Archief - virus gehad, nakijken aub.

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
d

deven

Legacy Member
Had daarstraks ineens een nieuwe virusscan erbij. genaamd > security solution 2011.

na wat surfen heb ik deze verwijderd met malwarebytes anti malware.

Dan cookies gewist etc..

als alles gedaan was wat ik ken/kon heb ik hijackthis logje gemaakt.

hier het logje. ( ps "DVDVideoSoftTB Toolbar" heb ik nodig voor youtube )

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:08:03, on 30/05/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Users\1\Documents\LCDSirReal\LCDSirReal.exe
C:\Program Files (x86)\BF2G15Mod\BF2 LCD.exe
E:\Downloads\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2269050
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R3 - URLSearchHook: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\1\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files (x86)\StreamingStar\HiDownload_Platinum\HiDownloadPlatinum.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\system32\dgdersvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 10236 bytes

is het ok nu, of moet ik nog dingen doen? alvast bedankt.
J

Juisterr

Legacy Member
Tja die is dus nep he, dat is de infectie.

Download ComboFix van één van deze locaties:

Link 1
Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< kunt u lezen hoe u Combofix dient te gebruiken.

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.

* (hier of hier staat een handleiding over hoe je deze kan uitschakelen:)

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
3. Dubbelklik op "Combofix.exe" om de tool te starten.
4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

* Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.


Download MalwareBytes' Anti-Malware en sla het op je bureaublad op.

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg dat er na de installatie een vinkje is geplaatst bij:
  • Update MalwareBytes' Anti-Malware
  • Start MalwareBytes' Anti-Malware

Klik daarna op "Voltooien".
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.

Bij problemen!!! (Lees de onderstaande instructies)

  • Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
  • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
  • Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
  • Druk vervolgens op "Scannen" om de scan te starten.
  • Het scannen kan een tijdje duren, dus wees geduldig.
  • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
  • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
  • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma
d

deven

Legacy Member
sorry dat het op deze manier moet maar forum zegt dat de tekst teveel tekens bevat 34000, en forum staat maar 30000 toe.

rechts onderaan regular nemen. ( sorry dat het op deze manier moet )
http://www.easy-share.com/1915787519/ComboFix.txt

edit

malwarebyte gaf aan dat hij niks gevonden had. moest dus ook niet herstarten.

dit is de log

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Databaseversie: 6736

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

31/05/2011 23:34:07
mbam-log-2011-05-31 (23-34-07).txt

Scantype: Snelle scan
Objecten gescand: 179694
Verstreken tijd: 2 minuut/minuten, 3 seconde(n)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

wat ik precies wel merk is dat ik nu bij sommige dingen het administrator logo te zien krijg. dit terwijl ik enige gebruiker ben op pc en administrator ben.. ( gisteren nog nagekeken )
J

Juisterr

Legacy Member
Kan je dat combologje in delen plaatsen aub, die link is niet leesbaar voor mij.
d

