|
|
#1
23 mei 2009, 09:33
| |||
| |||
| Ik ben op een computer vrienden, Vista en Windows zal niet bijwerken. Tot nu toe heb ik gevonden en verwijderd Internet Anti-Virus, Win32Adload.r en video.exe. Ze had ook dat coupon spyware en hun zoon gehouden laden limewire. Ik verwijderde beide (LOL Limewire installeert zich in 400 plaatsen, ik moest elke map en het bestand af te raken van dat). Maar nog steeds geen windows update. Ik krijg een code 80072efd die zegt dat er een firewall preventie venster bijwerken. Ik kan geen enkele andere dan de firewall van Windows en ik heb in elke map. Hier zijn de drie logs, ik kan iets niet vinden, heb ik iets gemist? Opmerking: Ik kan niet uploaden elk van de drie logs. Ik krijg steeds ongeldige bestand van de site. What's up met dat? Heb ik teveel upload hier? Laat ik proberen een kopie te plakken: SUPERAntiSpyware Scan Log http://www.superantispyware.com Gegenereerd 05.23.2009 op 04:42 Toepassing Versie: 4.26.1002 Core Rules Database Version: 3908 Trace Rules Database Version: 1852 Scan type: Volledige Scan Totaal Scan tijd: 03:45:40 Geheugen objecten gescand: 831 Geheugen bedreigingen gedetecteerd: 0 Register-items gescand: 6407 Griffie bedreigingen gedetecteerd: 0 Bestand objecten gescand: 326608 Bestand bedreigingen gedetecteerd: 78 Adware.Tracking Cookie C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley @ 2o7 [2]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley @ interclick [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley @ tribalfusion [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley @ RealMedia [2]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldmanager [2]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@adopt.specificclick [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftinternetexplorer.112.2o7 [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley @ specificclick [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnservices.112.2o7 [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley @ media6degrees [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley @ revsci [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftwindows.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley @ 2o7 [2]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldmanager [2]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@adopt.specificclick [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley @ interclick [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley @ media6degrees [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftinternetexplorer.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftwindows.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnservices.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley @ RealMedia [2]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley @ revsci [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley @ specificclick [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley @ tribalfusion [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley @ 2o7 [2]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldman ager [2]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@adopt.speci ficclick [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley @ interclick [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley @ media6degre es [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley @ microsoftin ternetexplorer.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley @ microsoftwi ndows.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@msnportal.1 12.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley @ msnservices .112.2 O7 [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley @ RealMedia [2]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley @ revsci [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley @ specificcli lg [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley @ tribalfusio n [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ shirley @ 2o7 [2]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ shirley@ad.yieldmanager [2]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ shirley@adopt.specificcli lg [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ shirley @ interclick [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ shirley @ media6degrees [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ shirley @ microsoftinternet explorer.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ shirley @ microsoftwindows. 112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ shirley@msnservices.112.2 O7 [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ shirley @ RealMedia [2]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ shirley @ revsci [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ shirley @ specificclick [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ shirley @ tribalfusion [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley @ 2o7 [2]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldman ager [2]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@adopt.speci ficclick [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley @ interclick [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley @ media6degre es [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley @ microsoftin ternetexplorer.112.2o7 [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley @ microsoftwi ndows.112.2o7 [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@msnportal.1 12.2o7 [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley @ msnservices .112.2 O7 [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley @ RealMedia [2]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley @ revsci [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley @ specificcli lg [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley @ tribalfusio n [1]. Txt C: \ Users \ Shirley \ Cookies \ shirley @ 2o7 [2]. Txt C: \ Users \ Shirley \ Cookies \ shirley@ad.yieldmanager [2]. Txt C: \ Users \ Shirley \ Cookies \ shirley@adopt.specificcli lg [1]. Txt C: \ Users \ Shirley \ Cookies \ shirley @ interclick [1]. Txt C: \ Users \ Shirley \ Cookies \ shirley @ media6degrees [1]. Txt C: \ Users \ Shirley \ Cookies \ shirley @ microsoftinternet explorer.112.2o7 [1]. Txt C: \ Users \ Shirley \ Cookies \ shirley @ microsoftwindows. 112.2o7 [1]. Txt C: \ Users \ Shirley \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt C: \ Users \ Shirley \ Cookies \ shirley@msnservices.112.2 O7 [1]. Txt C: \ Users \ Shirley \ Cookies \ shirley @ RealMedia [2]. Txt C: \ Users \ Shirley \ Cookies \ shirley @ revsci [1]. Txt C: \ Users \ Shirley \ Cookies \ shirley @ specificclick [1]. Txt C: \ Users \ Shirley \ Cookies \ shirley @ tribalfusion [1]. Txt Malwarebytes' Anti-Malware 1.36 Database versie: 2150 Windows 6.0.6001 Service Pack 1 5/19/2009 8:40:58 AM mbam-log-2009-05-19 (08-40-58). txt Scan type: Quick Scan Objecten gescand: 71524 Verstreken tijd: 3 minuten (s), 23 seconde (n) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 13 Registry Values Infected: 0 Registry Data Items Infected: 3 Folders Infected: 3 Geïnfecteerde bestanden: 11 Memory Processes Infected: (Geen kwaadaardige items gedetecteerd) Memory Modules Infected: (Geen kwaadaardige items gedetecteerd) Registry Keys Infected: HKEY_CLASSES_ROOT \ fe345.fe345mgr (Trojan.FakeAlert) -> quarantaine en verwijderd. HKEY_CLASSES_ROOT \ CLSID \ (65768b48-b004-4b26-9bac-a3bac39643d1) (Trojan.FakeAlert) -> quarantaine en verwijderd. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Ext \ Stats \ (65768b48-b004-4b26-9bac-a3bac39643d1) (Trojan.FakeAlert) -> quarantaine en verwijderd. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (65768b48-b004-4b26-9bac-a3bac39643d1) (Trojan.FakeAlert) -> quarantaine en verwijderd. HKEY_CLASSES_ROOT \ fe345.fe345mgr.1 (Trojan.FakeAlert) -> quarantaine en verwijderd. HKEY_CLASSES_ROOT \ y537.y537mgr (Trojan.BHO) -> quarantaine en verwijderd. HKEY_CLASSES_ROOT \ TypeLib \ (e63648f7-3933-440e-b4f6-a8584dd7b7eb) (Trojan.BHO) -> quarantaine en verwijderd. HKEY_CLASSES_ROOT \ Interface \ (f7d09218-46d7-4d3d-9b7f-315204cd0836) (Trojan.BHO) -> quarantaine en verwijderd. HKEY_CLASSES_ROOT \ CLSID \ (e7f15ac4-e0a9-43f0-921b-70dfea621220) (Trojan.BHO) -> quarantaine en verwijderd. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Ext \ Stats \ (e7f15ac4-e0a9-43f0-921b-70dfea621220) (Trojan.BHO) -> quarantaine en verwijderd. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (e7f15ac4-e0a9-43f0-921b-70dfea621220) (Trojan.BHO) -> quarantaine en verwijderd. HKEY_CLASSES_ROOT \ y537.y537mgr.1 (Trojan.BHO) -> quarantaine en verwijderd. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Uninstall \ Internet antivirus pro_is1 (Rogue.InternetAntivirus) -> quarantaine en verwijderd. Registry Values Infected: (Geen kwaadaardige items gedetecteerd) Registry Data Items Infected: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> quarantaine en verwijderd. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> quarantaine en verwijderd. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> quarantaine en verwijderd. Folders Infected: C: \ Windows \ System32 \ 199638 (Trojan.FakeAlert) -> quarantaine en verwijderd. C: \ Program Files \ websrvx (Trojan.Downloader) -> quarantaine en verwijderd. C: \ Windows \ System32 \ 796525 (Trojan.BHO) -> quarantaine en verwijderd. Geïnfecteerde bestanden: C: \ Windows \ System32 \ 199638 \ 199638.dll (Trojan.FakeAlert) -> quarantaine en verwijderd. C: \ Windows \ System32 \ 796525 \ 796525.dll (Trojan.BHO) -> quarantaine en verwijderd. C: \ Users \ Shirley \ AppData \ Local \ Temp \ jopaxx_1241669 819.exe (Worm.KoobFace) -> quarantaine en verwijderd. C: \ Program Files \ Common Files \ InternetAntivirusPro.exe (Rogue.InternetAntivirus) -> quarantaine en verwijderd. C: \ Windows \ msmark2.dat (Worm.KoobFace) -> quarantaine en verwijderd. C: \ Windows \ t55ft2668f44.dat (Worm.KoobFace) -> quarantaine en verwijderd. C: \ Windows \ t55ft2695f44.dat (Worm.KoobFace) -> quarantaine en verwijderd. C: \ Windows \ t55ft3105f44.dat (Worm.KoobFace) -> quarantaine en verwijderd. C: \ Windows \ 9g2234wesdf3dfgjf23 (Worm.KoobFace) -> quarantaine en verwijderd. C: \ Windows \ f5087.dat (Worm.KoobFace) -> quarantaine en verwijderd. C: \ Windows \ f23567.dat (Worm.KoobFace) -> quarantaine en verwijderd. (boven was de eerste log, hieronder is de huidige) Malwarebytes' Anti-Malware 1.36 Database versie: 2150 Windows 6.0.6001 Service Pack 1 5/23/2009 9:03:23 AM mbam-log-2009-05-23 (09-03-23). txt Scan type: Quick Scan Objecten gescand: 70234 Verstreken tijd: 2 minute (s), 28 seconde (n) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (Geen kwaadaardige items gedetecteerd) Memory Modules Infected: (Geen kwaadaardige items gedetecteerd) Registry Keys Infected: (Geen kwaadaardige items gedetecteerd) Registry Values Infected: (Geen kwaadaardige items gedetecteerd) Registry Data Items Infected: (Geen kwaadaardige items gedetecteerd) Folders Infected: (Geen kwaadaardige items gedetecteerd) Geïnfecteerde bestanden: (Geen kwaadaardige items gedetecteerd) Logbestand van Trend Micro HijackThis v2.0.2 Scan opgeslagen op 9:09:09 AM, op 5.23.