Ga terug   Computer Idee Forum > Internet > Beveiliging

Antwoord
 
Discussietools Weergave
Oud 12 February 2009, 22:35   #1
anoniem26255
Guest
 
Berichten: n/a
Standaard Hijackthis StillBorn

hey!

ik heb wat problemen met mijn laptop... hij was gecrashed en heb vista opnieuw geinstalleerd.. problemen komen voor met photoshop en ik heb soms wat internet probleempjes =S

log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:34:53, on 12-2-2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16809)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Xfire\xfire.exe
C:\Windows\System32\rundll32.exe
C:\Users\dennis\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Vuze\Azureus.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Users\dennis\Downloads\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/yco...//uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/yco...//uk.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O13 - Gopher Prefix:
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6442 bytes

bij voorbaat dank !!!
  Met citaat antwoorden
Oud 13 February 2009, 16:01   #2
anoniem35971
Guest
 
Berichten: n/a
Standaard

Start hijackthis en kies voor 'do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =


Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.


Download MalwareBytes' Anti-Malware en sla het op je bureaublad op.
Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg dat er na de installatie een vinkje is geplaatst bij:
  • Update MalwareBytes' Anti-Malware
  • Start MalwareBytes' Anti-Malware
Klik daarna op "Voltooien".
Indien een update gevonden wordt, zal die gedownload en ge´nstalleerd worden.
  • Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
  • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
  • Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
  • Druk vervolgens op "Scannen" om de scan te starten.
  • Het scannen kan een tijdje duren, dus wees geduldig.
  • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
  • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
  • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Plaats dit logje.


Download Combofix naar je Bureaublad en gebruik het volgens deze handleiding.
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
  • Dubbelklik op Combofix.exe om het te starten.
  • Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
  • Klik op OK in het "NirCmd" venstertje.
  • Klik na afloop terug op Ja om het scannen op malware te starten.
  • Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
  • Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.
Post dit logje in je volgende antwoord
  Met citaat antwoorden
Oud 14 February 2009, 00:08   #3
anoniem26255
Guest
 
Berichten: n/a
Standaard

Logje van Malwarebytes:

Malwarebytes' Anti-Malware 1.34
Database versie: 1760
Windows 6.0.6000

14-2-2009 0:07:59
mbam-log-2009-02-14 (00-07-59).txt

Scan type: Snelle Scan
Objecten gescand: 53052
Verstreken tijd: 2 minute(s), 14 second(s)

Geheugenprocessen ge´nfecteerd: 0
Geheugenmodulen ge´nfecteerd: 0
Registersleutels ge´nfecteerd: 0
Registerwaarden ge´nfecteerd: 0
Registerdata bestanden ge´nfecteerd: 0
Mappen ge´nfecteerd: 0
Bestanden ge´nfecteerd: 0

Geheugenprocessen ge´nfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen ge´nfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels ge´nfecteerd:
(Geen kwaadaardige items gevonden)

Registerwaarden ge´nfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden ge´nfecteerd:
(Geen kwaadaardige items gevonden)

Mappen ge´nfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden ge´nfecteerd:
(Geen kwaadaardige items gevonden)
  Met citaat antwoorden
Oud 14 February 2009, 00:25   #4
anoniem26255
Guest
 
Berichten: n/a
Standaard

ComboFix 09-02-12.03 - dennis 2009-02-14 0:12:21.1 - NTFSx86
Microsoft« Windows VistaÖ Home Premium 6.0.6000.0.1252.1.1043.18.2046.1194 [GMT 1:00]
Gestart vanuit: c:\users\dennis\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
* Nieuw herstelpunt werd aangemaakt

(Andere Verwijderingen)

c:\windows\setup.exe
G:\Autorun.inf

.
( Bestanden Gemaakt van 2009-01-13 to 2009-02-13 )
.