deven

Legacy Member
bij deze

ComboFix 11-05-31.01 - 1 31/05/2011 23:14:20.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1043.18.4095.2303 [GMT 2:00]
Gestart vanuit: c:\users\1\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\1\AppData\Roaming\DoBs
c:\users\1\AppData\Roaming\DoBs\DoBs.ini
c:\users\1\AppData\Roaming\DoBs\DoBs.mdb
c:\users\1\AppData\Roaming\inst.exe
c:\users\1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Security Solution 2011.lnk
c:\windows\ST6UNST.000
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\system32
c:\windows\SysWow64\system32\cis-2.4.dll
c:\windows\SysWow64\system32\issacapi_bs-2.3.dll
c:\windows\SysWow64\system32\issacapi_pe-2.3.dll
c:\windows\SysWow64\system32\issacapi_se-2.3.dll
c:\windows\SysWow64\system32\MACXMLProto.dll
c:\windows\SysWow64\system32\MaDRM.dll
c:\windows\SysWow64\system32\MaJGUILib.dll
c:\windows\SysWow64\system32\MaJUtilLib.dll
c:\windows\SysWow64\system32\MAMACExtract.dll
c:\windows\SysWow64\system32\MASetupCaller.dll
c:\windows\SysWow64\system32\MASetupCleaner.exe
c:\windows\SysWow64\system32\MaXMLProto.dll
c:\windows\SysWow64\system32\MetaStore2.dll
c:\windows\SysWow64\system32\Microsoft.Synchronization.dll
c:\windows\SysWow64\system32\MK_Lyric.dll
c:\windows\SysWow64\system32\MSCLib.dll
c:\windows\SysWow64\system32\MSFLib.dll
c:\windows\SysWow64\system32\MSLUR71.dll
c:\windows\SysWow64\system32\msvcp60.dll
c:\windows\SysWow64\system32\MTTELECHIP.dll
c:\windows\SysWow64\system32\MTXSYNCICON.dll
c:\windows\SysWow64\system32\muzaf1.dll
c:\windows\SysWow64\system32\muzapp.dll
c:\windows\SysWow64\system32\muzapp.exe
c:\windows\SysWow64\system32\muzdecode.ax
c:\windows\SysWow64\system32\muzeffect.ax
c:\windows\SysWow64\system32\muzmp4sp.ax
c:\windows\SysWow64\system32\muzmpgsp.ax
c:\windows\SysWow64\system32\muzoggsp.ax
c:\windows\SysWow64\system32\muzwmts.dll
c:\windows\SysWow64\system32\psapi.dll
c:\windows\SysWow64\system32\Synchronization2.dll
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-04-28 to 2011-05-31 ))))))))))))))))))))))))))))))
.
.
2011-05-31 21:20 . 2011-05-31 21:20 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-05-31 21:20 . 2011-05-31 21:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-31 19:19 . 2011-05-31 19:19 195072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{77B899BB-7CA6-4660-8976-0074072B73DC}-SKIDROW.dll
2011-05-31 19:18 . 2011-05-31 19:18 195072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{B22B9AC5-6F6D-488D-A53E-153604A9ABBB}-SKIDROW.dll
2011-05-31 19:18 . 2011-05-31 19:18 445952 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{BA68E5A7-DE85-4861-8018-9EF16A76C027}-paul.dll
2011-05-31 19:18 . 2011-05-31 19:18 195072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{8D81C198-87F0-469E-AA2E-23350F03C688}-SKIDROW.dll
2011-05-31 19:18 . 2011-05-31 19:18 445952 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{C130F1F8-ED5A-4CCC-B3B2-78831A201944}-paul.dll
2011-05-31 19:18 . 2011-05-31 19:18 195072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{E9E18F3B-2289-4EF4-82D8-2D9A8A6E009A}-SKIDROW.dll
2011-05-31 16:51 . 2011-05-09 13:00 8718160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-31 16:51 . 2011-05-09 13:00 8718160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{46E02C01-867A-4DE7-9965-B2005CC20993}\mpengine.dll
2011-05-31 09:17 . 2011-05-31 09:17 -------- d-----w- c:\users\1\AppData\Local\{3B2A23C2-C274-4226-AC9B-1A7DB11A9B8D}
2011-05-30 19:29 . 2011-05-30 19:29 -------- d-----w- c:\users\1\AppData\Local\{528A4D63-D26E-40B4-A508-5B2B122EA676}
2011-05-30 16:46 . 2011-05-30 16:46 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9D031B51-8BD8-4DEE-9CC5-0B9130E60B11}\gapaengine.dll
2011-05-30 16:45 . 2011-05-30 16:45 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-05-30 16:45 . 2011-05-30 16:45 -------- d-----w- c:\program files\Microsoft Security Client
2011-05-30 16:28 . 2011-05-30 16:28 -------- d-----w- c:\users\1\AppData\Roaming\Malwarebytes
2011-05-30 16:28 . 2011-05-30 16:28 -------- d-----w- c:\programdata\Malwarebytes
2011-05-30 16:27 . 2011-05-31 14:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-30 16:27 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-30 16:24 . 2011-05-30 16:27 -------- d-----w- c:\program files (x86)\GridinSoft Trojan Killer