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Draaiende processen: C: \ Windows \ system32 \ Dwm.exe C: \ Windows \ system32 \ taskeng.exe C: \ Windows \ explorer.exe C: \ Program Files \ Windows Media Player \ wmpnscfg.exe C: \ Program Files \ Windows Defender \ MSASCui.exe C: \ Windows \ RtHDVCpl.exe C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BkupTray.exe C: \ Acer \ Empowering Technology \ SysMonitor.exe C: \ Program Files \ Motorola \ SMSERIAL \ sm56hlpr.exe C: \ Windows \ System32 \ nvraidservice.exe C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ Bin \ ACDaemon.exe C: \ Program Files \ iTunes \ iTunesHelper.exe C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe C: \ Windows \ System32 \ rundll32.exe C: \ Program Files \ Alwil Software \ Avast4 \ ashDisp.exe C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe C: \ Windows \ ehome \ ehtray.exe C: \ Program Files \ OLYMPUS \ OLYMPUS Master 2 \ MMonitor.exe C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe C: \ Program Files \ Eraser \ Eraser.exe C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe C: \ Program Files \ Kodak \ Kodak EasyShare software \ bin \ EasyShare.exe C: \ Windows \ system32 \ wbem \ Unsecapp.exe C: \ Acer \ Empowering Technology \ ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EX E C: \ Acer \ Empowering Technology \ eRecovery \ ERAGENT.EXE C: \ Windows \ ehome \ ehmsas.exe C: \ Users \ Shirley \ Desktop \ HiJackThis.exe R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/ R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://en.us.acer.yahoo.com R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://en.us.acer.yahoo.com R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant = R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch = R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyServer = http = localhost: 7171 R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName = O1 - Hosts::: 1 localhost O2 - BHO: (geen naam) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (geen file) O2 - BHO: AcroIEHelperStub - (18DF081C-E8AD-4283-A596-FA578C2EBDC3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelperShim.dll O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O2 - BHO: (geen naam) - (602ADB0E-4AFF-4217-8AA1-95DAC4DFA408) - (geen file) O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre6 \ bin \ ssv.dll O2 - BHO: (geen naam) - (83A2F9B1-01A2-4AA5-87D1-45B6B8505E96) - (geen file) O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - C: \ Program Files \ Google \ Google Toolbar \ GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 5.1.1309.3572 \ s wg.dll O2 - BHO: Google Woordenboek Compressiestation sdch - (C84D72FE-E17D-4195-BB24-76C02E2E7C4E) - C: \ Program Files \ Google \ Google Toolbar \ Component \ fastsearch_A8904FB862BD9564.dll O2 - BHO: Java (tm) Plug-In 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C: \ Program Files \ Java \ jre6 \ bin \ jp2ssv.dll O3 - Toolbar: Google Toolbar - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - C: \ Program Files \ Google \ Google Toolbar \ GoogleToolbar.dll O4 - HKLM \ .. \ Run: [Windows Defender]% ProgramFiles% \ Windows Defender \ MSASCui.exe-hide O4 - HKLM \ .. \ Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM \ .. \ Run: [BkupTray] "C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BkupTray.exe" O4 - HKLM \ .. \ Run: [Acer Empowering Technology Monitor] C: \ Acer \ Empowering Technology \ SysMonitor.exe O4 - HKLM \ .. \ Run: [SMSERIAL] C: \ Program Files \ Motorola \ SMSERIAL \ sm56hlpr.exe O4 - HKLM \ .. \ Run: [Acer Product registratie] "C: \ Program Files \ Acer Registratie \ ACE1.exe" / startup O4 - HKLM \ .. \ Run: [NVRaidService] C: \ Windows \ system32 \ nvraidservice.exe O4 - HKLM \ .. \ Run: [LXCECATS] rundll32 C: \ Windows \ system32 \ spool \ drivers \ w32x86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16 O4 - HKLM \ .. \ Run: [lxcemon.exe] "C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe" O4 - HKLM \ .. \ Run: [EzPrint] "C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe" O4 - HKLM \ .. \ Run: [ArcSoft Connection Service] C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ Bin \ ACDaemon.exe O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe" O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe" O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe" O4 - HKLM \ .. \ Run: [WinPatrol] C: \ Program Files \ BillP Studios \ WinPatrol \ winpatrol.exe-expressboot O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ Windows \ system32 \ NvCpl.dll, NvStartup O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ Windows \ system32 \ NvMcTray.dll, NvTaskbarInit O4 - HKLM \ .. \ Run: [avast!] C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe O4 - HKCU \ .. \ Run: [SWG] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe O4 - HKCU \ .. \ Run: [ehTray.exe] C: \ Windows \ ehome \ ehTray.exe O4 - HKCU \ .. \ Run: [OM2_Monitor] "C: \ Program Files \ OLYMPUS \ OLYMPUS Master 2 \ MMonitor.exe" O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe O4 - HKCU \ .. \ Run: [Eraser] C: \ Program Files \ Eraser \ Eraser.exe verbergen O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe O4 - HKUS \ S-1-5-19 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'LOCAL SERVICE') O4 - HKUS \ S-1-5-19 \ .. \ Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll, ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS \ S-1-5-20 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Empowering Technology Launcher.lnk =? O4 - Global Startup: Kodak EasyShare software.lnk = C: \ Program Files \ Kodak \ Kodak EasyShare software \ bin \ EasyShare.exe O8 - Extra context menu item: E & xporteren naar Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MICROS ~ 2 \ Office12 \ EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ MICROS ~ 2 \ Office12 \ ONBttnIE.dll O9 - Extra 'Tools' MENUITEM: S & einde aan OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ MICROS ~ 2 \ Office12 \ ONBttnIE.dll O9 - Extra button: Onderzoek - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MICROS ~ 2 \ Office12 \ REFIEBAR.DLL O9 - Extra button: (geen naam) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O13 - Gopher Prefix: O16 - DPF: (3860DD98-0549-4D50-AA72-5D17D200EE10) -- O18 - Filter: x-sdch - (B1759355-3EEC-4C1E-B0F1-B719FE26E377) - C: \ Program Files \ Google \ Google Toolbar \ Component \ fastsearch_A8904FB862BD9564.dll O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc - C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ Bin \ ACService.exe O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Onbekende eigenaar - C: \ Acer \ Empowering Technology \ ePerformance \ MemCheck.exe O23 - Service: Apple Mobile Device - Apple Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc - C: \ Program Files \ Bonjour \ mDNSResponder.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc - C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc - C: \ Acer \ Empowering Technology \ eRecovery \ eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Onbekende eigenaar - C: \ Acer \ Empowering Technology \ eSettings \ Service \ capuserv.exe O23 - Service: Google Software Updater (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe O23 - Service: lxce_device - - C: \ Windows \ system32 \ lxcecoms.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc - C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Onbekende eigenaar - C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C: \ Windows \ system32 \ nvvsvc.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd - C: \ Program Files \ Spybot - Search & Destroy \ SDWinSec.exe -- End of file - 9919 bytes |
|
#2
23 mei 2009, 23:45
| ||||||||||||
| ||||||||||||
| Hi Bubba .... We moeten uitschakelen uw TeaTimer als zij kunnen interfereren met de correcties die we moeten maken. 1) Voer Spybot-S & D 2) Ga naar het Mode menu en controleer of "Advanced Mode" is geselecteerd 3) Aan de linkerkant, kies Tools -> Inwoner 4) Schakel "Resident TeaTimer" en OK eventuele vragen 5) Start de computer opnieuw op. Downloaden ResetTeaTimer.bat door rechts te klikken op de link en kies Opslaan als. * Sla het bestand op uw bureaublad. * Dubbelklik op ResetTeaTimer.zip * Dubbelklik op ResetTeaTimer.bat en klik op Uitvoeren om alle inzendingen door TeaTimer. Na alle correcties zijn voltooid is het zeer belangrijk dat u TeaTimer weer, zal ik u laten weten wanneer het veilig is om dat te doen. Een handleiding voor Tea Timer kan hier worden gevonden -> http://russelltexas.com/malware/teatimer.htm ==========================================\u0 Download en scan met ComboFix.exe. Ga naar deze webpagina voor download links en instructies voor het uitvoeren van het hulpprogramma: http://www.bleepingcomputer.com/comb...o-use-combofix Zorg ervoor dat u hebt uitgeschakeld alle anti-virus en anti-malware programma's waaronder winpatrol zodat ze niet interfereren met de werking van ComboFix. Geef ook de C: \ ComboFix.txt in uw volgende antwoord voor verder onderzoek. ==========================================\u0 Ga naar Start-menu > Selecteer Rennen en kopieer en plak het volgende in het vak Uitvoeren en klik op OK: C: \ Qoobox \ Add-Verwijder Programs.txt Een tekst-bestand moet openen. Please post de inhoud van dat bestand in je volgende antwoord.