2009-02-14 00:04 . 2009-02-14 00:04 <DIR> d-------- c:\users\dennis\AppData\Roaming\Malwarebytes
2009-02-14 00:04 . 2009-02-14 00:04 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-02-14 00:04 . 2009-02-14 00:04 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-14 00:04 . 2009-02-14 00:04 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-14 00:04 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-14 00:04 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-13 12:23 . 2009-02-13 12:23 <DIR> d-------- c:\program files\Adobe Media Player
2009-02-13 12:21 . 2009-02-13 12:21 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-02-13 12:18 . 2009-02-13 12:18 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2009-02-12 23:11 . 2009-02-12 23:11 268,800 --a------ c:\windows\System32\es.dll
2009-02-12 22:43 . 2009-02-12 22:43 268,288 --a------ c:\windows\System32\mcbuilder.exe
2009-02-12 22:42 . 2009-02-12 22:42 8,147,968 --a------ c:\windows\System32\wmploc.DLL
2009-02-12 22:41 . 2009-02-12 22:41 2,923,520 --a------ c:\windows\explorer.exe
2009-02-12 22:41 . 2009-02-12 22:41 803,328 --a------ c:\windows\System32\drivers\tcpip.sys
2009-02-12 22:41 . 2009-02-12 22:41 216,632 --a------ c:\windows\System32\drivers\netio.sys
2009-02-12 22:41 . 2009-02-12 22:41 167,424 --a------ c:\windows\System32\tcpipcfg.dll
2009-02-12 22:41 . 2009-02-12 22:41 24,064 --a------ c:\windows\System32\netcfg.exe
2009-02-12 22:41 . 2009-02-12 22:41 22,016 --a------ c:\windows\System32\netiougc.exe
2009-02-12 22:41 . 2009-02-12 22:41 7,680 --a------ c:\windows\System32\spwmp.dll
2009-02-12 22:41 . 2009-02-12 22:41 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-02-12 22:41 . 2009-02-12 22:41 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-02-12 22:38 . 2009-02-12 22:38 1,585,664 --a------ c:\windows\System32\setupapi.dll
2009-02-12 22:36 . 2009-02-12 22:36 441,856 --a------ c:\windows\System32\win32spl.dll
2009-02-12 22:36 . 2009-02-12 22:36 290,304 --a------ c:\windows\System32\drivers\srv.sys
2009-02-12 22:36 . 2009-02-12 22:36 223,232 --a------ c:\windows\System32\WMASF.DLL
2009-02-12 22:36 . 2009-02-12 22:36 113,664 --a------ c:\windows\System32\drivers\rmcast.sys
2009-02-12 22:36 . 2009-02-12 22:36 83,968 --a------ c:\windows\System32\dnsrslvr.dll
2009-02-12 22:36 . 2009-02-12 22:36 37,376 --a------ c:\windows\System32\printcom.dll
2009-02-12 22:36 . 2009-02-12 22:36 24,576 --a------ c:\windows\System32\dnscacheugc.exe
2009-02-12 22:36 . 2009-02-12 22:36 14,848 --a------ c:\windows\System32\wshrm.dll
2009-02-12 22:36 . 2009-02-12 22:36 11,776 --a------ c:\windows\System32\sbunattend.exe
2009-02-12 22:36 . 2009-02-12 22:36 9,728 --a------ c:\windows\System32\LAPRXY.DLL
2009-02-12 22:36 . 2009-02-12 22:36 2,048 --a------ c:\windows\System32\asferror.dll
2009-02-12 22:32 . 2009-02-12 22:32 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-12 22:32 . 2009-02-12 22:32 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-12 22:32 . 2009-02-12 22:32 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-12 22:32 . 2009-02-12 22:32 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-12 22:31 . 2009-02-12 22:31 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-12 22:31 . 2009-02-12 22:31 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-12 22:31 . 2009-02-12 22:31 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNativ e_v0300.dll
2009-02-12 22:31 . 2009-02-12 22:31 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-11 22:40 . 2009-02-11 22:40 361,984 --a------ c:\windows\System32\IPSECSVC.DLL
2009-02-11 22:40 . 2009-02-11 22:40 272,896 --a------ c:\windows\System32\polstore.dll
2009-02-11 22:40 . 2009-02-11 22:40 61,440 --a------ c:\windows\System32\winipsec.dll
2009-02-11 22:40 . 2009-02-11 22:40 28,672 --a------ c:\windows\System32\FwRemoteSvr.dll
2009-02-11 22:38 . 2009-02-11 22:38 205,824 --a------ c:\windows\System32\msoeacct.dll
2009-02-11 22:38 . 2009-02-11 22:38 194,560 --a------ c:\windows\System32\WebClnt.dll
2009-02-11 22:38 . 2009-02-11 22:38 110,080 --a------ c:\windows\System32\drivers\mrxdav.sys
2009-02-11 22:38 . 2009-02-11 22:38 87,040 --a------ c:\windows\System32\msoert2.dll
2009-02-11 22:38 . 2009-02-11 22:38 39,424 --a------ c:\windows\System32\ACCTRES.dll
2009-02-11 22:36 . 2009-02-11 22:36 1,831,424 --a------ c:\windows\System32\inetcpl.cpl
2009-02-11 22:36 . 2009-02-11 22:36 56,320 --a------ c:\windows\System32\iesetup.dll
2009-02-11 22:36 . 2009-02-11 22:36 26,624 --a------ c:\windows\System32\ieUnatt.exe
2009-02-11 22:34 . 2009-02-11 22:34 374,456 --a------ c:\windows\System32\mcupdate_GenuineIntel.dll
2009-02-11 22:34 . 2009-02-11 22:34 297,472 --a------ c:\windows\System32\gdi32.dll
2009-02-11 22:34 . 2009-02-11 22:34 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2009-02-11 22:33 . 2009-02-11 22:33 4,247,552 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2009-02-11 22:33 . 2009-02-11 22:33 1,687,040 --a------ c:\windows\System32\gameux.dll
2009-02-11 22:33 . 2009-02-11 22:33 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2009-02-11 22:32 . 2009-02-11 22:32 2,027,520 --a------ c:\windows\System32\win32k.sys
2009-02-11 22:32 . 2009-02-11 22:32 1,194,496 --a------ c:\windows\System32\msxml3.dll
2009-02-11 22:32 . 2009-02-11 22:32 303,616 --a------ c:\windows\System32\wmpeffects.dll
2009-02-11 22:32 . 2009-02-11 22:32 2,048 --a------ c:\windows\System32\msxml3r.dll
2009-02-11 22:31 . 2009-02-11 22:31 396,800 --a------ c:\windows\System32\MPSSVC.dll
2009-02-11 22:31 . 2009-02-11 22:31 392,192 --a------ c:\windows\System32\FirewallAPI.dll
2009-02-11 22:31 . 2009-02-11 22:31 178,688 --a------ c:\windows\System32\iphlpsvc.dll
2009-02-11 22:31 . 2009-02-11 22:31 86,016 --a------ c:\windows\System32\icfupgd.dll
2009-02-11 22:31 . 2009-02-11 22:31 63,488 --a------ c:\windows\System32\drivers\mpsdrv.sys
2009-02-11 22:31 . 2009-02-11 22:31 61,952 --a------ c:\windows\System32\cmifw.dll
  Met citaat antwoorden
Oud 14 February 2009, 00:27   #5
anoniem26255
Guest
 
