Installeer eerst de nieuwe Sun Java Runtime Environment Zorg dat u alle browservensters sluiten voordat u begint met de installatie. Verwijder de oude versie (s) Downloaden JavaRa
Verdachte bestanden te scannen Ga naar VirSCAN.org gratis online scan service (Indien meer dan een bestand moet gescand moeten worden gedaan afzonderlijk en logs geplaatst voor elk een) 1. Kopieer en plak het volgende bestand pad in de Verdachte bestanden te scannen vak aan de bovenkant van de pagina. Code: C: \ WINDOWS \ system32 \ CF23987.exe 3. Druk op Ctrl + V op het toetsenbord (beide tegelijk) om te plakken het pad in het venster. 4. Klik op de Uploaden knop. Dit zal het uitvoeren van een scan op meerdere verschillende viruscontroleprogramma motoren. Uw bestand zal mogelijk worden opgenomen in een wachtrij die normaliter minder dan een minuut duidelijk. Belangrijk: Wacht tot alle motoren van het scannen te voltooien. 5. Zodra de scan is voltooid, bladert u omlaag en klikt u op de Kopiëren naar klembord knop. Dit kopieert de link van het verslag in het Klembord. 6. Plak de inhoud van het klembord in je volgende antwoord. ---------- Na het doorvoeren van de VirSCAN.org resultaten. Downloaden ATF Cleaner door Atribune naar uw bureaublad. Alternatieve download link Opmerking: Vista-gebruikers moeten Run as administrator
Belangrijk: Start de computer opnieuw op voordat u verdergaat.
__________________ |
|
#8
16 okt 2008, 14:39
| |||
| |||
| 1. Succes in Fixme.reg 2. Dan zijn hier de 2 log bestanden die u wilde mij te sturen A. JavaRa 1,11 Verwijdering Logboek. Verslag volgt na regel. ------------------------------------ De JavaRa verwijdering werd gestart op do 16 okt 17:23:09 2008 Gevonden en verwijderd: C: \ Windows \ System32 \ jpicpl32.cpl Gevonden en verwijderd: C: \ Windows \ Installer \ (7148F0A8-6813-11D6-A77B-00B0D0142000) Gevonden en verwijderd: SOFTWARE \ Javasoft \ Java Runtime Environment \ 1.4 Gevonden en verwijderd: SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uninstal l \ (7148F0A8-6813-11D6-A77B-00B0D0142000) Gevonden en verwijderd: SOFTWARE \ Classes \ CLSID \ (CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA) Gevonden en verwijderd: SOFTWARE \ Classes \ CLSID \ (CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB) Gevonden en verwijderd: SOFTWARE \ Classes \ Installer \ Products \ 8A0F841731866D 117AB7000B0D410200 Gevonden en verwijderd: SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Installe r \ UserData \ S-1-5-18 \ Products \ 8A0F841731866D117AB7000B0D410200 Gevonden en verwijderd: SOFTWARE \ Classes \ JavaPlugin.142 Gevonden en verwijderd: SOFTWARE \ Javasoft \ Java Plug-in \ 1.4.2 Gevonden en verwijderd: SOFTWARE \ Javasoft \ Java Runtime Environment \ 1.4.2 Gevonden en verwijderd: SOFTWARE \ Javasoft \ Java Web Start \ 1.4.2 Gevonden en verwijderd: SOFTWARE \ Javasoft \ Java Web Start \ 1.0.1 Gevonden en verwijderd: SOFTWARE \ Javasoft \ Java Web Start \ 1.0.1_02 Gevonden en verwijderd: SOFTWARE \ Javasoft \ Java Web Start \ 1.0.1_03 Gevonden en verwijderd: SOFTWARE \ Javasoft \ Java Web Start \ 1.0.1_04 Gevonden en verwijderd: SOFTWARE \ Javasoft \ Java Web Start \ 1.2 Gevonden en verwijderd: SOFTWARE \ Javasoft \ Java Web Start \ 1.2.0_01 ------------------------------------ Afgewerkt rapportage. JavaRa 1,11 Verwijdering Logboek. Verslag volgt na regel. ------------------------------------ De JavaRa verwijdering werd gestart op do okt 16 17:23:18 2008 ------------------------------------ Afgewerkt rapportage. B. VirSCAN. Org Gescande Verslag: Gescande tijd: 2008/10/16 17:27:59 (CEST) Scanner resultaten: Alle Scanners gemeld niet vinden malware! Bestandsnaam: CF23987.exe Bestandsgrootte: 389120 bytes Bestandstype: PE32 uitvoerbare voor MS Windows (console) Intel 80386 32-bit MD5: b65faf059812f22a1058ecfcb520e47b SHA1: 8148c039b0f0a166bc1a1801fe6d14716bdcec1f Online verslag: http://virscan.org/report/36cd3be0f2...66947033e.html Scanner Engine Ver Ver Sig Sig Datum Tijd scan resultaat a-kwadraat 4.0.0.16 2008.10.15 2008-10-15 1,54 -- AhnLab V3 ... .. - 0.18 -- AntiVir 7.9.0.5 7.0.7.51 2008-10-16 0,08 -- Antiy 2.0.18 20081016,1488960 2008-10-16 0,12 -- Arcavir 1.0.5 200810161244 2008-10-16 1,23 -- Authentium 5.1.1 200810150216 2008-10-15 1,17 -- Avast! 3.0.1 081015-0 2008-10-15 0,72 -- AVG 7.5.52.442 270.8.1/1728 2008-10-16 1,68 -- BitDefender 7.60825.1875439 7,21294 2008-10-17 3,13 -- CA (VET) 9.0.0.143 31.6.6151 2008-10-16 5,37 -- ClamAV 0,94 8435 2008 -10-17 0,13 -- Comodo 2,11 2.0.0.678 2008-10-16 0,44 -- CP Secure 1.1.0.715 2008.10.17 2008-10-17 6,26 -- Dr.WEB 4.44.0.9170 2008.10.16 2008-10-16 3,41 -- ewido 4.0.0.2 2008.10.16 2008-10-16 2,90 -- F-Prot 4.4.4.56 20081016 2008-10-16 1,19 -- F-Secure 5.51.6100 2008 .10.16.09 2008-10-16 3,55 -- Fortinet 2.81-3.113 9,647 2008-10-15 0,23 -- GData 19.1058/19.65 20081016 2008-10-16 2,65 -- ViRobot 20081016 2008-10-16 2008-10-16 0.40 -- Ikarus T3.1.01.34 2008.10.16.71662 2008-10-16 3,99 -- JiangMin 11.0.706 2008.10.16 2008-10-16 1,26 -- Kaspersky 5.5.10 2008-10-16 2008-10-16 0,04 -- KingSoft 2008.9.8.18 2008.10.16.17 2008-10-16 0,66 -- McAfee 5.3.00 5406 2008-10-15 2,13 -- Microsoft 1.4005 2008-10-16 2008-10-16 3,93 -- mks_vir 2,01 2008.10.16 2008-10-16 2,75 -- Norman 5.93.01 5.93.00 2008-10-16 5,21 -- Panda 9.05.01 2008.10.16 2008-10-16 2,28 -- Trend Micro 8.700-1004 5.604.11 2008-10-16 0,03 -- Quick Heal 9,50 2008.10.16 2008-10-16 1,99 -- Rising 20,0 20.66.32.00 2008-10-16 0,77 -- Sophos 2.79.0 4,34 2008-10-17 1,86 -- Sunbelt 3.1.1728.1 2317 2008-10-16 0,48 -- Symantec 1.3.0.24 20081016,004 2008-10-16 0,05 -- nProtect 2008-10-16.00 2247055 2008-10-16 4,22 -- The Hacker 6.3.1.0 v00116 2008-10-16 0,45 -- VBA32 3.12.8.7 20081016,1009 2008-10-16 1,43 -- VirusBuster 4.5.11.10 10.90.4/651643 2008-10-16 0,99 -- |
|
#9
16 okt 2008, 14:41
| |||
| |||
| Download ComboFix door subs uit een van de onderstaande links. Wees er zeker boven op te slaan op de Desktop. Link # 1 Link # 2 ** Opmerking: Het is belangrijk dat het is opgeslagen rechtstreeks op uw bureaublad Sluit alle open web browsers. (Firefox, Internet Explorer, enz.) voordat u begint ComboFix. Tijdelijk uitschakelen je antivirus, En eventuele antispyware real-time bescherming voordat het uitvoeren van een scan. Klik op deze link om een lijst van programma's die de veiligheid moeten worden uitgeschakeld en het uitschakelen van hen. Dubbelklik op combofix.exe en volg de instructies. Wanneer u klaar bent ComboFix zal een log voor je. Post de ComboFix log in je volgende antwoord. Belangrijk: Niet muisklik ComboFix het venster terwijl het draait. Dat kan leiden tot stilstand. Vergeet niet om opnieuw inschakelen van uw antivirus-en antispyware-bescherming wanneer ComboFix is voltooid.