__________________
__________________
Trots lid van ASAP & UNITE Mijn Systeem: Steves Rig
|
|
#3
24 mei 2009, 02:33
| |||
| |||
| Een paar dingen voor ik de logs: 1. In de Thee timer tutorial je gekoppeld, wordt gezegd dat ook uitschakelen van de ingezeten SDHelper dus ik deed. 2. ComboFix niet weergeven van de back-up regisdtry scherm tenzij het gaat om een snelle scherm en ik het gemist, terwijl naar mijn computer (onthoud dit is een vrienden). Het heeft geen verbinding met het internet, noch had ik merk het veranderen van de tijd. Beide iconen werden zichtbaar terwijl combo correctie werd uitgevoerd. Is dit een probleem? Ook na het uitvoeren van Combofix, het behang was vervalst, zodat ik opnieuw opgestart. Wanneer de computerstarted een back-up van de achtergrond is verdwenen, Firefox is niet langer de standaard browser en een bericht popped up die de IE startpagina is veranderd naar MSN (denk ik). Is dit normaal? Ook Winpatrol opgemerkt dat een nieuwe dienst was toegevoegd: appmgmts.dll. 3. Voordat u antwoord op deze, ik heb af van de Google Toolbar. Verscheidene van de HJT items keek vreemd. In 018 bijvoorbeeld, was het zogenaamde x-sdCH in plaats van x-SDHC .......... Naast de lol, ik haat tool bars en ze kunnen altijd weer toevoegen als ze dat willen. Ongeacht, dat veranderde de HJT log. Ik kreeg ook af van de 2-02's die had geen bestand gekoppeld. 4. Wat zoeken wij in de Combofix? LOL Ik begon te downloaden en te draaien voordat ik gepost deze draad, maar besloot ik weet alleen nog niet genoeg weten rotzooi mee. En zonder dralen: ComboFix 09-05-23.04 - Shirley 05/24/2009 4:48.1 - NTFSx86 Microsoft ® Windows Vista ™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1916 [GMT -4:00] Running from: C: \ Users \ Shirley \ Desktop \ ComboFix.exe SP: Spybot - Search and Destroy * gehandicapten * (verouderde) (ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9) SP: SUPERAntiSpyware * gehandicapten * (Updated) (222A897C-5018-402e-943F-7E7AC8560DA7) SP: Windows Defender * ingeschakeld * (Updated) (D68DDC3A-831F-4FAE-9E44-DA132C1ACF46) . ((((((((((((((((((((((((( Bestanden Gemaakt van 2009-04-24 tot 2009-05-24 ))))))))))) )))))))))))))))))))) . 2009-05-22 23:57. 2009-05-24 08:40 117,760 ---- aw c: \ Users \ Shirley \ AppData \ Roaming \ SUPERAntiSpyware. com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009-05-22 23:56. 2009-05-22 23:56 -------- d ----- wc: \ Programdata \ SUPERAntiSpyware.com 2009-05-22 23:52. 2009-05-22 23:52 -------- d ----- wc: \ program files \ SUPERAntiSpyware 2009-05-22 23:52. 2009-05-22 23:52 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ SUPERAntiSpyware. com 2009-05-22 20:36. 2009-05-22 20:36 -------- d ----- wc: \ Program Files \ Common Files \ Wise Installation Wizard 2009-05-22 15:06. 2009-02-05 20:06 51,376 ---- aw c: \ windows \ system32 \ drivers \ aswTdi.sys 2009-05-22 15:06. 2009-02-05 20:06 23,152 ---- aw c: \ windows \ system32 \ drivers \ aswRdr.sys 2009-05-22 15:06. 2009-02-05 20:07 114,768 ---- aw c: \ windows \ system32 \ drivers \ aswSP.sys 2009-05-22 15:06. 2009-02-05 20:07 20,560 ---- aw c: \ windows \ system32 \ drivers \ aswFsBlk.sys 2009-05-22 15:06. 2009-02-05 20:04 97,480 ---- aw c: \ windows \ system32 \ AvastSS.scr 2009-05-22 15:06. 2009-02-05 20:11 1,256,296 ---- aw c: \ windows \ system32 \ aswBoot.exe 2009-05-22 15:06. 2009-02-05 20:06 51,792 ---- aw C: \ Windows \ system32 \ drivers \ aswMonFlt.sys 2009-05-22 15:06. 2009-05-22 15:06 -------- d ----- wc: \ Program Files \ Alwil Software 2009-05-22 04:38. 2009-05-22 04:38 738,120 ---- aw c: \ Programdata \ Microsoft \ eHome \ Packages \ MCESpotlig ht \ MCESpotlight \ SpotlightResources.dll 2009-05-20 12:43. 2008-06-20 01:14 97,800 ---- aw c: \ windows \ system32 \ infocardapi.dll 2009-05-20 12:43. 2008-06-20 01:14 105,016 ---- aw c: \ windows \ system32 \ PresentationCFFRasterizerNativ e_v0300.dll 2009-05-20 12:43. 2008-06-20 01:14 11,264 ---- aw c: \ windows \ system32 \ icardres.dll 2009-05-20 12:43. 2008-06-20 01:14 622,080 ---- aw c: \ windows \ system32 \ icardagt.exe 2009-05-20 12:43. 2008-06-20 01:14 43,544 ---- aw c: \ windows \ system32 \ PresentationHostProxy.dll 2009-05-20 12:43. 2008-06-20 01:14 781,344 ---- aw c: \ windows \ system32 \ PresentationNative_v0300.dll 2009-05-20 12:43. 2008-06-20 01:14 326,160 ---- aw c: \ windows \ system32 \ PresentationHost.exe 2009-05-20 12:33. 2008-07-27 18:03 96,760 ---- aw c: \ windows \ system32 \ dfshim.dll 2009-05-20 12:33. 2008-07-27 18:03 282,112 ---- aw c: \ windows \ system32 \ mscoree.dll 2009-05-20 12:33. 2008-07-27 18:03 41,984 ---- aw c: \ windows \ system32 \ netfxperf.dll 2009-05-20 12:32. 2008-07-27 18:03 158,720 ---- aw c: \ windows \ system32 \ mscorier.dll 2009-05-20 12:32. 2008-07-27 18:03 83968 ---- aw c: \ windows \ system32 \ mscories.dll 2009-05-20 11:39. 2009-05-20 11:39 -------- d ----- wc: \ Program Files \ Microsoft Silverlight 2009-05-20 04:03. 2009-05-20 11:00 -------- d ----- wc: \ Program Files \ Windows Live Safety Center 2009-05-19 23:20. 2009-05-19 23:20 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Acer DV Magician 2009-05-19 23:10. 2009-05-19 23:10 -------- d ----- wc: \ windows \ zondag 2009-05-19 20:40. 2009-05-19 20:40 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ com.adobe.mauby.4 875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2009-05-19 20:40. 2009-05-19 11:41 38,200 ---- aw c: \ Users \ Shirley \ AppData \ Roaming \ Macromedia \ Flash Player \www.macromedia.com \ bin \ airappinstaller \ airappinsta ller.exe 2009-05-19 18:24. 2009-05-24 08:38 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Eraser 2009-05-19 18:24. 2009-05-19 18:24 -------- d - h - wc: \ Users \ Shirley \ AppData \ Local \ (A25FEDC1-F6D7-440C-BCE2-B71F595F6646) 2009-05-19 18:24. 2009-05-19 18:24 -------- d ----- wc: \ program files \ Eraser 2009-05-19 17:20. 2009-05-19 17:20 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ eSobi 2009-05-19 17:11. 2008-07-10 06:32 538 ---- aw c: \ windows \ system32 \ RegRaidSedona.bat 2009-05-19 17:07. 2009-05-19 17:07 -------- d ----- w C: \ NVIDIA 2009-05-19 14:04. 2009-05-19 14:05 -------- d ----- wc: \ program files \ Spybot - Search & Destroy 2009-05-19 14:04. 2009-05-19 14:05 -------- d ----- wc: \ Programdata \ Spybot - Search & Destroy aan 2009-05-19 13:01. 2009-05-19 13:01 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol 2009-05-19 13:01. 2006-09-18 21:43 10 ---- aw c: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol \ Config. sys 2009-05-19 13:01. 2006-09-18 21:43 24 ---- aw c: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol \ Autoexe c.bat 2009-05-19 13:01. 2009-05-19 13:01 -------- d ----- wc: \ program files \ BillP Studios 2009-05-19 12:26. 2009-05-19 12:26 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ Malwarebytes 2009-05-19 12:26. 2009-04-06 19:32 15,504 ---- aw c: \ windows \ system32 \ drivers \ mbam.sys 2009-05-19 12:26. 2009-04-06 19:32 38,496 ---- aw c: \ windows \ system32 \ drivers \ mbamswissarmy.sys 2009-05-19 12:26. 2009-05-19 13:22 -------- d ----- wc: \ Program Files \ Malwarebytes' Anti-Malware 2009-05-19 12:26. 2009-05-19 12:26 -------- d ----- wc: \ Programdata \ Malwarebytes 2009-05-19 11:53. 2009-05-19 11:53 0 ---- aw c: \ windows \ nsreg.dat 2009-05-19 11:53. 2009-05-19 11:53 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Mozilla 2009-05-19 11:41. 2009-05-19 11:41 -------- d ----- wc: \ Program Files \ Common Files \ Adobe AIR 2009-05-19 11:38. 2009-05-19 12:45 -------- d ----- wc: \ Programdata \ NOS 2009-05-19 11:29. 2009-05-19 11:29 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Zeven Postcode 2009-05-19 10:41. 2009-03-19 20:32 23,400 ---- aw c: \ windows \ system32 \ drivers \ GEARAspiWDM.sys 2009-05-19 10:41. 2008-04-17 16:12 107,368 ---- aw c: \ windows \ system32 \ GEARAspi.dll 2009-05-19 10:41. 2009-05-20 01:10 -------- d ----- wc: \ program files \ iPod 2009-05-19 10:41. 2009-05-19 10:41 -------- d ----- wc: \ Programdata \ (8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906) 2009-05-19 10:41. 2009-05-19 10:41 -------- d ----- wc: \ program files \ iTunes 2009-05-19 10:38. 2009-05-19 10:38 -------- d ----- wc: \ Program Files \ QuickTime 2009-05-19 10:34. 2009-05-19 10:34 75,048 ---- aw c: \ Programdata \ Apple Computer \ Installer Cache \ iTunes 8.1.1.10 \ SetupAdmin.exe 2009-05-19 10:34. 2009-05-19 10:34 -------- d ----- wc: \ program files \ Bonjour 2009-05-19 10:33. 2009-05-19 10:33 416,128 ---- aw c: \ Programdata \ Microsoft \ eHome \ Packages \ NetTV \ Brow se \ NetTVResources.dll 2009-05-19 10:29. 2009-05-19 10:29 410,984 ---- aw c: \ windows \ system32 \ deploytk.dll 2009-05-12 02:36. 2009-05-12 02:36 2930 --- h - wc: \ windows \ ms49f4d98.dat 2009-05-11 23:55. 2009-04-14 00:39 4656976 ---- aw c: \ Programdata \ Microsoft \ Windows Defender \ Definition Updates \ (DD7D9A19-5FB4-4855-A8E0-F0A00524AD5E) \ mpengine.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009-05-24 08:39. 2009-02-17 13:54 602 ---- aw c: \ Programdata \ ArcSoft \ kodak-printcreations-22-080812-oem \ acforall.dll 2009-05-24 04:22. 2008-09-12 01:46 -------- d ----- wc: \ Program Files \ Google 2009-05-20 11:55. 2008-09-11 17:01 104,472 ---- aw c: \ Users \ Shirley \ AppData \ Local \ GDIPFONTCACHEV1.DAT 2009-05-20 11:51. 2008-02-05 19:30 -------- d ----- wc: \ Programdata \ Microsoft Help 2009-05-20 11:49. 2008-02-05 19:31 -------- d ----- wc: \ Program Files \ Microsoft Works 2009-05-20 03:54. 2008-09-12 14:01 -------- d ----- wc: \ program files \ Lx_cats 2009-05-20 00:42. 2008-02-05 20:19 -------- d ----- wc: \ Program Files \ Common Files \ Adobe 2009-05-19 23:28. 