Berichten: n/a
Standaard

2009-02-11 22:31 . 2009-02-11 22:31 23,040 --a------ c:\windows\System32\drivers\tunnel.sys
2009-02-11 22:31 . 2009-02-11 22:31 16,896 --a------ c:\windows\System32\wfapigp.dll
2009-02-11 22:31 . 2009-02-11 22:31 15,360 --a------ c:\windows\System32\drivers\TUNMP.SYS
2009-02-11 22:30 . 2009-02-11 22:30 2,048 --a------ c:\windows\System32\tzres.dll
2009-02-11 22:29 . 2009-02-11 22:29 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-02-11 22:22 . 2009-02-12 22:28 18,087,936 --a------ c:\windows\ocsetup_install_NetFx3.etl
2009-02-11 22:22 . 2009-02-12 22:28 327,680 --a------ c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-02-11 22:22 . 2009-02-12 22:28 65,536 --a------ c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-02-11 22:20 . 2009-02-11 22:20 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-11 22:20 . 2009-02-11 22:20 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-11 22:20 . 2009-02-11 22:20 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-11 22:20 . 2009-02-11 22:20 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-11 22:20 . 2009-02-11 22:20 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-11 22:14 . 2009-02-11 22:14 <DIR> d-------- c:\program files\MSXML 4.0
2009-02-11 22:13 . 2009-02-11 22:13 3,505,208 --a------ c:\windows\System32\ntkrnlpa.exe
2009-02-11 22:13 . 2009-02-11 22:13 3,470,904 --a------ c:\windows\System32\ntoskrnl.exe
2009-02-11 22:13 . 2009-02-11 22:13 1,341,440 --a------ c:\windows\System32\msxml6.dll
2009-02-11 22:13 . 2009-02-11 22:13 750,080 --a------ c:\windows\System32\qmgr.dll
2009-02-11 22:13 . 2009-02-11 22:13 99,840 --a------ c:\windows\System32\poqexec.exe
2009-02-11 22:13 . 2009-02-11 22:13 2,048 --a------ c:\windows\System32\msxml6r.dll
2009-02-11 15:09 . 2009-02-11 15:09 <DIR> d-------- c:\users\All Users\FLEXnet
2009-02-11 15:09 . 2009-02-11 15:09 <DIR> d-------- c:\programdata\FLEXnet
2009-02-11 14:45 . 2009-02-11 14:45 <DIR> d-------- c:\users\dennis\AppData\Roaming\AdobeUM
2009-02-10 21:40 . 2007-05-09 12:34 16,437,832 --a------ c:\windows\eRy.exe
2009-02-10 21:40 . 2007-04-23 05:23 86,016 --a------ c:\windows\Hide.exe
2009-02-10 21:40 . 2007-08-07 09:16 65,536 --a------ c:\windows\SetSpkDefault.exe
2009-02-10 21:40 . 2002-11-14 15:32 55,808 --a------ c:\windows\devcon.exe
2009-02-10 21:40 . 2009-02-10 12:52 1,161 --a------ c:\windows\CLEANUP.CMD
2009-02-10 21:40 . 2007-01-15 13:28 336 --a------ c:\windows\ACERTOURREMINDERRUN.REG
2009-02-10 21:40 . 2007-04-26 16:02 294 --a------ c:\windows\offline.reg
2009-02-10 21:40 . 2004-10-01 21:32 92 --a------ c:\windows\CLEANUP.INI
2009-02-10 21:40 . 2004-06-14 01:24 30 --a------ c:\windows\SetPanel.ini
2009-02-10 21:40 . 2009-02-10 21:40 3 --a------ c:\windows\AFirst.cmd
2009-02-10 21:04 . 2009-02-10 21:27 202,040 --a------ c:\windows\System32\PnkBstrB.exe
2009-02-10 21:04 . 2009-02-10 21:27 137,688 --a------ c:\windows\System32\drivers\PnkBstrK.sys
2009-02-10 21:04 . 2009-02-10 21:04 66,872 --a------ c:\windows\System32\PnkBstrA.exe
2009-02-10 20:47 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\d3dx9_34.dll
2009-02-10 20:34 . 2009-02-13 17:07 <DIR> d-------- c:\users\dennis\AppData\Roaming\Azureus
2009-02-10 20:34 . 2009-02-10 20:34 <DIR> d-------- c:\users\All Users\Azureus
2009-02-10 20:34 . 2009-02-10 20:34 <DIR> d-------- c:\programdata\Azureus
2009-02-10 20:31 . 2009-02-10 20:32 <DIR> d-------- c:\program files\Vuze
2009-02-10 20:31 . 2009-02-10 20:31 <DIR> d-------- c:\program files\Common Files\i4j_jres
2009-02-10 19:24 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\System32\d3dx9_26.dll
2009-02-10 19:18 . 2009-02-10 19:18 <DIR> d-------- c:\users\dennis\AppData\Roaming\DAEMON Tools
2009-02-10 19:18 . 2009-02-10 19:18 <DIR> d-------- c:\program files\DAEMON Tools Lite
2009-02-10 16:24 . 2008-03-03 14:25 5,702 --ah----- c:\windows\nod32restoretemdono.reg
2009-02-10 16:24 . 2008-03-03 18:21 568 --ah----- c:\windows\nod32fixtemdono.reg
2009-02-10 16:23 . 2009-02-10 16:23 <DIR> d-------- c:\users\All Users\ESET
2009-02-10 16:23 . 2009-02-10 16:23 <DIR> d-------- c:\programdata\ESET
2009-02-10 16:23 . 2009-02-10 16:23 <DIR> d-------- c:\program files\ESET
2009-02-10 15:45 . 2009-02-13 17:29 <DIR> d-------- c:\users\dennis\AppData\Roaming\Xfire
2009-02-10 15:45 . 2009-02-12 07:58 <DIR> d-------- c:\users\All Users\Xfire
2009-02-10 15:45 . 2009-02-12 07:58 <DIR> d-------- c:\programdata\Xfire
2009-02-10 15:45 . 2009-02-10 15:47 <DIR> d-------- c:\program files\Xfire
2009-02-10 15:18 . 2009-02-10 15:18 <DIR> d-------- c:\users\dennis\AppData\Roaming\vlc
2009-02-10 15:16 . 2009-02-10 15:16 <DIR> d-------- c:\program files\VideoLAN