2011-05-30 16:08 . 2011-05-30 16:08 -------- d-----w- c:\users\1\AppData\Roaming\2339110
2011-05-29 14:17 . 2011-05-29 14:17 -------- d-----w- c:\users\1\AppData\Local\{7976C975-2EBE-4C18-949F-477075D9E287}
2011-05-25 15:28 . 2011-05-25 15:28 -------- d-sh--w- c:\programdata\DSS
2011-05-25 15:22 . 2011-04-15 23:40 809496 ----a-r- c:\windows\SysWow64\tmpB348.tmp
2011-05-25 15:07 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-24 17:14 . 2011-05-24 17:14 -------- d-----w- c:\users\1\AppData\Local\{BDEDD1CE-13AA-4FE9-8621-6A2125F130D6}
2011-05-23 14:56 . 2011-05-23 14:56 -------- d-----w- c:\users\1\AppData\Local\{86AD1EBB-2222-4D95-B739-74C221DC49EF}
2011-05-22 14:00 . 2011-05-22 14:00 -------- d-----w- c:\users\1\AppData\Roaming\mkvtoolnix
2011-05-22 14:00 . 2011-05-22 14:00 -------- d-----w- c:\program files (x86)\MKVtoolnix
2011-05-22 10:12 . 2011-05-22 10:12 -------- d-----w- c:\users\1\AppData\Local\{B2637FAB-AF63-4909-B600-67EFEC21AA86}
2011-05-21 15:29 . 2011-05-21 15:29 -------- d-----w- c:\users\1\AppData\Local\{1B7E9D7D-58A8-46C0-800B-BFE2FC2C4461}
2011-05-20 14:54 . 2011-05-20 14:54 -------- d-----w- c:\users\1\AppData\Local\{7B126A1D-17DD-4B47-AF35-A921577DB7C2}
2011-05-19 15:43 . 2011-05-19 15:44 -------- d-----w- c:\users\1\AppData\Local\{462057FE-BB1E-4E11-9640-449A944381A2}
2011-05-17 20:38 . 2011-05-17 20:38 -------- d-----w- c:\users\1\AppData\Local\{4C79B1A8-FB5E-4CC0-A7B5-613A518604E9}
2011-05-17 19:26 . 2011-05-17 19:26 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-17 15:25 . 2011-05-17 15:25 -------- d-----w- c:\program files (x86)\BF2G15Mod
2011-05-17 15:25 . 2009-06-06 00:23 32768 ----a-w- c:\windows\SysWow64\LogLCD.dll
2011-05-17 15:25 . 2000-05-22 15:58 109248 ----a-w- c:\windows\SysWow64\MSWINSCK.OCX
2011-05-17 15:00 . 2004-10-22 00:18 749568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2011-05-17 15:00 . 2004-10-22 00:17 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2011-05-17 15:00 . 2004-10-22 00:17 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2011-05-17 15:00 . 2004-10-22 00:16 180224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2011-05-17 15:00 . 2004-10-22 00:16 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2011-05-17 15:00 . 2011-05-17 15:00 323716 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2011-05-17 15:00 . 2011-05-17 15:00 192644 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2011-05-16 15:35 . 2011-05-16 15:35 -------- d-----w- c:\users\1\AppData\Local\SKIDROW
2011-05-16 15:02 . 2011-05-16 15:02 -------- d-----w- c:\users\1\AppData\Local\{D31B2897-F862-4591-B1DE-7E94BB519D93}
2011-05-15 03:39 . 2011-05-15 03:39 -------- d-----w- c:\users\1\AppData\Local\{8F08BBD2-6EA6-4681-B567-14FFF76AE899}
2011-05-14 08:56 . 2011-05-14 08:56 -------- d-----w- c:\users\1\AppData\Local\{3D91997B-0F59-4C05-859E-D68725A35D4A}
2011-05-13 17:15 . 2011-05-13 17:15 -------- d-----w- c:\users\1\AppData\Local\{2C1FE9C7-06F1-4DB4-8BCB-E15C21DC85AA}
2011-05-12 20:39 . 2011-05-12 20:39 -------- d-----w- c:\windows\system32\SPReview
2011-05-12 20:38 . 2011-05-12 20:38 -------- d-----w- c:\windows\system32\EventProviders
2011-05-12 20:25 . 2010-11-20 13:33 184704 ----a-w- c:\windows\system32\drivers\pci.sys
2011-05-12 20:24 . 2010-11-20 13:27 135168 ----a-w- c:\windows\system32\shacct.dll
2011-05-12 20:23 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll
2011-05-12 20:23 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll
2011-05-12 20:23 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2011-05-12 20:23 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2011-05-12 20:22 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-05-12 20:22 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-05-12 20:22 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-05-12 20:21 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2011-05-12 20:21 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2011-05-12 20:21 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2011-05-12 20:21 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2011-05-11 20:05 