2008-02-05 19:26 -------- d - h - wc: \ Program Files \ InstallShield Installation Information 2009-05-19 23:27. 2008-02-05 19:49 -------- d ----- wc: \ program files \ Acer Arcade Live 2009-05-19 23:20. 2008-09-15 23:24 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ CyberLink 2009-05-19 21:38. 2008-09-12 20:56 -------- d ----- wc: \ Program Files \ Common Files \ SureThing Shared 2009-05-19 21:04. 2008-09-12 14:09 1,664 ---- aw c: \ Users \ Shirley \ AppData \ Roaming \ wklnhst.dat 2009-05-19 17:29. 2009-03-04 15:55 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ Sony 2009-05-19 17:20. 2008-02-05 19:22 -------- d ----- wc: \ Programdata \ NVIDIA 2009-05-19 16:54. 2008-02-05 18:03 36,864 ---- aw c: \ windows \ system32 \ nvcod100.dll 2009-05-19 16:54. 2007-10-25 11:02 147,456 ---- aw c: \ windows \ system32 \ nvcolor.exe 2009-05-19 16:13. 2008-09-12 01:47 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ LimeWire 2009-05-19 11:32. 2008-02-05 20:08 -------- d ----- wc: \ Program Files \ Yahoo! 2009-05-19 11:05. 2008-09-12 01:45 -------- d ----- wc: \ Program Files \ Java 2009-05-19 10:41. 2008-09-13 03:14 -------- d ----- wc: \ Program Files \ Common Files \ Apple 2009-05-19 10:38. 2008-09-13 03:15 -------- d ----- wc: \ Programdata \ Apple Computer 2009-05-11 12:10. 2009-05-11 12:10 78,260 ---- aw c: \ Programdata \ SPL23D4.tmp 2009-04-17 10:12. 2006-11-02 11:18 -------- d ----- wc: \ Program Files \ Windows Mail 2009-04-02 22:13. 2009-04-02 22:13 702,127 ---- aw c: \ Programdata \ SPLFB91.tmp 2009-03-19 20:32. 2009-03-19 20:32 23,400 ---- aw c: \ Programdata \ (8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906) \ x86 \ x86 \ GEARAspiWDM.sys 2009-03-17 03:38. 2009-04-17 05:22 13,824 ---- aw c: \ windows \ system32 \ apilogen.dll 2009-03-17 03:38. 2009-04-17 05:22 24,064 ---- aw c: \ windows \ system32 \ amxread.dll 2009-03-08 11:34. 2009-05-20 03:47 914,944 ---- aw c: \ windows \ system32 \ Wininet.dll 2009-03-08 11:34. 2009-05-20 03:47 43,008 ---- aw c: \ windows \ system32 \ licmgr10.dll 2009-03-08 11:33. 2009-05-20 03:47 18,944 ---- aw c: \ windows \ system32 \ corpol.dll 2009-03-08 11:33. 2009-05-20 03:47 109,056 ---- aw c: \ windows \ system32 \ iesysprep.dll 2009-03-08 11:33. 2009-05-20 03:47 109,568 ---- aw c: \ windows \ system32 \ PDMSetup.exe 2009-03-08 11:33. 2009-05-20 03:47 107,520 ---- aw c: \ windows \ system32 \ RegisterIEPKEYs.exe 2009-03-08 11:33. 2009-05-20 03:47 103,936 ---- aw c: \ windows \ system32 \ SetDepNx.exe 2009-03-08 11:33. 2009-05-20 03:47 132,608 ---- aw c: \ windows \ system32 \ ieUnatt.exe 2009-03-08 11:33. 2009-05-20 03:47 107,008 ---- aw c: \ windows \ system32 \ SetIEInstalledDate.exe 2009-03-08 11:33. 2009-05-20 03:47 420,352 ---- aw c: \ windows \ system32 \ vbscript.dll 2009-03-08 11:32. 2009-05-20 03:47 72,704 ---- aw c: \ windows \ system32 \ admparse.dll 2009-03-08 11:32. 2009-05-20 03:47 71,680 ---- aw c: \ windows \ system32 \ iesetup.dll 2009-03-08 11:32. 2009-05-20 03:47 66,560 ---- aw c: \ windows \ system32 \ wextract.exe 2009-03-08 11:32. 2009-05-20 03:47 169,472 ---- aw c: \ windows \ system32 \ iexpress.exe 2009-03-08 11:31. 2009-05-20 03:47 34,816 ---- aw c: \ windows \ system32 \ imgutil.dll 2009-03-08 11:31. 2009-05-20 03:47 48,128 ---- aw c: \ windows \ system32 \ mshtmler.dll 2009-03-08 11:31. 2009-05-20 03:47 45,568 ---- aw c: \ windows \ system32 \ Mshta.exe 2009-03-08 11:22. 2009-05-20 03:47 156,160 ---- aw c: \ windows \ system32 \ Msls31.dll 2009-03-03 04:46. 2009-04-17 05:22 3599328 ---- aw c: \ windows \ system32 \ Ntkrnlpa.exe 2009-03-03 04:46. 2009-04-17 05:22 3547632 ---- aw c: \ windows \ system32 \ ntoskrnl.exe 2009-03-03 04:39. 2009-04-17 05:22 183,296 ---- aw c: \ windows \ system32 \ sdohlp.dll 2009-03-03 04:39. 2009-04-17 05:22 551,424 ---- aw c: \ windows \ system32 \ Rpcss.dll 2009-03-03 04:39. 2009-04-17 05:22 26,112 ---- aw c: \ windows \ system32 \ printfilterpipelineprxy.dll 2009-03-03 04:37. 2009-04-17 05:22 98,304 ---- aw c: \ windows \ system32 \ iasrecst.dll 2009-03-03 04:37. 2009-04-17 05:22 54,784 ---- aw c: \ windows \ system32 \ iasads.dll 2009-03-03 04:37. 2009-04-17 05:22 44,032 ---- aw c: \ windows \ system32 \ iasdatastore.dll 2009-03-03 03:04. 2009-04-17 05:22 666,624 ---- aw c: \ windows \ system32 \ printfilterpipelinesvc.exe 2009-03-03 02:38. 2009-04-17 05:22 17,408 ---- aw c: \ windows \ system32 \ iashost.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Note * empty entries & legit default entries worden niet weergegeven REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "ehTray.exe" = "c: \ windows \ ehome \ ehTray.exe" [2008-01-21 125952] "OM2_Monitor" = "C: \ Program Files \ OLYMPUS \ OLYMPUS Master 2 \ MMonitor.exe" [2008-11-07 95536] "WMPNSCFG" = "C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe" [2008-01-21 202240] "Eraser" = "C: \ Program Files \ Eraser \ Eraser.exe" [2007-12-22 916240] "SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2009-05-14 1830128] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "BkupTray" = "C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BkupTray.exe" [2007-12-30 34552] "Acer Empowering Technology Monitor" = "c: \ acer \ Empowering Technology \ SysMonitor.exe" [2008-01-10 326176] "SMSERIAL" = "C: \ Program Files \ Motorola \ SMSERIAL \ sm56hlpr.exe" [2007-02-02 630784] "Acer Product Registration" = "C: \ Program Files \ Acer Registratie \ ACE1.exe" [2007-10-15 3387392] "NVRaidService" = "c: \ windows \ system32 \ nvraidservice. Exe" [2008-11-12 203296] "LXCECATS" = "c: \ windows \ system32 \ spool \ drivers \ W32X 86 \ 3 \ LXCEtime.dll" [2007-02-22 73728] "lxcemon.exe" = "C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe" [2007-05-17 205744] "EzPrint" = "C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe" [2007-05-17 103344] "ArcSoft Connection Service" = "C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ Bin \ ACDaemon.exe" [2009-04-29 188.728] "QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2009-01-05 413696] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-04-02 342312] "SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe" [2009-05-19 148888] "Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe" [2009-02-27 35696] "WinPatrol" = "C: \ Program Files \ BillP Studios \ WinPatrol \ winpatrol.exe" [2009-04-20 337216] "NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2009-01-16 13683232] "NvMediaCenter" = "c: \ windows \ system32 \ NvMcTray. Dll" [2009-01-16 92704] "avast!" = "c: \ progra ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp. exe" [2009-02-05 81000] "RtHDVCpl" = "RtHDVCpl.exe" - c: \ windows \ RtHDVCpl.exe [2007-10-11 4702208] c: \ Programdata \ Microsoft \ Windows \ Start Menu \ Programs \ Startup \ Empowering Technology Launcher.lnk - C: \ acer \ Empowering Technology \ eAPLauncher.exe [2008-2-5 535336] Kodak EasyShare software.lnk - c: \ program files \ Kodak \ Kodak EasyShare software \ bin \ EasyShare.exe [2008-10-30 282624] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ valuta entversion \ policies \ system] "EnableUIADesktopToggle" = 0 (0x0) "EnableLUA" = 0 (0x0) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ valuta entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon] 2008-12-22 16:05 356,352 ---- aw C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ drivers32 "wave2" = serwvdrv.dll [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ SafeBoot \ Minimal \ WinDefend] @ = "Service" [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring] "DisableMonitoring" = dword: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecAntiVirus] "DisableMonitoring" = dword: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecFirewall] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo antonny \ FirewallRules] "(2E9A4533-1359-46B6-B326-2B899D73FD10)" = UDP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote "(ADE9CF49-7A0E-4076-9B85-7648EC5E7736)" = TCP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote "(6299EEE5-1856-4B10-9916-798B1C1AEF89)" = UDP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe: BackupSvc.exe "(F3CFA48D-AE6A-482E-96D7-2390C5C0FDF5)" = UDP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe: AgentSvc.exe "(D430641B-178B-4C39-B53C-F6B3221DB01A)" = TCP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe: BackupSvc.exe "(948000F3-8719-4206-B4C5-6506B663184F)" = TCP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe: AgentSvc.exe "(8BCD640B-594A-465F-8A9E-E5A6C07DC081)" = UDP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe: SchedulerSvc.exe "(7B6B3B53-9D2B-40C9-B91F-FE85E1D6A25A)" = TCP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe: SchedulerSvc.exe "(CA5E49E2-2662-4B15-BE6C-0FC7F1CC3A1B)" = UDP: C: \ Windows \ System32 \ lxcecoms.exe: Lexmark Communications System "(61DAEE1D-D19E-4F1A-B41E-603246AF524C)" = TCP: C: \ Windows \ System32 \ lxcecoms.exe: Lexmark Communications System "(EB8798E6-358B-4DDA-A219-21BBC5D3C79A)" = UDP: C: \ Windows \ System32 \ spool \ drivers \ w32x86 \ 3 \ lxc epswx.exe: Printer Status Window "(C513D5EB-73E1-4ED7-A04C-C37C9E69B4B0)" = TCP: C: \ Windows \ System32 \ spool \ drivers \ w32x86 \ 3 \ lxc epswx.exe: Printer Status Window "(99976595-B4E1-4C9A-A3DE-A67AEDEE9B55)" = c: \ program files \ Acer Arcade Live \ Acer Arcade Live Main Page \ Acer Arcade Live.exe: Acer Arcade Live "(7A37205C-E643-4464-8C27-FAFCC859102D)" = UDP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote "(1DF156D1-94E3-4B3D-A91E-724DFC89819E)" = TCP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote "(B7DA4A0B-FA80-40F6-A9A6-B737F64A2D2D)" = UDP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour "(D7D156E3-7B84-41F2-9FD8-CF9860453F65)" = TCP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour "(F8CDA590-0FD3-4E40-8A6C-9850B1E5C2AB)" = UDP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes "(F6A110DE-6630-4823-B892-60950EB9ED71)" = TCP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes "(8640BFAB-1B85-48CC-95D5-9AABB44E4D95)" = UDP: C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol "(6CC4A3BE-8F00-4983-B199-3050D54509B8)" = TCP: C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol "(1EA08720-DA12-4CDE-8A5A-AF15D91C1E5F)" = UDP: C: \ Program Files \ Malwarebytes' Anti-Malware \ mbam.exe: Malwarebytes' Anti-Malware "(DDDCF108-71DF-48CD-AD53-71D17C3F2C5C)" = TCP: C: \ Program Files \ Malwarebytes' Anti-Malware \ mbam.exe: Malwarebytes' Anti-Malware "(F98C3B13-2099-40EC-B504-2445C9C5B1B0)" = UDP: C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy "(3DB81CCD-4E96-40B3-8CA9-0089C89C294B)" = TCP: C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy "(918FE1A4-6957-4640-97D9-C85BED212614)" = UDP: C: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe: Update Spybot-S & D "(877DB07F-9298-486A-BB5B-930AF3A683AA)" = TCP: C: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe: Update Spybot-S & D "(5A664831-D250-4805-BB75-32612C9742F8)" = UDP: C: \ Windows \ ehome \ ehshell.exe: Windows Media Center "(2A157C0E-5966-4B7E-8D49-178D75EA6009)" = TCP: C: \ Windows \ ehome \ ehshell.exe: Windows Media Center [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo antonny \ StandardProfile] "EnableFirewall" = 0 (0x0) R1 aswSP; avast! Self Protection; c: \ windows \ system32 \ drivers \ aswSP.sys [5/22/2009 11:06 AM 114768] R1 FAMv4; FAMv4, c: \ windows \ system32 \ drivers \ FAMv4.sys [12/14/2007 3:35 PM 132120] R1 SASDIFSV; SASDIFSV; C: \ Program Files \ SUPERAntiSpyware \ sasdifsv.sys [5/14/2009 2:22 PM 9968] R1 SASKUTIL; SASKUTIL; C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [5/14/2009 2:22 PM 72944] R2 aswFsBlk; aswFsBlk, c: \ windows \ system32 \ drivers \ aswF sBlk.sys [5/22/2009 11:06 AM 20560] R2 aswMonFlt; aswMonFlt, c: \ windows \ system32 \ drivers \ als wMonFlt.sys [5/22/2009 11:06 AM 51792] R2 BUNAgentSvc; NTI Backup Now 5 Agent Service; c: \ program files \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe [12/30/2007 5:54 PM 21752] R2 NTIBackupSvc; NTI Backup Now 5 Backup Service; c: \ program files \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe [12/30/2007 5:55 PM 54520] R2 NTISchedulerSvc; NTI Backup Now 5 Scheduler Service; c: \ program files \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe [12/30/2007 5:54 PM 136440] R2 SBSDWSCService; SBSD Security Center Service; c: \ program files \ Spybot - Search & Destroy \ SDWinSec.exe [5/19/2009 10:04 AM 1153368] R3 SASENUM; SASENUM; C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [5/14/2009 2:22 PM 7408] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Active Setup \ geïnstalleerde componenten \> (60B49E34-C7CC-11D0-8953-00A0C90347FF)] "c: \ windows \ system32 \ rundll32.exe" "C: \ Windows \ System32 \ iedkcs32.dll", BrandIEActiveSe TUP SIGNUP . - - - - WEZEN REMOVED - - - -- SafeBoot-procexp90.Sys . ------- Bijkomende Scan ------- . uStart Page = hxxp: / / www.yahoo.com/ mStart Page = hxxp: / / en.us.acer.yahoo.com uInternet Instellingen, ProxyOverride = <local>; *. lokale uInternet Instellingen, ProxyServer = http = localhost: 7171 IE: E & xporteren naar Microsoft Excel - c: \ progra ~ 1 \ MICROS ~ 2 \ Office12 \ EXCEL.EXE/3000 Vertrouwde Zone: microsoft.com \ update Vertrouwde Zone: microsoft.com \ WindowsUpdate FF - ProfilePath - c: \ Users \ Shirley \ AppData \ Roaming \ Mozilla \ Firefox \ P rofiles \ j0dqrqc6.default \ FF - prefs.js: browser.startup.homepage - hxxp: / / en.us.acer.yahoo.com / . ************************************************** ************************ CatchMe 0.3.1398 W2K/XP/Vista - rootkit / stealth malware detector, Gmer, http://www.gmer.net Rootkit scan 2009-05-24 04:54 Windows 6.0.6001 Service Pack 1 NTFS het scannen van verborgen processen ... het scannen van verborgen autostart items ... HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run LXCECATS = rundll32 c: \ windows \ system32 \ spool \ drivers \ w32x86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16 ???????????????????????? ????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? het scannen van verborgen bestanden ... scannen is voltooid verborgen bestanden: 0 ************************************************** ************************ . --------------------- --------------------- LOCKED GRIFFIE SLEUTELS [HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Control \ Cl kont \ (4D36E96D-E325-11CE-BFC1-08002BE10318) \0000 \ AllUserSettings] @ Instapweigering: (A) (gebruikers) @ Instapweigering: (A) (Iedereen) @ Toegestaan: (B 1 2 3 4 5) (S-1-5-20) "BlindDial" = dword: 00000000 . Voltooiingstijdstip: 2009-05-24 4:55 ComboFix-quarantaine-files.txt 2009-05-24 08:55 Pre-Run: 173756547072 bytes vrij Post-Run: 173859581952 bytes vrij 269 --- EOF --- 2009-05-17 10:04 Software Microsoft Office Shared MUI (Engels) 2007 Microsoft Office Shared Setup Metadata MUI (Engels) 2007 Microsoft Office Word MUI (Engels) 2007 Microsoft Silverlight Microsoft Visual C + + 2005 Redistributable Microsoft Visual C + + 2008 Redistributable - x86 9.0.30729.17 Microsoft Works Motorola SM56 Speakerphone Modem Mozilla Firefox (3.0.10) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 Parser en SDK Mystery Case Files - Huntsville Mystery Solitaire - Secret Island netbrdg NTI Backup Now 5 NTI Backup Now Standaard NTI Media Maker 8 NTI Open File Manager (alleen verwijderen) NVIDIA Drivers OfotoXMI OLYMPUS Master 2 OLYMPUS muvee theaterPack PCDADDIN PCDHELP QuickTime Realtek High Definition Audio Driver Beveiligingsupdate voor Microsoft Office PowerPoint 2007 (KB957789) SFR Shasta skin0001 SKINXSDK Spybot - Search & Destroy staticcr SUPERAntiSpyware Free Edition tooltips Turbo Pizza Update voor het 2007 Microsoft Office System (KB967642) Update voor Microsoft Office 2007 Help voor gemeenschappelijke kenmerken (KB963673) Update voor Microsoft Office Excel 2007 Help (KB963678) Update voor Microsoft Office OneNote 2007 Help (KB963670) Update voor Microsoft Office PowerPoint 2007 Help (KB963669) Update voor Microsoft Office-programma Scripteditor Help (KB963671) Update voor Microsoft Office Word 2007 Help (KB963665) VPRINTOL Windows Live OneCare veiligheid scanner WinPatrol 2009 DRAADLOZE Zuma Deluxe EDIT: Drie meer vragen: Ik zag een Limewire DLL, kunnen we doden dat? Hoewel LTI is een legitiem programma, is het noodzakelijk? Ik denk dat het kwam gebundeld met deze domme Acer computer (man doen ze belasting die dingen met junk), en is ontslagen door de ingebouwde Microsoft programma. LT Cats, is een ingebouwde spyware uit de lprinter fabrikant, Lenmark. Ik dacht dat ik heb hem relevante onderdelen uit, maar ik was niet zeker hoe veel bijl zonder uitschakelen van de printer. Kan meer gaan of is wat er overblijft boete? |
|
#4
24 mei 2009, 04:03
| |||
| |||
| Hi Bubba PLEASE DONT spelen met HJT, tenzij u inzicht in de werking van het. U moet niet vergeten dat HJT is in feite een register editor tool in een andere context. Ik haat je om de pc in een dure deur! De twee 02-items die u heeft verwijderd zijn legit, hoewel het verslag van het bestand als vermist is dit niet altijd het geval. HJT is bekend dat misreport bepaalde items. Wat limewire, heb je verwijderd via het controle paneel? Zo ja dan kunnen we een paar spoelen van meer overbodige items die links voorbij. Ik zie een paar stukjes die betrekking hebben op Norton, was deze gebundeld op de pc op een bepaald moment? Voer de Norton Removal Tool voor het reinigen van de reminants. U kunt de tool hier: Norton Removal Tool Eenmaal gedaan ...... Combofix
Citaat:
 Opslaan als CFScript.txt, Op dezelfde locatie als ComboFix.exe  Verwijzend naar de bovenstaande afbeelding, sleept u CFScript op ComboFix.exe. Wanneer u klaar bent, zal een log voor je op "C: \ ComboFix.txt" Niet muisklik combofix het venster terwijl het draait. Dit kan leiden tot stilstand. LET OP! Iemand anders denken van het gebruik van de bovenstaande script doet dit op eigen risico - u kunt eindigen met opnieuw installeren van Windows! Gelieve na de log C: \ ComboFix.txt voor verdere toetsing. ===================================== Ik merk dat het verwijderen log was afgesneden aan de top, kun je repost het voor me alsjeblieft. Ook houd me op de hoogte over hoe dingen zijn systeem verstandig
__________________ Trots lid van ASAP & UNITE |
|
#5
24 mei 2009, 04:53
| |||
| |||