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-02-13 11:23 --------- d-----w c:\program files\Common Files\Adobe
2009-02-12 21:49 174 --sha-w c:\program files\desktop.ini
2009-02-12 21:45 --------- d-----w c:\program files\Windows Sidebar
2009-02-12 21:37 944,184 ----a-w c:\windows\System32\winload.exe
2009-02-11 21:52 --------- d-----w c:\program files\Windows Mail
2009-02-11 21:37 826,368 ----a-w c:\windows\System32\wininet.dll
2009-02-11 21:37 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-02-11 21:33 537,600 ----a-w c:\windows\AppPatch\AcLayers.dll
2009-02-11 21:33 449,536 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2009-02-11 21:33 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2009-02-11 21:33 2,144,256 ----a-w c:\windows\AppPatch\AcGenral.dll
2009-02-11 21:33 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2009-02-10 18:20 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-10 14:12 --------- d-----w c:\program files\Acer GameZone
2009-02-10 14:06 --------- d-----w c:\program files\CyberLink
2009-02-10 14:06 --------- d-----w c:\program files\Common Files\NewTech Infosystems
2009-02-10 13:03 --------- d-----w c:\programdata\Microsoft Help
2009-02-10 12:42 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-10 12:11 --------- d-----w c:\programdata\Symantec
2009-02-10 12:04 --------- d-----w c:\programdata\CyberLink
2009-02-10 11:56 319,456 ----a-w c:\windows\DIFxAPI.dll
2009-02-10 11:56 --------- d-----w c:\program files\Realtek
2009-02-10 11:52 --------- d-----w c:\program files\Intel
2009-02-10 11:49 --------- d-sh--w c:\programdata\Sjablonen
2009-02-10 11:49 --------- d-sh--w c:\programdata\Menu Start
2009-02-10 11:49 --------- d-sh--w c:\programdata\Favorieten
2009-02-10 11:49 --------- d-sh--w c:\programdata\Documenten
2009-02-10 11:49 --------- d-sh--w c:\programdata\Bureaublad
2008-12-02 21:37 49,480 ----a-w c:\windows\System32\sirenacm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-01-17 486856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-09 865840]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-26 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-26 8433664]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-24 45056]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-02-27 15872]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" [2008-08-14 611712]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 c:\windows\RtHDVCpl.exe]

c:\users\dennis\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\xfire.exe [2009-02-05 3008336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"WarReg_PopUp"=c:\acer\WR_PopUp\WarReg_PopUp.e xe
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"LManager"=c:\progra~1\LAUNCH~1\QtZgAcer.EXE
"eDataSecurity Loader"=c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1246375273-1379292405-641785479-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{862FD848-6408-41FF-939E-F087D4F3F7BE}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM
"TCP Query User{F9624426-A3C9-4B0C-97AA-35811F9459C4}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
  Met citaat antwoorden
Oud 14 February 2009, 00:27   #6
anoniem26255
Guest
 
Berichten: n/a
Standaard

"UDP Query User{A55EF2BF-F490-426B-ADAF-747E0D87B865}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"TCP Query User{86831F96-8F91-4E69-B192-39087837DC34}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{264B4F2D-2D43-4844-B39B-E319D1F8BA84}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{76370009-AC9F-46B6-BBF8-222323D3771F}d:\\program files\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:d:\program files\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"UDP Query User{CDAD8AC1-572A-4856-BB93-BD81975C54EB}d:\\program files\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:d:\program files\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"{845F233F-18D6-4B86-950E-72C846349EE2}"= UDP:5353:Adobe CSI CS4
"{7985ACED-874F-49B6-8C5C-3B3A799EDC36}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e:Adobe CSI CS4
"{341D7A64-1EC5-4A72-95C7-A3B8D18586A9}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e:Adobe CSI CS4

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|

R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfw tdir.sys [2008-02-20 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2007-07-13 179712]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir .sys [2007-07-13 43008]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\System32\regedt32.exe [2006-11-02 9216]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{bbbe98dc-f79d-11dd-99dc-001b24b45196}]
\shell\AutoRun\command - H:\AutoRun.exe
.
Inhoud van de 'Gedeelde Taken' map

2009-02-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 15:17]
.
- - - - ORPHANS VERWIJDERD - - - -

HKU-Default-Run-Acer Tour Reminder - c:\acer\AcerTour\Reminder.exe


.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://nl.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
FF - ProfilePath - c:\users\dennis\AppData\Roaming\Mozilla\Firefox\Pr ofiles\plsytcrq.default\
FF - prefs.js: browser.startup.homepage - www.google.nl
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-14 00:14:35
Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

************************************************** ************************
.
Voltooingstijd: 2009-02-14 0:16:12
ComboFix-quarantined-files.txt 2009-02-13 23:16:10

Pre-Run: 57.725.788.160 bytes beschikbaar
Post-Run: 57,557,348,352 bytes beschikbaar

270 --- E O F --- 2009-02-12 22:11:54


pfff wat een lange log zeg =p
ik hoop dat jij hier wijzer uit kan worden =D
ik snap er 0.0 van...
  Met citaat antwoorden
Oud 14 February 2009, 09:52   #7
anoniem35971
Guest
 
Berichten: n/a
Standaard

Waarom heb je Nod32 op de illegale manier ge´nstalleerd?


Download Flash_Disinfector.exe en plaats hem op je bureaublad: http://download.bleepingcomputer.com...isinfector.exe
Zorg dat de flasdrives / usbsticks / externe harde schijven ook ingestoken zijn.
Dubbelklik op Flash_Disinfector.exe om de tool te starten.
Als de tool klaar is, zal de computer opnieuw starten.


Open een kladblokbestand.
Kopieer de onderstaande code, en plak deze in het kladblokbestand.

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{bbbe98dc-f79d-11dd-99dc-001b24b45196}]


Sla het kladblokbestand op als CFScript.txt

Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe, zoals hier onder:



ComboFix zal opnieuw starten.
Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
Post de inhoud van de logfile.
  Met citaat antwoorden
Oud 14 February 2009, 12:15   #8
anoniem26255
Guest
 
Berichten: n/a
Standaard

Hey!

de flash_disinfector deed naar mijn idee niks ;S
ik dubbelklikte en ik kreeg even een zandloper, maar verder niks =S

hier de log:
ComboFix 09-02-12.03 - dennis 2009-02-14 12:03:53.2 - NTFSx86
Microsoft« Windows VistaÖ Home Premium 6.0.6000.0.1252.1.1043.18.2046.1010 [GMT 1:00]
Gestart vanuit: c:\users\dennis\Downloads\ComboFix.exe
gebruikte Opdracht switches :: c:\users\dennis\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((( Bestanden Gemaakt van 2009-01-14 to 2009-02-14 ))))))))))))))))))))))))))))))
.