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-11 20:05 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-11 15:02 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 15:02 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 15:02 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-11 15:02 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-11 15:02 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-11 15:02 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-11 15:02 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-11 15:02 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-05-11 15:02 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-11 15:02 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-10 15:46 . 2011-05-10 15:46 -------- d-----w- c:\users\1\AppData\Local\{E613C22C-705E-47BE-8045-7DA108D3E81E}
2011-05-09 17:02 . 2011-05-09 17:02 -------- d-----w- c:\users\1\AppData\Local\{5A1FD2D0-D590-4FE6-B4B8-67ACE428D606}
2011-05-07 17:27 . 2011-05-07 17:28 -------- d-----w- c:\users\1\AppData\Local\{84043490-9E23-4A58-89E7-820271D48086}
2011-05-06 17:14 . 2011-05-06 17:15 -------- d-----w- c:\users\1\AppData\Local\{0F5C2E1B-7707-4604-BD81-E4CA38A2E3EC}
2011-05-05 17:19 . 2011-05-05 17:19 -------- d-----w- c:\users\1\AppData\Local\{3C9E3621-39C6-4B42-89AE-C4AB99EDF173}
2011-05-04 19:00 . 2011-05-04 19:00 -------- d-----w- c:\users\1\AppData\Local\{07230101-0D4D-4B80-8406-09EE8D8811FC}
2011-05-03 14:55 . 2011-05-03 14:55 -------- d-----w- c:\users\1\AppData\Local\{CF4FB023-F753-4255-A845-3BECD68088D7}
2011-05-02 15:13 . 2011-05-02 15:13 -------- d-----w- c:\users\1\AppData\Local\{CAE223C0-4838-456D-B0A3-1F9FBA2ED42A}
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 15:22 . 2009-10-12 16:08 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-05-25 15:22 . 2009-10-12 16:08 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-05-24 20:11 . 2009-11-04 21:31 280768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-05-24 20:11 . 2009-10-20 18:30 280768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-05-24 20:10 . 2009-10-20 18:30 234280 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-05-12 20:47 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-05-12 20:47 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-04-30 22:05 . 2009-10-20 18:30 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-04-29 00:55 . 2011-04-29 00:55 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-04-29 00:55 . 2011-04-29 00:55 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-04-29 00:55 . 2011-04-29 00:55 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-04-29 00:55 . 2011-04-29 00:55 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-04-29 00:55 . 2011-04-29 00:55 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-04-29 00:55 . 2011-04-29 00:55 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-04-29 00:55 . 2011-04-29 00:55 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-04-29 00:55 . 2011-04-29 00:55 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-04-29 00:55 . 2011-04-29 00:55 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-04-29 00:55 . 2011-04-29 00:55 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-04-29 00:55 . 2011-04-29 00:55 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-04-29 00:55 . 2011-04-29 00:55 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-04-29 00:55 . 2011-04-29 00:55 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-04-29 00:55 . 2011-04-29 00:55 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-04-29 00:55 . 2011-04-29 00:55 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-04-29 00:55 . 2011-04-29 00:55 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-04-29 00:55 . 2011-04-29 00:55 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-29 00:55 . 2011-04-29 00:55 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-04-29 00:55 . 2011-04-29 00:55 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-04-29 00:55 . 2011-04-29 00:55 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-04-29 00:55 . 2011-04-29 00:55 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-29 00:55 . 2011-04-29 00:55 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-04-29 00:55 . 2011-04-29 00:55 222208 ----a-w- c:\windows\system32\msls31.dll