| Limewire zou niet in de programma's en functie paneel verwijderen. de bestanden te "draaien" Ik vond het waren app bestanden, exe niet, dus ik trudged via de C-schijf gewist en alles wat ik maar kon vinden. Ik zie ik miste ten minste een in het register wel. Zoals voor Norton ........ yeah, Acer geladen op een trial versie. Ik verwijderde het via het Configuratiescherm en vervolgens gebruikt de Norton Removal Tool. (Dat was het eerste wat ik deed, zelfs voordat ik geladen Spybot, Winpatrol, en de rest van het spul.) Toen ik ging via de C-schijf bestanden, Ik bleef zoeken naar meer overblijfselen van Norton en gewist als ik ging. Het nooit bij mij om het uit te voeren, maar ik doe dat nu. LOL Die drie bestanden in Combofix werden de drie was ik het meest benieuwd naar. Er mag geen proxy host, noch heb ik denk dat de profielen moeten worden afgesloten voor iedereen. Maar ik heb niet onderzocht Combofix nog en dat is waarom ik niet gebruik het zelf, als zodanig, ik was Clueless wat te doen met die drie, of zelfs als ze in feite "slechte". Sorry snij de kop af de uninstall-log, wat stom is ik keek er twee keer omdat er geen instelling en miste mijn fout beide keren. EDIT: en ik nog vergeten te plaatsen: 2007 Microsoft Office Suite Service Pack 2 (SP2) Acer Arcade Live Hoofdpagina Acer Empowering Technology Acer ePerformance Management Acer eSettings Management Acer Gamezone Console DTV 2.0.1.1 Acer Registratie Acrobat.com Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.1.1 Adobe Shockwave Player 11.5 Agatha Christie Dood op de Nijl Alice Greenfingers Apple Mobile Device Support Apple Software Update ArcSoft Print Creations ArcSoft Print Creations - Album Page ArcSoft Print Creations - Funhouse ArcSoft Print Creations - Greeting Card ArcSoft Print Creations - Foto Boek ArcSoft Print Creations - Foto Kalender ArcSoft Print Creations - Scrapbook ArcSoft Print Creations - Slimline Card avast! Antivirus Azada Backspin Billiards Big Kahuna Reef Bonjour Bookworm Deluxe Bricks of Egypt Cake Mania CCScore Chicken Invaders 3 Chuzzle Diner Dash Flo on the Go Eraser ESSBrwr ESSCDBK ESScore ESSgui ESSini ESSPCD ESSPDock ESSTOOLS essvatgt Flip Words 2 HijackThis 2.0.2 Hotfix voor Microsoft. NET Framework 3.5 SP1 (KB953595) Hotfix voor Microsoft. NET Framework 3.5 SP1 (KB958484) iTunes Java (TM) 6 Update 13 Jewel Quest Solitaire kgcbaby kgchday kgchlwn kgcinvt kgckids kgcmove kgcvday Kick N Rush Kodak EasyShare software KODAK Gallery Uploaden Software Lexmark 4300 Series Mahjong Escape Ancient China Mahjongg Artifacts Malwarebytes' Anti-Malware Memorex exPressit Label Design Studio Microsoft. NET Framework 3.5 SP1 Microsoft Office Excel MUI (Engels) 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (Engels) 2007 Microsoft Office PowerPoint MUI (Engels) 2007 Microsoft Office Proof (Engels) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (Engels) 2007 Microsoft Office Shared MUI (Engels) 2007 Microsoft Office Shared Setup Metadata MUI (Engels) 2007 Microsoft Office Word MUI (Engels) 2007 Microsoft Silverlight Microsoft Visual C + + 2005 Redistributable Microsoft Visual C + + 2008 Redistributable - x86 9.0.30729.17 Microsoft Works Motorola SM56 Speakerphone Modem Mozilla Firefox (3.0.10) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 Parser en SDK Mystery Case Files - Huntsville Mystery Solitaire - Secret Island netbrdg NTI Backup Now 5 NTI Backup Now Standaard NTI Media Maker 8 NTI Open File Manager (alleen verwijderen) NVIDIA Drivers OfotoXMI OLYMPUS Master 2 OLYMPUS muvee theaterPack PCDADDIN PCDHELP QuickTime Realtek High Definition Audio Driver Beveiligingsupdate voor Microsoft Office PowerPoint 2007 (KB957789) SFR Shasta skin0001 SKINXSDK Spybot - Search & Destroy staticcr SUPERAntiSpyware Free Edition tooltips Turbo Pizza Update voor het 2007 Microsoft Office System (KB967642) Update voor Microsoft Office 2007 Help voor gemeenschappelijke kenmerken (KB963673) Update voor Microsoft Office Excel 2007 Help (KB963678) Update voor Microsoft Office OneNote 2007 Help (KB963670) Update voor Microsoft Office PowerPoint 2007 Help (KB963669) Update voor Microsoft Office-programma Scripteditor Help (KB963671) Update voor Microsoft Office Word 2007 Help (KB963665) VPRINTOL Windows Live OneCare veiligheid scanner WinPatrol 2009 DRAADLOZE Zuma Deluxe |
|
#6
24 mei 2009, 05:58
| |||
| |||
| Hi there Bubba Bedankt voor bijgewerkte lijst verwijderen - kan u de nieuwe combofix log voor me, zoals gevraagd. Citaat:
Wat LTCats: Van wat ik kan vertellen is dit een geldige inschrijving, maar is geclassificeerd als "de gebruiker de keuze 'op de vraag of het draait op start Wat Limewire: Ik zie een paar items die nog steeds in, maar we kunnen ge hen met de volgende run van combofix
__________________ Trots lid van ASAP & UNITE |
|
#7
24 mei 2009, 07:03
| |||
| |||
| Oei, de computer opgesloten en stilleggen als het er uit zag Combofix stond te eindigen op. Het opnieuw opgestart en ik heb geselecteerd safemode. Ik denk niet dat het ontstaan van het logboek, maar ik weet het niet zeker. Hier is de Microsoft-pop. Windows is hersteld van een onverwachte afsluiten. Probleem ondertekening: Probleem Event Naam: Blue Screen OS Version: 6.0.6001.2.1.0.768.3 Landinstelling-id: 1033 Aanvullende informatie over het probleem: BCCode: 50 BCP1: E0858E9B BCP2: 00000000 BCP3: 9B9D2D10 BCP4: 00000002 OS VERSIE: 6_6_6001 Service Pack: 1_0 PRODUCT: 768_1 DOSSIERS DAT Beschrijf het probleem: C \ Windows \ minidump \ mini052409-01.dmp C \ Users \ Shirley \ appdata \ Temp \ WER-85644-0.systemdata.xml C \ Users \ Shirley \ AppData \ Local \ Temp \ WERC6C7.tmp.ver sion.txt Ik heb over die computer op dat scherm in safemode. Wat wil je dat ik ermee doen? Ik laat het in safemode totdat ik iets hoor, ik moet gaan film nu, terug in ongeveer 3 uur. Man, dit is leuk werken op de computer van iemand anders, dus ik heb de mijne nog steeds hulp krijgen hier op. EDIT: Ik heb niet geprobeerd, maar ik ben er zeker van dat kan ik deze bestanden in safemode als je moet weten wat ze zeggen, maar ik weet ook niet hoe het openen van een XML-bestand. |
|
#8
24 mei 2009, 07:11
| |||
| |||
| Hi Bubba Probeer rebooten en kijken of het succes laarzen weer, zo niet proberen te drukken op F8 om toegang te krijgen tot de boot scherm op het opstarten en kies de optie Laatste bekende juiste configuratie.
__________________ Trots lid van ASAP & UNITE |
|
#9
24 mei 2009, 07:50
| |||
| |||
| Het opstarten en er was een ComboFix2 aanmelden daar, het is vrij identiek aan de eerste, maar er is een 10:04 timestamp verwijst naar een quarantaine logboek. De quarentine log is leeg. Hier is het bestand, ik weet niet of het compleet is of wat je maar wilt. Nu heb ik te splitsen. ComboFix 09-05-23.04 - Shirley 05/24/2009 4:48.1 - NTFSx86 Microsoft ® Windows Vista ™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1916 [GMT -4:00] Running from: C: \ Users \ Shirley \ Desktop \ ComboFix.exe SP: Spybot - Search and Destroy * gehandicapten * (verouderde) (ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9) SP: SUPERAntiSpyware * gehandicapten * (Updated) (222A897C-5018-402e-943F-7E7AC8560DA7) SP: Windows Defender * ingeschakeld * (Updated) (D68DDC3A-831F-4FAE-9E44-DA132C1ACF46) . ((((((((((((((((((((((((( Bestanden Gemaakt van 2009-04-24 tot 2009-05-24 ))))))))))) )))))))))))))))))))) . 2009-05-22 23:57. 2009-05-24 08:40 117,760 ---- aw c: \ Users \ Shirley \ AppData \ Roaming \ SUPERAntiSpyware. com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009-05-22 23:56. 2009-05-22 23:56 -------- d ----- wc: \ Programdata \ SUPERAntiSpyware.com 2009-05-22 23:52. 2009-05-22 23:52 -------- d ----- wc: \ program files \ SUPERAntiSpyware 2009-05-22 23:52. 2009-05-22 23:52 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ SUPERAntiSpyware. com 2009-05-22 20:36. 2009-05-22 20:36 -------- d ----- wc: \ Program Files \ Common Files \ Wise Installation Wizard 2009-05-22 15:06. 2009-02-05 20:06 51,376 ---- aw c: \ windows \ system32 \ drivers \ aswTdi.sys 2009-05-22 15:06. 2009-02-05 20:06 23,152 ---- aw c: \ windows \ system32 \ drivers \ aswRdr.sys 2009-05-22 15:06. 2009-02-05 20:07 114,768 ---- aw c: \ windows \ system32 \ drivers \ aswSP.sys 2009-05-22 15:06. 2009-02-05 20:07 20,560 ---- aw c: \ windows \ system32 \ drivers \ aswFsBlk.sys 2009-05-22 15:06. 2009-02-05 20:04 97,480 ---- aw c: \ windows \ system32 \ AvastSS.scr 2009-05-22 15:06. 2009-02-05 20:11 1,256,296 ---- aw c: \ windows \ system32 \ aswBoot.exe 2009-05-22 15:06. 2009-02-05 20:06 51,792 ---- aw C: \ Windows \ system32 \ drivers \ aswMonFlt.sys 2009-05-22 15:06. 2009-05-22 15:06 -------- d ----- wc: \ Program Files \ Alwil Software 2009-05-22 04:38. 2009-05-22 04:38 738,120 ---- aw c: \ Programdata \ Microsoft \ eHome \ Packages \ MCESpotlig ht \ MCESpotlight \ SpotlightResources.dll 2009-05-20 12:43. 2008-06-20 01:14 97,800 ---- aw c: \ windows \ system32 \ infocardapi.dll 2009-05-20 12:43. 2008-06-20 01:14 105,016 ---- aw c: \ windows \ system32 \ PresentationCFFRasterizerNativ e_v0300.dll 2009-05-20 12:43. 2008-06-20 01:14 11,264 ---- aw c: \ windows \ system32 \ icardres.dll 2009-05-20 12:43. 2008-06-20 01:14 622,080 ---- aw c: \ windows \ system32 \ icardagt.exe 2009-05-20 12:43. 2008-06-20 01:14 43,544 ---- aw c: \ windows \ system32 \ PresentationHostProxy.dll 2009-05-20 12:43. 2008-06-20 01:14 781,344 ---- aw c: \ windows \ system32 \ PresentationNative_v0300.dll 2009-05-20 12:43. 2008-06-20 01:14 326,160 ---- aw c: \ windows \ system32 \ PresentationHost.exe 2009-05-20 12:33. 2008-07-27 18:03 96,760 ---- aw c: \ windows \ system32 \ dfshim.dll 2009-05-20 12:33. 2008-07-27 18:03 282,112 ---- aw c: \ windows \ system32 \ mscoree.dll 2009-05-20 12:33. 2008-07-27 18:03 41,984 ---- aw c: \ windows \ system32 \ netfxperf.dll 2009-05-20 12:32. 2008-07-27 18:03 158,720 ---- aw c: \ windows \ system32 \ mscorier.dll 2009-05-20 12:32. 2008-07-27 18:03 83968 ---- aw c: \ windows \ system32 \ mscories.dll 2009-05-20 11:39. 2009-05-20 11:39 -------- d ----- wc: \ Program Files \ Microsoft Silverlight 2009-05-20 04:03. 2009-05-20 11:00 -------- d ----- wc: \ Program Files \ Windows Live Safety Center 2009-05-19 23:20. 2009-05-19 23:20 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Acer DV Magician 2009-05-19 23:10. 2009-05-19 23:10 -------- d ----- wc: \ windows \ zondag 2009-05-19 20:40. 2009-05-19 20:40 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ com.adobe.mauby.4 875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2009-05-19 20:40. 