2009-02-14 11:54 . 2009-02-14 11:54 <DIR> d-------- c:\program files\Microsoft.NET
2009-02-14 11:54 . 2009-02-14 11:54 <DIR> d-------- c:\program files\Microsoft Works
2009-02-14 11:51 . 2009-02-14 11:51 <DIR> dr-h----- C:\MSOCache
2009-02-14 00:04 . 2009-02-14 00:04 <DIR> d-------- c:\users\dennis\AppData\Roaming\Malwarebytes
2009-02-14 00:04 . 2009-02-14 00:04 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-02-14 00:04 . 2009-02-14 00:04 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-14 00:04 . 2009-02-14 00:04 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-14 00:04 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-14 00:04 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-13 12:23 . 2009-02-13 12:23 <DIR> d-------- c:\program files\Adobe Media Player
2009-02-13 12:21 . 2009-02-13 12:21 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-02-13 12:18 . 2009-02-13 12:18 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2009-02-12 23:11 . 2009-02-12 23:11 268,800 --a------ c:\windows\System32\es.dll
2009-02-12 22:43 . 2009-02-12 22:43 268,288 --a------ c:\windows\System32\mcbuilder.exe
2009-02-12 22:42 . 2009-02-12 22:42 8,147,968 --a------ c:\windows\System32\wmploc.DLL
2009-02-12 22:41 . 2009-02-12 22:41 2,923,520 --a------ c:\windows\explorer.exe
2009-02-12 22:41 . 2009-02-12 22:41 803,328 --a------ c:\windows\System32\drivers\tcpip.sys
2009-02-12 22:41 . 2009-02-12 22:41 216,632 --a------ c:\windows\System32\drivers\netio.sys
2009-02-12 22:41 . 2009-02-12 22:41 167,424 --a------ c:\windows\System32\tcpipcfg.dll
2009-02-12 22:41 . 2009-02-12 22:41 24,064 --a------ c:\windows\System32\netcfg.exe
2009-02-12 22:41 . 2009-02-12 22:41 22,016 --a------ c:\windows\System32\netiougc.exe
2009-02-12 22:41 . 2009-02-12 22:41 7,680 --a------ c:\windows\System32\spwmp.dll
2009-02-12 22:41 . 2009-02-12 22:41 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-02-12 22:41 . 2009-02-12 22:41 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-02-12 22:38 . 2009-02-12 22:38 1,585,664 --a------ c:\windows\System32\setupapi.dll
2009-02-12 22:36 . 2009-02-12 22:36 441,856 --a------ c:\windows\System32\win32spl.dll
2009-02-12 22:36 . 2009-02-12 22:36 290,304 --a------ c:\windows\System32\drivers\srv.sys
2009-02-12 22:36 . 2009-02-12 22:36 223,232 --a------ c:\windows\System32\WMASF.DLL
2009-02-12 22:36 . 2009-02-12 22:36 113,664 --a------ c:\windows\System32\drivers\rmcast.sys
2009-02-12 22:36 . 2009-02-12 22:36 83,968 --a------ c:\windows\System32\dnsrslvr.dll
2009-02-12 22:36 . 2009-02-12 22:36 37,376 --a------ c:\windows\System32\printcom.dll
2009-02-12 22:36 . 2009-02-12 22:36 24,576 --a------ c:\windows\System32\dnscacheugc.exe
2009-02-12 22:36 . 2009-02-12 22:36 14,848 --a------ c:\windows\System32\wshrm.dll
2009-02-12 22:36 . 2009-02-12 22:36 11,776 --a------ c:\windows\System32\sbunattend.exe
2009-02-12 22:36 . 2009-02-12 22:36 9,728 --a------ c:\windows\System32\LAPRXY.DLL
2009-02-12 22:36 . 2009-02-12 22:36 2,048 --a------ c:\windows\System32\asferror.dll
2009-02-12 22:32 . 2009-02-12 22:32 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-12 22:32 . 2009-02-12 22:32 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-12 22:32 . 2009-02-12 22:32 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-12 22:32 . 2009-02-12 22:32 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-12 22:31 . 2009-02-12 22:31 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-12 22:31 . 2009-02-12 22:31 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-12 22:31 . 2009-02-12 22:31 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNativ e_v0300.dll
2009-02-12 22:31 . 2009-02-12 22:31 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-11 22:40 . 2009-02-11 22:40 361,984 --a------ c:\windows\System32\IPSECSVC.DLL
2009-02-11 22:40 . 2009-02-11 22:40 272,896 --a------ c:\windows\System32\polstore.dll
2009-02-11 22:40 . 2009-02-11 22:40 61,440 --a------ c:\windows\System32\winipsec.dll
2009-02-11 22:40 . 2009-02-11 22:40 28,672 --a------ c:\windows\System32\FwRemoteSvr.dll
2009-02-11 22:38 . 2009-02-11 22:38 205,824 --a------ c:\windows\System32\msoeacct.dll
2009-02-11 22:38 . 2009-02-11 22:38 194,560 --a------ c:\windows\System32\WebClnt.dll
2009-02-11 22:38 . 2009-02-11 22:38 110,080 --a------ c:\windows\System32\drivers\mrxdav.sys
2009-02-11 22:38 . 2009-02-11 22:38 87,040 --a------ c:\windows\System32\msoert2.dll
2009-02-11 22:38 . 2009-02-11 22:38 39,424 --a------ c:\windows\System32\ACCTRES.dll