__________________ |
|
#10
16 okt 2008, 15:11
| |||
| |||
| ComboFix 08-10-16.01 - Eigenaar 2008-10-16 17:52:25.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.95 [GMT -4:00] Running from: C: \ Documents and Settings \ Eigenaar \ Desktop \ ComboFix.exe * Gemaakt van een nieuw herstelpunt . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))) )))))))))))))))))))))))))))))))))))))))) . C: \ WINDOWS \ jestertb.dll D: \ Autorun.inf . ((((((((((((((((((((((((( Bestanden Gemaakt van 2008-09-16 tot 2008-10-16 ))))))))))) )))))))))))))))))))) . 2008-10-16 16:16. 2008-10-16 16:17 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ WinZip 2008-10-16 15:56. 2008-10-16 16:23 <DIR> d -------- C: \ rsit 2008-10-16 15:19. 2008-10-16 15:19 <DIR> d -------- C: \ _OTMoveIt 2008-10-16 14:07. 2008-10-16 14:07 <DIR> d -------- C: \ Program Files \ Panda Security 2008-10-16 14:07. 2008-06-19 17:24 28,544 - a ------ C: \ WINDOWS \ system32 \ drivers \ pavboot.sys 2008-10-16 13:20. 2008-10-16 13:20 <DIR> d -------- C: \ VundoFix Backups 2008-10-16 12:26. 2008-10-16 12:26 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com 2008-10-16 12:25. 2008-10-16 13:40 <DIR> d -------- C: \ Program Files \ SUPERAntiSpyware 2008-10-16 12:25. 2008-10-16 12:25 <DIR> d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard 2008-10-16 12:25. 2008-10-16 12:25 <DIR> d -------- C: \ Documents and Settings \ Eigenaar \ Application Data \ SUPERAntiSpyware.com 2008-10-16 11:08. 2008-10-16 11:08 <DIR> d -------- C: \ WINDOWS \ system32 \ N360_BACKUP 2008-10-16 10:48. 2008-10-16 10:48 <DIR> d ---- c --- C: \ WINDOWS \ system32 \ DRVSTORE 2008-10-16 10:47. 2008-10-16 10:47 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ (3276BE95_AF08_429F_A64F_CA64CB79BCF6) 2008-10-16 10:24. 2008-10-16 10:24 <DIR> d -------- C: \ Program Files \ Windows Sidebar 2008-10-16 10:24. 2008-10-16 11:44 <DIR> d -------- C: \ Program Files \ Norton 360 2008-10-16 10:22. 2008-10-16 11:04 123,952 - a ------ C: \ WINDOWS \ system32 \ drivers \ SYMEVENT.SYS 2008-10-16 10:22. 2008-10-16 11:04 60,800 - a ------ C: \ WINDOWS \ system32 \ S32EVNT1.DLL 2008-10-16 10:22. 2008-10-16 11:04 10.671 - a ------ C: \ WINDOWS \ system32 \ drivers \ SYMEVENT.CAT 2008-10-16 10:22. 2008-10-16 11:04 805 - a ------ C: \ WINDOWS \ system32 \ drivers \ SYMEVENT.INF 2008-10-16 10:16. 2008-09-08 06:41 333,824 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Srv.sys 2008-10-16 10:15. 2008-08-14 06:11 2,189,184 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ntoskrnl.exe 2008-10-16 10:15. 2008-08-14 06:09 2145280 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Ntkrnlmp.exe 2008-10-16 10:15. 2008-08-14 05:33 2.066.048 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Ntkrnlpa.exe 2008-10-16 10:15. 2008-08-14 05:33 2,023,936 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Ntkrpamp.exe 2008-10-16 10:15. 2008-09-15 08:12 1846400 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Win32k.sys 2008-10-16 10:09. 2008-10-16 10:10 <DIR> d -------- C: \ Documents and Settings \ Administrator \. Housecall6.6 2008-10-15 17:42. 2004-08-27 05:54 <DIR> d -------- C: \ Documents and Settings \ Administrator \ WINDOWS 2008-10-15 17:42. 2005-01-28 05:22 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ SampleView 2008-10-15 17:42. 2005-01-28 05:26 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ McAfee 2008-10-15 17:42. 2008-10-15 17:42 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Malwarebytes 2008-10-15 17:42. 2008-10-16 10:09 <DIR> d -------- C: \ Documents and Settings \ Administrator 2008-10-15 17:26. 