2009-05-19 11:41 38,200 ---- aw c: \ Users \ Shirley \ AppData \ Roaming \ Macromedia \ Flash Player \http://www.macromedia.com \ Bin \ airapp ... pinstaller.exe 2009-05-19 18:24. 2009-05-24 08:38 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Eraser 2009-05-19 18:24. 2009-05-19 18:24 -------- d - h - wc: \ Users \ Shirley \ AppData \ Local \ (A25FEDC1-F6D7-440C-BCE2-B71F595F6646) 2009-05-19 18:24. 2009-05-19 18:24 -------- d ----- wc: \ program files \ Eraser 2009-05-19 17:20. 2009-05-19 17:20 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ eSobi 2009-05-19 17:11. 2008-07-10 06:32 538 ---- aw c: \ windows \ system32 \ RegRaidSedona.bat 2009-05-19 17:07. 2009-05-19 17:07 -------- d ----- w C: \ NVIDIA 2009-05-19 14:04. 2009-05-19 14:05 -------- d ----- wc: \ program files \ Spybot - Search & Destroy 2009-05-19 14:04. 2009-05-19 14:05 -------- d ----- wc: \ Programdata \ Spybot - Search & Destroy aan 2009-05-19 13:01. 2009-05-19 13:01 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol 2009-05-19 13:01. 2006-09-18 21:43 10 ---- aw c: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol \ Config. sys 2009-05-19 13:01. 2006-09-18 21:43 24 ---- aw c: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol \ Autoexe c.bat 2009-05-19 13:01. 2009-05-19 13:01 -------- d ----- wc: \ program files \ BillP Studios 2009-05-19 12:26. 2009-05-19 12:26 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ Malwarebytes 2009-05-19 12:26. 2009-04-06 19:32 15,504 ---- aw c: \ windows \ system32 \ drivers \ mbam.sys 2009-05-19 12:26. 2009-04-06 19:32 38,496 ---- aw c: \ windows \ system32 \ drivers \ mbamswissarmy.sys 2009-05-19 12:26. 2009-05-19 13:22 -------- d ----- wc: \ Program Files \ Malwarebytes' Anti-Malware 2009-05-19 12:26. 2009-05-19 12:26 -------- d ----- wc: \ Programdata \ Malwarebytes 2009-05-19 11:53. 2009-05-19 11:53 0 ---- aw c: \ windows \ nsreg.dat 2009-05-19 11:53. 2009-05-19 11:53 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Mozilla 2009-05-19 11:41. 2009-05-19 11:41 -------- d ----- wc: \ Program Files \ Common Files \ Adobe AIR 2009-05-19 11:38. 2009-05-19 12:45 -------- d ----- wc: \ Programdata \ NOS 2009-05-19 11:29. 2009-05-19 11:29 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Zeven Postcode 2009-05-19 10:41. 2009-03-19 20:32 23,400 ---- aw c: \ windows \ system32 \ drivers \ GEARAspiWDM.sys 2009-05-19 10:41. 2008-04-17 16:12 107,368 ---- aw c: \ windows \ system32 \ GEARAspi.dll 2009-05-19 10:41. 2009-05-20 01:10 -------- d ----- wc: \ program files \ iPod 2009-05-19 10:41. 2009-05-19 10:41 -------- d ----- wc: \ Programdata \ (8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906) 2009-05-19 10:41. 2009-05-19 10:41 -------- d ----- wc: \ program files \ iTunes 2009-05-19 10:38. 2009-05-19 10:38 -------- d ----- wc: \ Program Files \ QuickTime 2009-05-19 10:34. 2009-05-19 10:34 75,048 ---- aw c: \ Programdata \ Apple Computer \ Installer Cache \ iTunes 8.1.1.10 \ SetupAdmin.exe 2009-05-19 10:34. 2009-05-19 10:34 -------- d ----- wc: \ program files \ Bonjour 2009-05-19 10:33. 2009-05-19 10:33 416,128 ---- aw c: \ Programdata \ Microsoft \ eHome \ Packages \ NetTV \ Brow se \ NetTVResources.dll 2009-05-19 10:29. 2009-05-19 10:29 410,984 ---- aw c: \ windows \ system32 \ deploytk.dll 2009-05-12 02:36. 2009-05-12 02:36 2930 --- h - wc: \ windows \ ms49f4d98.dat 2009-05-11 23:55. 2009-04-14 00:39 4656976 ---- aw c: \ Programdata \ Microsoft \ Windows Defender \ Definition Updates \ (DD7D9A19-5FB4-4855-A8E0-F0A00524AD5E) \ mpengine.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009-05-24 08:39. 2009-02-17 13:54 602 ---- aw c: \ Programdata \ ArcSoft \ kodak-printcreations-22-080812-oem \ acforall.dll 2009-05-24 04:22. 2008-09-12 01:46 -------- d ----- wc: \ Program Files \ Google 2009-05-20 11:55. 2008-09-11 17:01 104,472 ---- aw c: \ Users \ Shirley \ AppData \ Local \ GDIPFONTCACHEV1.DAT 2009-05-20 11:51. 2008-02-05 19:30 -------- d ----- wc: \ Programdata \ Microsoft Help 2009-05-20 11:49. 2008-02-05 19:31 -------- d ----- wc: \ Program Files \ Microsoft Works 2009-05-20 03:54. 2008-09-12 14:01 -------- d ----- wc: \ program files \ Lx_cats 2009-05-20 00:42. 2008-02-05 20:19 -------- d ----- wc: \ Program Files \ Common Files \ Adobe 2009-05-19 23:28. 2008-02-05 19:26 -------- d - h - wc: \ Program Files \ InstallShield Installation Information 2009-05-19 23:27. 2008-02-05 19:49 -------- d ----- wc: \ program files \ Acer Arcade Live 2009-05-19 23:20. 2008-09-15 23:24 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ CyberLink 2009-05-19 21:38. 2008-09-12 20:56 -------- d ----- wc: \ Program Files \ Common Files \ SureThing Shared 2009-05-19 21:04. 2008-09-12 14:09 1,664 ---- aw c: \ Users \ Shirley \ AppData \ Roaming \ wklnhst.dat 2009-05-19 17:29. 2009-03-04 15:55 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ Sony 2009-05-19 17:20. 2008-02-05 19:22 -------- d ----- wc: \ Programdata \ NVIDIA 2009-05-19 16:54. 2008-02-05 18:03 36,864 ---- aw c: \ windows \ system32 \ nvcod100.dll 2009-05-19 16:54. 2007-10-25 11:02 147,456 ---- aw c: \ windows \ system32 \ nvcolor.exe 2009-05-19 16:13. 2008-09-12 01:47 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ LimeWire 2009-05-19 11:32. 2008-02-05 20:08 -------- d ----- wc: \ Program Files \ Yahoo! 2009-05-19 11:05. 2008-09-12 01:45 -------- d ----- wc: \ Program Files \ Java 2009-05-19 10:41. 2008-09-13 03:14 -------- d ----- wc: \ Program Files \ Common Files \ Apple 2009-05-19 10:38. 2008-09-13 03:15 -------- d ----- wc: \ Programdata \ Apple Computer 2009-05-11 12:10. 2009-05-11 12:10 78,260 ---- aw c: \ Programdata \ SPL23D4.tmp 2009-04-17 10:12. 2006-11-02 11:18 -------- d ----- wc: \ Program Files \ Windows Mail 2009-04-02 22:13. 2009-04-02 22:13 702,127 ---- aw c: \ Programdata \ SPLFB91.tmp 2009-03-19 20:32. 2009-03-19 20:32 23,400 ---- aw c: \ Programdata \ (8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906) \ x86 \ x86 \ GEARAspiWDM.sys 2009-03-17 03:38. 2009-04-17 05:22 13,824 ---- aw c: \ windows \ system32 \ apilogen.dll 2009-03-17 03:38. 2009-04-17 05:22 24,064 ---- aw c: \ windows \ system32 \ amxread.dll 2009-03-08 11:34. 2009-05-20 03:47 914,944 ---- aw c: \ windows \ system32 \ Wininet.dll 2009-03-08 11:34. 2009-05-20 03:47 43,008 ---- aw c: \ windows \ system32 \ licmgr10.dll 2009-03-08 11:33. 2009-05-20 03:47 18,944 ---- aw c: \ windows \ system32 \ corpol.dll 2009-03-08 11:33. 2009-05-20 03:47 109,056 ---- aw c: \ windows \ system32 \ iesysprep.dll 2009-03-08 11:33. 2009-05-20 03:47 109,568 ---- aw c: \ windows \ system32 \ PDMSetup.exe 2009-03-08 11:33. 2009-05-20 03:47 107,520 ---- aw c: \ windows \ system32 \ RegisterIEPKEYs.exe 2009-03-08 11:33. 2009-05-20 03:47 103,936 ---- aw c: \ windows \ system32 \ SetDepNx.exe 2009-03-08 11:33. 2009-05-20 03:47 132,608 ---- aw c: \ windows \ system32 \ ieUnatt.exe 2009-03-08 11:33. 2009-05-20 03:47 107,008 ---- aw c: \ windows \ system32 \ SetIEInstalledDate.exe 2009-03-08 11:33. 2009-05-20 03:47 420,352 ---- aw c: \ windows \ system32 \ vbscript.dll 2009-03-08 11:32. 2009-05-20 03:47 72,704 ---- aw c: \ windows \ system32 \ admparse.dll 2009-03-08 11:32. 2009-05-20 03:47 71,680 ---- aw c: \ windows \ system32 \ iesetup.dll 2009-03-08 11:32. 2009-05-20 03:47 66,560 ---- aw c: \ windows \ system32 \ wextract.exe 2009-03-08 11:32. 2009-05-20 03:47 169,472 ---- aw c: \ windows \ system32 \ iexpress.exe 2009-03-08 11:31. 2009-05-20 03:47 34,816 ---- aw c: \ windows \ system32 \ imgutil.dll 2009-03-08 11:31. 2009-05-20 03:47 48,128 ---- aw c: \ windows \ system32 \ mshtmler.dll 2009-03-08 11:31. 2009-05-20 03:47 45,568 ---- aw c: \ windows \ system32 \ Mshta.exe 2009-03-08 11:22. 2009-05-20 03:47 156,160 ---- aw c: \ windows \ system32 \ Msls31.dll 2009-03-03 04:46. 2009-04-17 05:22 3599328 ---- aw c: \ windows \ system32 \ Ntkrnlpa.exe 2009-03-03 04:46. 2009-04-17 05:22 3547632 ---- aw c: \ windows \ system32 \ ntoskrnl.exe 2009-03-03 04:39. 2009-04-17 05:22 183,296 ---- aw c: \ windows \ system32 \ sdohlp.dll 2009-03-03 04:39. 2009-04-17 05:22 551,424 ---- aw c: \ windows \ system32 \ Rpcss.dll 2009-03-03 04:39. 2009-04-17 05:22 26,112 ---- aw c: \ windows \ system32 \ printfilterpipelineprxy.dll 2009-03-03 04:37. 2009-04-17 05:22 98,304 ---- aw c: \ windows \ system32 \ iasrecst.dll 2009-03-03 04:37. 2009-04-17 05:22 54,784 ---- aw c: \ windows \ system32 \ iasads.dll 2009-03-03 04:37. 2009-04-17 05:22 44,032 ---- aw c: \ windows \ system32 \ iasdatastore.dll 2009-03-03 03:04. 2009-04-17 05:22 666,624 ---- aw c: \ windows \ system32 \ printfilterpipelinesvc.exe 2009-03-03 02:38. 2009-04-17 05:22 17,408 ---- aw c: \ windows \ system32 \ iashost.