2009-02-11 22:36 . 2009-02-11 22:36 1,831,424 --a------ c:\windows\System32\inetcpl.cpl
2009-02-11 22:36 . 2009-02-11 22:36 56,320 --a------ c:\windows\System32\iesetup.dll
2009-02-11 22:36 . 2009-02-11 22:36 26,624 --a------ c:\windows\System32\ieUnatt.exe
2009-02-11 22:34 . 2009-02-11 22:34 374,456 --a------ c:\windows\System32\mcupdate_GenuineIntel.dll
2009-02-11 22:34 . 2009-02-11 22:34 297,472 --a------ c:\windows\System32\gdi32.dll
2009-02-11 22:34 . 2009-02-11 22:34 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2009-02-11 22:33 . 2009-02-11 22:33 4,247,552 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2009-02-11 22:33 . 2009-02-11 22:33 1,687,040 --a------ c:\windows\System32\gameux.dll
2009-02-11 22:33 . 2009-02-11 22:33 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2009-02-11 22:32 . 2009-02-11 22:32 2,027,520 --a------ c:\windows\System32\win32k.sys
2009-02-11 22:32 . 2009-02-11 22:32 1,194,496 --a------ c:\windows\System32\msxml3.dll
2009-02-11 22:32 . 2009-02-11 22:32 303,616 --a------ c:\windows\System32\wmpeffects.dll
2009-02-11 22:32 . 2009-02-11 22:32 2,048 --a------ c:\windows\System32\msxml3r.dll
2009-02-11 22:31 . 2009-02-11 22:31 396,800 --a------ c:\windows\System32\MPSSVC.dll
2009-02-11 22:31 . 2009-02-11 22:31 392,192 --a------ c:\windows\System32\FirewallAPI.dll
2009-02-11 22:31 . 2009-02-11 22:31 178,688 --a------ c:\windows\System32\iphlpsvc.dll
2009-02-11 22:31 . 2009-02-11 22:31 86,016 --a------ c:\windows\System32\icfupgd.dll
2009-02-11 22:31 . 2009-02-11 22:31 63,488 --a------ c:\windows\System32\drivers\mpsdrv.sys
2009-02-11 22:31 . 2009-02-11 22:31 61,952 --a------ c:\windows\System32\cmifw.dll
2009-02-11 22:31 . 2009-02-11 22:31 23,040 --a------ c:\windows\System32\drivers\tunnel.sys
2009-02-11 22:31 . 2009-02-11 22:31 16,896 --a------ c:\windows\System32\wfapigp.dll
2009-02-11 22:31 . 2009-02-11 22:31 15,360 --a------ c:\windows\System32\drivers\TUNMP.SYS
2009-02-11 22:30 . 2009-02-11 22:30 2,048 --a------ c:\windows\System32\tzres.dll
2009-02-11 22:29 . 2009-02-11 22:29 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-02-11 22:22 . 2009-02-12 22:28 18,087,936 --a------ c:\windows\ocsetup_install_NetFx3.etl
2009-02-11 22:22 . 2009-02-12 22:28 327,680 --a------ c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-02-11 22:22 . 2009-02-12 22:28 65,536 --a------ c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-02-11 22:20 . 2009-02-11 22:20 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-11 22:20 . 2009-02-11 22:20 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-11 22:20 . 2009-02-11 22:20 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-11 22:20 . 2009-02-11 22:20 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-11 22:20 . 2009-02-11 22:20 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-11 22:14 . 2009-02-11 22:14 <DIR> d-------- c:\program files\MSXML 4.0
2009-02-11 22:13 . 2009-02-11 22:13 3,505,208 --a------ c:\windows\System32\ntkrnlpa.exe
2009-02-11 22:13 . 2009-02-11 22:13 3,470,904 --a------ c:\windows\System32\ntoskrnl.exe
2009-02-11 22:13 . 2009-02-11 22:13 1,341,440 --a------ c:\windows\System32\msxml6.dll
2009-02-11 22:13 . 2009-02-11 22:13 750,080 --a------ c:\windows\System32\qmgr.dll
2009-02-11 22:13 . 2009-02-11 22:13 99,840 --a------ c:\windows\System32\poqexec.exe
2009-02-11 22:13 . 2009-02-11 22:13 2,048 --a------ c:\windows\System32\msxml6r.dll
2009-02-11 15:09 . 2009-02-14 01:14 <DIR> d-------- c:\users\All Users\FLEXnet
2009-02-11 15:09 . 2009-02-14 01:14 <DIR> d-------- c:\programdata\FLEXnet
2009-02-11 14:45 . 2009-02-11 14:45 <DIR> d-------- c:\users\dennis\AppData\Roaming\AdobeUM
2009-02-10 21:40 . 2007-05-09 12:34 16,437,832 --a------ c:\windows\eRy.exe
2009-02-10 21:40 . 2007-04-23 05:23 86,016 --a------ c:\windows\Hide.exe
2009-02-10 21:40 . 2007-08-07 09:16 65,536 --a------ c:\windows\SetSpkDefault.exe
2009-02-10 21:40 . 2002-11-14 15:32 55,808 --a------ c:\windows\devcon.exe
2009-02-10 21:40 . 2009-02-10 12:52 1,161 --a------ c:\windows\CLEANUP.CMD
2009-02-10 21:40 . 2007-01-15 13:28 336 --a------ c:\windows\ACERTOURREMINDERRUN.REG
2009-02-10 21:40 . 2007-04-26 16:02 294 --a------ c:\windows\offline.reg
2009-02-10 21:40 . 2004-10-01 21:32 92 --a------ c:\windows\CLEANUP.INI
2009-02-10 21:40 . 2004-06-14 01:24 30 --a------ c:\windows\SetPanel.ini
2009-02-10 21:40 . 2009-02-10 21:40 3 --a------ c:\windows\AFirst.cmd
2009-02-10 21:04 . 2009-02-10 21:27 202,040 --a------ c:\windows\System32\PnkBstrB.exe
  Met citaat antwoorden
Oud 14 February 2009, 12:16   #9
anoniem26255
Guest
 