2008-10-15 17:26 <DIR> d -------- C: \ Program Files \ NoNAV 2008-10-15 16:41. 2008-10-15 17:26 <DIR> d -------- C: \ SymNoNav 2008-10-15 16:22. 2008-10-15 17:27 <DIR> d -------- C: \ WINDOWS \ LMI42.tmp 2008-10-15 15:10. 2008-10-15 15:10 <DIR> d -------- C: \ Program Files \ Trend Micro 2008-10-11 13:05. 2008-10-11 12:33 102,664 - a ------ C: \ WINDOWS \ system32 \ drivers \ tmcomm.sys 2008-10-11 12:33. 2008-10-15 15:21 <DIR> d -------- C: \ Documents and Settings \ Eigenaar \. Housecall6.6 2008-10-11 12:25. 2008-10-11 12:25 <DIR> d -------- C: \ WINDOWS \ zondag 2008-10-11 12:00. 2008-10-11 12:01 <DIR> d -------- C: \ Program Files \ CCleaner 2008-10-11 11:38. 2008-10-11 11:38 <DIR> d -------- C: \ Program Files \ Malwarebytes' Anti-Malware 2008-10-11 11:38. 2008-10-11 11:38 <DIR> d -------- C: \ Documents and Settings \ Eigenaar \ Application Data \ Malwarebytes 2008-10-11 11:38. 2008-10-11 11:38 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes 2008-10-11 11:38. 2008-09-10 00:04 38,528 - a ------ C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys 2008-10-11 11:38. 2008-09-10 00:03 17.200 - a ------ C: \ WINDOWS \ system32 \ drivers \ mbam.sys 2008-09-23 13:17. 2008-09-23 13:17 133 - a ------ C: \ Documents and Settings \ All Users \ Application Data \ ustore.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2008-10-16 21:53 --------- d ----- w C: \ Program Files \ Common Files \ Symantec Shared 2008-10-16 17:49 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Google Updater 2008-10-16 15:08 --------- d ----- w C: \ Documents and Settings \ Eigenaar \ Application Data \ Symantec 2008-10-16 15:04 --------- d ----- w C: \ Program Files \ Symantec 2008-10-16 15:01 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Symantec 2008-09-24 12:36 --------- d ----- w C: \ Program Files \ Common Files \ Peach 2008-09-08 10:41 333,824 ---- aw C: \ WINDOWS \ system32 \ drivers \ Srv.sys 2008-08-19 10:32 --------- d ----- w C: \ Program Files \ Microsoft Silverlight 2005-10-20 18:06 76-c ---- w C: \ Documents and Settings \ Eigenaar \ Application Data \ wklnhst.dat 2005-05-27 00:43 0-csha-w C: \ WINDOWS \ SMINST \ HPCD.sys 2008-05-24 13:39 32.768-csha-w C: \ WINDOWS \ system32 \ config \ systemprofile \ Local Settings \ Geschiedenis \ History.IE5 \ MSHist012008052420080 525 \ Index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Note * empty entries & legit default entries worden niet weergegeven REGEDIT4 [HKEY_LOCAL_MACHINE \ ~ \ Browser Helper Objects \ (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE)] 2004-08-04 15:00 105984 - a ------ c: \ windows \ system32 \ digestp.dll [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ valuta entversion \ Explorer \ shelliconoverlayidentifiers \ Ov erlayExcluded] @ = "(4433A54A-1AC8-432f-90FC-85F045CF383C)" [HKEY_CLASSES_ROOT \ CLSID \ (4433A54A-1AC8-432f-90FC-85F045CF383C)] 2008-02-26 04:34 576352 - a ------ C: \ Program Files \ Common Files \ Symantec Shared \ Backup \ buShell.dll [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ valuta entversion \ Explorer \ shelliconoverlayidentifiers \ Ov erlayPending] @ = "(F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225)" [HKEY_CLASSES_ROOT \ CLSID \ (F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225)] 2008-02-26 04:34 576352 - a ------ C: \ Program Files \ Common Files \ Symantec Shared \ Backup \ buShell.dll [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ valuta entversion \ Explorer \ shelliconoverlayidentifiers \ Ov erlayProtected] @ = "(476D0EA3-80F9-48B5-B70B-05E677C9C148)" [HKEY_CLASSES_ROOT \ CLSID \ (476D0EA3-80F9-48B5-B70B-05E677C9C148)] 2008-02-26 04:34 576352 - a ------ C: \ Program Files \ Common Files \ Symantec Shared \ Backup \ buShell.dll [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2008-04-13 15360] "SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2008-05-28 1506544] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [2005-01-28 98304] "Adobe Photo Downloader" = "C: \ Program Files \ Adobe \ Photoshop Album Starter Edition \ 3.0 \ Apps \ apdproxy.exe" [2005-06-06 57344] "Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2008-01-11 39792] "TkBellExe" = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [2008-04-19 185896] "ccApp" = "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe" [2008-02-18 51048] "osCheck" = "C: \ Program Files \ Norton 360 \ osCheck.exe" [2008-02-26 988512] C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Device Detector 3.lnk - C: \ Program Files \ Olympus \ DeviceDetector \ DevDtct2.exe [2007-06-27 114688] Google Updater.lnk - C: \ Program Files \ Google \ Google Updater \ GoogleUpdater.exe [2007-06-04 125624] Microsoft Office.lnk - C: \ Program Files \ Microsoft Office \ Office \ OSA9.EXE [2000-01-21 65588] WinZip Quick Pick.lnk - C: \ Program Files \ WinZip \ WZQKPICK.EXE [2008-09-11 525664] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ valuta entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon] 2007-04-19 13:41 294912 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ paubftzz] 2004-08-04 15:00 105984 C: \ WINDOWS \ system32 \ digestp.dll [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Start ^ Programma's ^ Opstarten ^ BigFix.lnk] path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ BigFix.lnk backup = C: \ WINDOWS \ PSS \ Startup BigFix.lnkCommon [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Start ^ Programma's ^ Opstarten ^ Microsoft Office.lnk] path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Microsoft Office.lnk backup = C: \ WINDOWS \ PSS \ Microsoft Office.lnkCommon Opstarten [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ ATIPTA] - a - c --- 2004-11-12 01:10 344064 C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ ccApp] - a ------ 2008-02-18 15:37 51048 C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Ctfmon.exe] - a ------ 2008-04-13 20:12 15360 C: \ WINDOWS \ system32 \ Ctfmon.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ InCD] - a ------ 2003-09-01 09:32 1200178 C: \ Program Files \ Ahead \ InCD \ InCD.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ NeroCheck] - a ------ 2001-07-09 15:50 155648 C: \ WINDOWS \ system32 \ NeroCheck.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ NeroFilterCheck] - a ------ 2001-07-09 15:50 155648 C: \ WINDOWS \ system32 \ NeroCheck.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Recguard] - a - c --- 2002-09-13 16:42 212992 C: \ WINDOWS \ SMINST \ Recguard.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ afstandsbediening] - a - c --- 2003-10-31 23:42 32768 C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SunKistEM] - a - c --- 2004-11-15 19:04 135168 C: \ Program Files \ Digital Media Reader \ shwiconEM.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ UpdateManager] - a - c --- 2003-08-19 01:01 110592 C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ CHotkey] - a - c --- 2004-05-17 22:30 543232 C: \ WINDOWS \ zHotkey.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ ShowWnd] - a - c --- 2003-09-19 13:09 36864 C: \ WINDOWS \ ShowWnd.