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Note * empty entries & legit default entries worden niet weergegeven REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "ehTray.exe" = "c: \ windows \ ehome \ ehTray.exe" [2008-01-21 125952] "OM2_Monitor" = "C: \ Program Files \ OLYMPUS \ OLYMPUS Master 2 \ MMonitor.exe" [2008-11-07 95536] "WMPNSCFG" = "C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe" [2008-01-21 202240] "Eraser" = "C: \ Program Files \ Eraser \ Eraser.exe" [2007-12-22 916240] "SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2009-05-14 1830128] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "BkupTray" = "C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BkupTray.exe" [2007-12-30 34552] "Acer Empowering Technology Monitor" = "c: \ acer \ Empowering Technology \ SysMonitor.exe" [2008-01-10 326176] "SMSERIAL" = "C: \ Program Files \ Motorola \ SMSERIAL \ sm56hlpr.exe" [2007-02-02 630784] "Acer Product Registration" = "C: \ Program Files \ Acer Registratie \ ACE1.exe" [2007-10-15 3387392] "NVRaidService" = "c: \ windows \ system32 \ nvraidservice. Exe" [2008-11-12 203296] "LXCECATS" = "c: \ windows \ system32 \ spool \ drivers \ W32X 86 \ 3 \ LXCEtime.dll" [2007-02-22 73728] "lxcemon.exe" = "C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe" [2007-05-17 205744] "EzPrint" = "C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe" [2007-05-17 103344] "ArcSoft Connection Service" = "C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ Bin \ ACDaemon.exe" [2009-04-29 188.728] "QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2009-01-05 413696] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-04-02 342312] "SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe" [2009-05-19 148888] "Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe" [2009-02-27 35696] "WinPatrol" = "C: \ Program Files \ BillP Studios \ WinPatrol \ winpatrol.exe" [2009-04-20 337216] "NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2009-01-16 13683232] "NvMediaCenter" = "c: \ windows \ system32 \ NvMcTray. Dll" [2009-01-16 92704] "avast!" = "c: \ progra ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp. exe" [2009-02-05 81000] "RtHDVCpl" = "RtHDVCpl.exe" - c: \ windows \ RtHDVCpl.exe [2007-10-11 4702208] c: \ Programdata \ Microsoft \ Windows \ Start Menu \ Programs \ Startup \ Empowering Technology Launcher.lnk - C: \ acer \ Empowering Technology \ eAPLauncher.exe [2008-2-5 535336] Kodak EasyShare software.lnk - c: \ program files \ Kodak \ Kodak EasyShare software \ bin \ EasyShare.exe [2008-10-30 282624] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ valuta entversion \ policies \ system] "EnableUIADesktopToggle" = 0 (0x0) "EnableLUA" = 0 (0x0) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ valuta entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon] 2008-12-22 16:05 356,352 ---- aw C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ drivers32 "wave2" = serwvdrv.dll [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ SafeBoot \ Minimal \ WinDefend] @ = "Service" [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring] "DisableMonitoring" = dword: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecAntiVirus] "DisableMonitoring" = dword: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecFirewall] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo antonny \ FirewallRules] "(2E9A4533-1359-46B6-B326-2B899D73FD10)" = UDP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote "(ADE9CF49-7A0E-4076-9B85-7648EC5E7736)" = TCP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote "(6299EEE5-1856-4B10-9916-798B1C1AEF89)" = UDP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe: BackupSvc.exe "(F3CFA48D-AE6A-482E-96D7-2390C5C0FDF5)" = UDP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe: AgentSvc.exe "(D430641B-178B-4C39-B53C-F6B3221DB01A)" = TCP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe: BackupSvc.exe "(948000F3-8719-4206-B4C5-6506B663184F)" = TCP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe: AgentSvc.exe "(8BCD640B-594A-465F-8A9E-E5A6C07DC081)" = UDP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe: SchedulerSvc.exe "(7B6B3B53-9D2B-40C9-B91F-FE85E1D6A25A)" = TCP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe: SchedulerSvc.exe "(CA5E49E2-2662-4B15-BE6C-0FC7F1CC3A1B)" = UDP: C: \ Windows \ System32 \ lxcecoms.exe: Lexmark Communications System "(61DAEE1D-D19E-4F1A-B41E-603246AF524C)" = TCP: C: \ Windows \ System32 \ lxcecoms.exe: Lexmark Communications System "(EB8798E6-358B-4DDA-A219-21BBC5D3C79A)" = UDP: C: \ Windows \ System32 \ spool \ drivers \ w32x86 \ 3 \ lxc epswx.exe: Printer Status Window "(C513D5EB-73E1-4ED7-A04C-C37C9E69B4B0)" = TCP: C: \ Windows \ System32 \ spool \ drivers \ w32x86 \ 3 \ lxc epswx.exe: Printer Status Window "(99976595-B4E1-4C9A-A3DE-A67AEDEE9B55)" = c: \ program files \ Acer Arcade Live \ Acer Arcade Live Main Page \ Acer Arcade Live.exe: Acer Arcade Live "(7A37205C-E643-4464-8C27-FAFCC859102D)" = UDP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote "(1DF156D1-94E3-4B3D-A91E-724DFC89819E)" = TCP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote "(B7DA4A0B-FA80-40F6-A9A6-B737F64A2D2D)" = UDP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour "(D7D156E3-7B84-41F2-9FD8-CF9860453F65)" = TCP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour "(F8CDA590-0FD3-4E40-8A6C-9850B1E5C2AB)" = UDP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes "(F6A110DE-6630-4823-B892-60950EB9ED71)" = TCP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes "(8640BFAB-1B85-48CC-95D5-9AABB44E4D95)" = UDP: C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol "(6CC4A3BE-8F00-4983-B199-3050D54509B8)" = TCP: C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol "(1EA08720-DA12-4CDE-8A5A-AF15D91C1E5F)" = UDP: C: \ Program Files \ Malwarebytes' Anti-Malware \ mbam.exe: Malwarebytes' Anti-Malware "(DDDCF108-71DF-48CD-AD53-71D17C3F2C5C)" = TCP: C: \ Program Files \ Malwarebytes' Anti-Malware \ mbam.exe: Malwarebytes' Anti-Malware "(F98C3B13-2099-40EC-B504-2445C9C5B1B0)" = UDP: C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy "(3DB81CCD-4E96-40B3-8CA9-0089C89C294B)" = TCP: C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy "(918FE1A4-6957-4640-97D9-C85BED212614)" = UDP: C: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe: Update Spybot-S & D "(877DB07F-9298-486A-BB5B-930AF3A683AA)" = TCP: C: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe: Update Spybot-S & D "(5A664831-D250-4805-BB75-32612C9742F8)" = UDP: C: \ Windows \ ehome \ ehshell.exe: Windows Media Center "(2A157C0E-5966-4B7E-8D49-178D75EA6009)" = TCP: C: \ Windows \ ehome \ ehshell.exe: Windows Media Center [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo antonny \ StandardProfile] "EnableFirewall" = 0 (0x0) R1 aswSP; avast! Self Protection; c: \ windows \ system32 \ drivers \ aswSP.sys [5/22/2009 11:06 AM 114768] R1 FAMv4; FAMv4, c: \ windows \ system32 \ drivers \ FAMv4.sys [12/14/2007 3:35 PM 132120] R1 SASDIFSV; SASDIFSV; C: \ Program Files \ SUPERAntiSpyware \ sasdifsv.sys [5/14/2009 2:22 PM 9968] R1 SASKUTIL; SASKUTIL; C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [5/14/2009 2:22 PM 72944] R2 aswFsBlk; aswFsBlk, c: \ windows \ system32 \ drivers \ aswF sBlk.sys [5/22/2009 11:06 AM 20560] R2 aswMonFlt; aswMonFlt, c: \ windows \ system32 \ drivers \ als wMonFlt.sys [5/22/2009 11:06 AM 51792] R2 BUNAgentSvc; NTI Backup Now 5 Agent Service; c: \ program files \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe [12/30/2007 5:54 PM 21752] R2 NTIBackupSvc; NTI Backup Now 5 Backup Service; c: \ program files \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe [12/30/2007 5:55 PM 54520] R2 NTISchedulerSvc; NTI Backup Now 5 Scheduler Service; c: \ program files \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe [12/30/2007 5:54 PM 136440] R2 SBSDWSCService; SBSD Security Center Service; c: \ program files \ Spybot - Search & Destroy \ SDWinSec.exe [5/19/2009 10:04 AM 1153368] R3 SASENUM; SASENUM; C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [5/14/2009 2:22 PM 7408] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Active Setup \ geïnstalleerde componenten \> (60B49E34-C7CC-11D0-8953-00A0C90347FF)] "c: \ windows \ system32 \ rundll32.exe" "C: \ Windows \ System32 \ iedkcs32.dll", BrandIEActiveSe TUP SIGNUP . - - - - WEZEN REMOVED - - - -- SafeBoot-procexp90.Sys . ------- Bijkomende Scan ------- . uStart Page = hxxp: / / www.yahoo.com/ mStart Page = hxxp: / / en.us.acer.yahoo.com uInternet Instellingen, ProxyOverride = <local>; *. lokale uInternet Instellingen, ProxyServer = http = localhost: 7171 IE: E & xporteren naar Microsoft Excel - c: \ progra ~ 1 \ MICROS ~ 2 \ Office12 \ EXCEL.EXE/3000 Vertrouwde Zone: microsoft.com \ update Vertrouwde Zone: microsoft.com \ WindowsUpdate FF - ProfilePath - c: \ Users \ Shirley \ AppData \ Roaming \ Mozilla \ Firefox \ P rofiles \ j0dqrqc6.default \ FF - prefs.js: browser.startup.homepage - hxxp: / / en.us.acer.yahoo.com / . ************************************************** ************************ CatchMe 0.3.1398 W2K/XP/Vista - rootkit / stealth malware detector, Gmer, http://www.gmer.net Rootkit scan 2009-05-24 04:54 Windows 6.0.6001 Service Pack 1 NTFS het scannen van verborgen processen ... het scannen van verborgen autostart items ... HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run LXCECATS = rundll32 c: \ windows \ system32 \ spool \ drivers \ w32x86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16 ???????????????????????? ????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? het scannen van verborgen bestanden ... scannen is voltooid verborgen bestanden: 0 ************************************************** ************************ . --------------------- --------------------- LOCKED GRIFFIE SLEUTELS [HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Control \ Cl kont \ (4D36E96D-E325-11CE-BFC1-08002BE10318) \0000 \ AllUserSettings] @ Instapweigering: (A) (gebruikers) @ Instapweigering: (A) (Iedereen) @ Toegestaan: (B 1 2 3 4 5) (S-1-5-20) "BlindDial" = dword: 00000000 . Voltooiingstijdstip: 2009-05-24 4:55 ComboFix-quarantaine-files.txt 2009-05-24 08:55 Pre-Run: 173756547072 bytes vrij Post-Run: 173859581952 bytes vrij 269 --- EOF --- 2009-05-17 10:04 EDIT: Nope, snelle vergelijking van de eerste, ik denk dat het identiek. |
|
#10
24 mei 2009, 10:38
| |||
| |||
| Hi Bubba, Citaat:
De huidige log kunt u vinden op de C: / combofix.txt.
__________________ Trots lid van ASAP & UNITE |