Berichten: n/a
Standaard

2009-02-10 21:04 . 2009-02-10 21:27 137,688 --a------ c:\windows\System32\drivers\PnkBstrK.sys
2009-02-10 21:04 . 2009-02-10 21:04 66,872 --a------ c:\windows\System32\PnkBstrA.exe
2009-02-10 20:47 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\d3dx9_34.dll
2009-02-10 20:34 . 2009-02-13 17:07 <DIR> d-------- c:\users\dennis\AppData\Roaming\Azureus
2009-02-10 20:34 . 2009-02-10 20:34 <DIR> d-------- c:\users\All Users\Azureus
2009-02-10 20:34 . 2009-02-10 20:34 <DIR> d-------- c:\programdata\Azureus
2009-02-10 20:31 . 2009-02-10 20:32 <DIR> d-------- c:\program files\Vuze
2009-02-10 20:31 . 2009-02-10 20:31 <DIR> d-------- c:\program files\Common Files\i4j_jres
2009-02-10 19:24 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\System32\d3dx9_26.dll
2009-02-10 19:18 . 2009-02-10 19:18 <DIR> d-------- c:\users\dennis\AppData\Roaming\DAEMON Tools
2009-02-10 19:18 . 2009-02-10 19:18 <DIR> d-------- c:\program files\DAEMON Tools Lite
2009-02-10 16:24 . 2008-03-03 14:25 5,702 --ah----- c:\windows\nod32restoretemdono.reg
2009-02-10 16:24 . 2008-03-03 18:21 568 --ah----- c:\windows\nod32fixtemdono.reg
2009-02-10 16:23 . 2009-02-10 16:23 <DIR> d-------- c:\users\All Users\ESET
2009-02-10 16:23 . 2009-02-10 16:23 <DIR> d-------- c:\programdata\ESET
2009-02-10 16:23 . 2009-02-10 16:23 <DIR> d-------- c:\program files\ESET
2009-02-10 15:45 . 2009-02-13 17:29 <DIR> d-------- c:\users\dennis\AppData\Roaming\Xfire
2009-02-10 15:45 . 2009-02-12 07:58 <DIR> d-------- c:\users\All Users\Xfire
2009-02-10 15:45 . 2009-02-12 07:58 <DIR> d-------- c:\programdata\Xfire

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-02-14 10:55 --------- d-----w c:\programdata\Microsoft Help
2009-02-13 11:23 --------- d-----w c:\program files\Common Files\Adobe
2009-02-12 21:49 174 --sha-w c:\program files\desktop.ini
2009-02-12 21:45 --------- d-----w c:\program files\Windows Sidebar
2009-02-12 21:37 944,184 ----a-w c:\windows\System32\winload.exe
2009-02-11 21:52 --------- d-----w c:\program files\Windows Mail
2009-02-11 21:37 826,368 ----a-w c:\windows\System32\wininet.dll
2009-02-11 21:37 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-02-11 21:33 537,600 ----a-w c:\windows\AppPatch\AcLayers.dll
2009-02-11 21:33 449,536 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2009-02-11 21:33 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2009-02-11 21:33 2,144,256 ----a-w c:\windows\AppPatch\AcGenral.dll
2009-02-11 21:33 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2009-02-10 18:20 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-10 14:12 --------- d-----w c:\program files\Acer GameZone
2009-02-10 14:06 --------- d-----w c:\program files\CyberLink
2009-02-10 14:06 --------- d-----w c:\program files\Common Files\NewTech Infosystems
2009-02-10 12:42 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-10 12:11 --------- d-----w c:\programdata\Symantec
2009-02-10 12:04 --------- d-----w c:\programdata\CyberLink
2009-02-10 11:56 319,456 ----a-w c:\windows\DIFxAPI.dll
2009-02-10 11:56 --------- d-----w c:\program files\Realtek
2009-02-10 11:52 --------- d-----w c:\program files\Intel
2009-02-10 11:49 --------- d-sh--w c:\programdata\Sjablonen
2009-02-10 11:49 --------- d-sh--w c:\programdata\Menu Start
2009-02-10 11:49 --------- d-sh--w c:\programdata\Favorieten
2009-02-10 11:49 --------- d-sh--w c:\programdata\Documenten
2009-02-10 11:49 --------- d-sh--w c:\programdata\Bureaublad
2008-12-02 21:37 49,480 ----a-w c:\windows\System32\sirenacm.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-02-14_ 0.15.00,92 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-14 10:54:51 110,592 ----a-w c:\windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f 11d50a3a\adodb.dll
+ 2009-02-14 10:54:52 4,608 ----a-w c:\windows\assembly\GAC\Extensibility\7.0.3300.0__ b03f5f7f11d50a3a\extensibility.dll
+ 2009-02-14 10:54:51 8,007,680 ----a-w c:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300. 0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
+ 2009-02-14 10:54:12 80,696 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.A ccess.Dao\12.0.0.0__71e9bce111e9429c\Microsoft.Off ice.interop.access.dao.dll
+ 2009-02-14 10:54:30 920,376 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.O utlook\12.0.0.0__71e9bce111e9429c\Microsoft.Office .Interop.Outlook.dll
+ 2009-02-14 10:54:30 35,648 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.O utlookViewCtl\12.0.0.0__71e9bce111e9429c\Microsoft .Office.Interop.OutlookViewCtl.dll
+ 2009-02-14 10:54:30 248,632 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.P owerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Off ice.Interop.PowerPoint.dll
+ 2009-02-14 10:54:30 781,104 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.W ord\12.0.0.0__71e9bce111e9429c\Microsoft.Office.In terop.Word.dll
+ 2009-02-14 10:54:50 13,312 ----a-w c:\windows\assembly\GAC\Microsoft.StdFormat\7.0.33 00.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll
+ 2009-02-14 10:54:30 64,288 ----a-w c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0 .0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2009-02-14 10:54:50 229,376 ----a-w c:\windows\assembly\GAC\mscomctl\10.0.4504.0__31bf 3856ad364e35\MSCOMCTL.DLL
+ 2009-02-14 10:54:51 4,096 ----a-w c:\windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f 5f7f11d50a3a\msdatasrc.dll
+ 2009-02-14 10:54:29 416,544 ----a-w c:\windows\assembly\GAC\office\12.0.0.0__71e9bce11 1e9429c\OFFICE.DLL
+ 2009-02-14 10:54:41 12,104 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Offi ce.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Poli cy.11.0.Microsoft.Office.Interop.Outlook.dll
+ 2009-02-14 10:54:39 12,632 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Offi ce.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e942 9c\Policy.11.0.Microsoft.Office.Interop.OutlookVie wCtl.dll
+ 2009-02-14 10:54:41 12,112 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Offi ce.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\P olicy.11.0.Microsoft.Office.Interop.PowerPoint.dll
+ 2009-02-14 10:54:44 12,096 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Offi ce.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy. 11.0.Microsoft.Office.Interop.Word.dll
+ 2009-02-14 10:54:36 12,080 ----a-w c:\windows\assembly\GAC\Policy.11.0.Microsoft.Vbe. Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Mic rosoft.Vbe.Interop.dll
+ 2009-02-14 10:54:36 11,544 ----a-w c:\windows\assembly\GAC\Policy.11.0.office\12.0.0. 0__71e9bce111e9429c\Policy.11.0.Office.dll
+ 2009-02-14 10:54:50 16,384 ----a-w c:\windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7 f11d50a3a\stdole.dll
+ 2009-02-14 11:03:26 6,123,520 ----a-w c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
+ 2009-02-14 10:55:10 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-02-14 10:55:10 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-02-14 10:55:10 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-02-14 10:55:10 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-02-14 10:55:10 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-02-14 10:55:10 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-02-14 10:55:10 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-02-14 10:55:10 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-02-14 10:55:10 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-02-14 10:55:10 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-02-14 10:55:10 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-02-14 10:55:10 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2007-07-13 03:14:54 217,864 ----a-r c:\windows\Installer\{90120000-006E-0413-0000-0000000FF1CE}\misc.exe
+ 2009-02-14 10:52:32 217,864 ----a-r c:\windows\Installer\{90120000-006E-0413-0000-0000000FF1CE}\misc.exe
- 2009-02-13 22:36:07 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2009-02-14 10:27:29 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
- 2009-02-13 22:36:07 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2009-02-14 10:27:29 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
- 2009-02-13 22:37:39 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-14 10:30:51 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-14 10:30:51 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat .LOG1
- 2009-02-13 23:14:37 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.D AT
+ 2009-02-14 10:30:46 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.D AT
+ 2009-02-14 10:30:46 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.d at.LOG1
+ 2006-07-24 09:50:38 125,744 ----a-w c:\windows\System32\MSSTDFMT.DLL
+ 2006-07-24 09:50:40 39,728 ----a-w c:\windows\System32\SCP32.DLL
  Met citaat antwoorden
Oud 14 February 2009, 12:17   #10
anoniem26255
Guest
 