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ geluidsman] - a - c --- 2004-11-15 23:20 77824 C: \ WINDOWS \ SOUNDMAN.EXE [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring] "DisableMonitoring" = dword: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecAntiVirus] "DisableMonitoring" = dword: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecFirewall] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo antonny \ standardprofile] "EnableFirewall" = 0 (0x0) [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo antonny \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = R0 pavboot; pavboot, C: \ WINDOWS \ system32 \ drivers \ pavboo t.sys [2008-06-19 28544] R0 shsizubv; shsizubv, C: \ WINDOWS \ system32 \ drivers \ shsi zubv.sys [2004-08-04 23424] S3 COH_Mon; COH_Mon, C: \ WINDOWS \ system32 \ drivers \ COH_Mo n.sys [2008-07-30 23888] S3 VNUSB; VN Series Device, C: \ WINDOWS \ system32 \ drivers \ VNUSB.sys [2003-12-15 38448] HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Svchost - NetSvcs qfbydciq [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ explorer \ mountpoints2 \ (4f63278d-8557-11d9-BE24-806d6172696f)] \ Shell \ AutoRun \ command - C: \ WINDOWS \ system32 \ RUNDLL32.EXE Shell32.dll, ShellExec_RunDLL Info.exe Folder.htt 480 480 [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ explorer \ mountpoints2 \ (e1ec6b61-710 bis-11d9-B301-806d6172696f)] \ Shell \ AutoRun \ command - C: \ WINDOWS \ system32 \ RUNDLL32.EXE Shell32.dll, ShellExec_RunDLL Info.exe Folder.htt 480 480 * Newly Created Service * - COMHOST * Newly Created Service * - PROCEXP90 . Inhoud van de 'Geplande taken' map 2008-10-12 C: \ WINDOWS \ Tasks \ Automatische Volledige Backup.job - C: \ Program Files \ Stomp \ Backup MijnPC \ System \ bestart.exe [2003-10-30 04:10] 2008-10-15 C: \ WINDOWS \ Tasks \ Daily Gewijzigde Files.job - C: \ Program Files \ Stomp \ Backup MijnPC \ System \ bestart.exe [2003-10-30 04:10] 2008-10-11 C: \ WINDOWS \ Tasks \ PEACTREE WEKELIJKSE TERUG UP.job - C: \ Program Files \ Stomp \ Backup MijnPC \ System \ bestart.exe [2003-10-30 04:10] . - - - - WEZEN REMOVED - - - -- Toolbar-ID - (geen file) . ------- Bijkomende Scan ------- . R0 -: HKCU-Main, Start Page = hxxp: / / www.emachines.com/ R0 -: HKCU-Main, SearchMigratedDefaultURL = hxxp: / / www.google.com/search?q = (zoektermen) & sourceid = ie7 & RLS = com.micros oft: en-US & ie = utf8 & oe = utf8 R1 -: HKCU-SearchURL, (Default) = hxxp: / / www.google.com/search?q =% s O8 -: E & xporteren naar Microsoft Excel - C: \ PROGRA ~ 1 \ MICROS ~ 2 \ Office11 \ EXCEL.EXE/3000 . ************************************************** ************************ CatchMe 0.3.1361 W2K/XP/Vista - rootkit / stealth malware detector, Gmer, http://www.gmer.net Rootkit scan 2008-10-16 17:54:24 Windows 5.1.2600 Service Pack 3 NTFS het scannen van verborgen processen ... het scannen van verborgen autostart items ... het scannen van verborgen bestanden ... scannen is voltooid verborgen bestanden: 0 ************************************************** ************************ . Afronding tijd: 2008-10-16 17:56:31 ComboFix-quarantaine-files.txt 2008-10-16 21:56:27 Pre-Run: 142914838528 bytes vrij Post-Run: 142911078400 bytes vrij WindowsXP-KB310994-SP2-Home-Bootdisk-NLD.exe [boot loader] timeout = 2 standaard = multi (0) disk (0) rdisk (0) partition (1) \ WINDOW S [operating systems] C: \ cmdcons \ bootsect.dat = "Microsoft Windows Recovery Console" / cmdcons multi (0) disk (0) rdisk (0) partition (1) \ WINDOWS = "Micro soft Windows XP Home Edition" / noexecute = OptIn / fastdetect 208 --- EOF --- 2008-10-16 15:20:49 |