Berichten: n/a
Standaard

- 2009-02-13 11:18:22 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-02-14 10:55:13 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2006-07-24 09:50:40 47,920 ----a-w c:\windows\System32\VBAME.DLL
- 2009-02-13 22:38:02 5,776 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1246375273-1379292405-641785479-1000_UserData.bin
+ 2009-02-14 10:31:14 5,848 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1246375273-1379292405-641785479-1000_UserData.bin
- 2009-02-13 22:38:02 70,420 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
+ 2009-02-14 10:31:14 70,522 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
- 2009-02-13 22:38:00 44,814 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2009-02-14 10:31:12 44,894 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
.
-- Snapshot teruggezet naar huidige datum --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-01-17 486856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-09 865840]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-26 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-26 8433664]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-24 45056]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-02-27 15872]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" [2008-08-14 611712]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 c:\windows\RtHDVCpl.exe]

c:\users\dennis\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\xfire.exe [2009-02-05 3008336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"WarReg_PopUp"=c:\acer\WR_PopUp\WarReg_PopUp.e xe
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"LManager"=c:\progra~1\LAUNCH~1\QtZgAcer.EXE
"eDataSecurity Loader"=c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1246375273-1379292405-641785479-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{862FD848-6408-41FF-939E-F087D4F3F7BE}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM
"TCP Query User{F9624426-A3C9-4B0C-97AA-35811F9459C4}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{A55EF2BF-F490-426B-ADAF-747E0D87B865}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"TCP Query User{86831F96-8F91-4E69-B192-39087837DC34}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{264B4F2D-2D43-4844-B39B-E319D1F8BA84}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{76370009-AC9F-46B6-BBF8-222323D3771F}d:\\program files\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:d:\program files\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"UDP Query User{CDAD8AC1-572A-4856-BB93-BD81975C54EB}d:\\program files\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:d:\program files\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"{845F233F-18D6-4B86-950E-72C846349EE2}"= UDP:5353:Adobe CSI CS4
"{7985ACED-874F-49B6-8C5C-3B3A799EDC36}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e:Adobe CSI CS4
"{341D7A64-1EC5-4A72-95C7-A3B8D18586A9}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e:Adobe CSI CS4
"{3DA1FF74-6CF0-4605-ADE1-270919A4E810}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|

R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfw tdir.sys [2008-02-20 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2007-07-13 179712]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir .sys [2007-07-13 43008]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\System32\regedt32.exe [2006-11-02 9216]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{bbbe98dc-f79d-11dd-99dc-001b24b45196}]
\shell\AutoRun\command - H:\SETUP.EXE
\shell\configure\command - H:\SETUP.EXE
\shell\install\command - H:\SETUP.EXE
.
Inhoud van de 'Gedeelde Taken' map

2009-02-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 15:17]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://nl.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
FF - ProfilePath - c:\users\dennis\AppData\Roaming\Mozilla\Firefox\Pr ofiles\plsytcrq.default\
FF - prefs.js: browser.startup.homepage - www.google.nl
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-14 12:06:21
Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

************************************************** ************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(4584)
c:\program files\Xfire\xfire_toucan_35771.dll
.
Voltooingstijd: 2009-02-14 12:09:43
ComboFix-quarantined-files.txt 2009-02-14 11:09:41
ComboFix2.txt 2009-02-13 23:16:12

Pre-Run: 55.481.589.760 bytes beschikbaar
Post-Run: 55,142,461,440 bytes beschikbaar

333 --- E O F --- 2009-02-12 22:11:54
  Met citaat antwoorden
Antwoord

Discussietools
Weergave

Regels voor berichten
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is Aan
Smileys zijn Aan
[IMG]-code is Aan
HTML-code is Uit

Forumnavigatie


Alle tijden zijn GMT +1. Het is nu 09:03.


Powered by vBulletin Version 3.8.6
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.