2011-04-29 00:55 . 2011-04-29 00:55 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-29 00:55 . 2011-04-29 00:55 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-04-29 00:55 . 2011-04-29 00:55 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-04-29 00:55 . 2011-04-29 00:55 12288 ----a-w- c:\windows\system32\mshta.exe
2011-04-29 00:55 . 2011-04-29 00:55 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-04-29 00:55 . 2011-04-29 00:55 114176 ----a-w- c:\windows\system32\admparse.dll
2011-04-29 00:55 . 2011-04-29 00:55 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-04-29 00:55 . 2011-04-29 00:55 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-29 00:55 . 2011-04-29 00:55 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-29 00:55 . 2011-04-29 00:55 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-04-29 00:55 . 2011-04-29 00:55 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-04-29 00:55 . 2011-04-29 00:55 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-04-29 00:55 . 2011-04-29 00:55 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-29 00:55 . 2011-04-29 00:55 448512 ----a-w- c:\windows\system32\html.iec
2011-04-29 00:55 . 2011-04-29 00:55 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-29 00:55 . 2011-04-29 00:55 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-04-29 00:55 . 2011-04-29 00:55 160256 ----a-w- c:\windows\system32\wextract.exe
2011-04-29 00:55 . 2011-04-29 00:55 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-29 00:55 . 2011-04-29 00:55 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-15 23:40 . 2011-04-15 23:40 809496 ----a-r- c:\windows\SysWow64\tmpB338.tmp
2011-04-09 16:55 . 2011-04-09 16:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
2011-04-08 11:28 . 2011-04-08 11:28 41872 ----a-w- c:\windows\SysWow64\xfcodec.dll
2011-04-08 11:28 . 2011-04-08 11:28 27536 ----a-w- c:\windows\system32\xfcodec64.dll
2011-04-08 05:14 . 2011-04-30 22:09 6974056 ----a-w- c:\windows\system32\nvcuda.dll
2011-04-08 05:14 . 2011-04-30 22:09 67176 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-08 05:14 . 2011-04-30 22:09 6299752 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-04-08 05:14 . 2011-04-30 22:09 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-04-08 05:14 . 2011-04-30 22:09 5183080 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-04-08 05:14 . 2011-04-30 22:09 2893416 ----a-w- c:\windows\system32\nvcuvid.dll
2011-04-08 05:14 . 2011-04-30 22:09 2765928 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-04-08 05:14 . 2011-04-30 22:09 2204264 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-04-08 05:14 . 2011-04-30 22:09 2074216 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-04-08 05:14 . 2011-04-30 22:09 2034280 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-04-08 05:14 . 2011-04-30 22:09 18578536 ----a-w- c:\windows\system32\nvcompiler.dll
2011-04-08 05:14 . 2011-04-30 22:09 1619048 ----a-w- c:\windows\system32\nvdispco6420140.dll
2011-04-08 05:14 . 2011-04-30 22:09 15227496 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-04-08 05:14 . 2011-04-30 22:09 1404008 ----a-w- c:\windows\system32\nvgenco642060.dll
2011-04-08 05:14 . 2011-04-30 22:09 13262184 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-04-08 05:14 . 2011-04-30 22:09 13007464 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-04-08 05:14 . 2011-04-30 22:09 12934248 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-04-08 05:14 . 2010-11-10 16:41 20700264 ----a-w- c:\windows\system32\nvoglv64.dll
2011-04-08 05:14 . 2010-11-10 16:41 10071656 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-04-08 05:14 . 2009-09-27 14:12 2273896 ----a-w- c:\windows\system32\nvapi64.dll
2011-04-08 05:14 . 2009-07-13 21:59 8411752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-04-07 21:19 . 2011-04-07 21:19 2582120 ----a-w- c:\windows\system32\nvsvcr.dll
2011-04-07 21:19 . 2011-04-07 21:19 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-07 21:19 . 2011-04-07 21:19 1012328 ----a-w- c:\windows\system32\nvvsvc.exe
2011-04-07 21:19 . 2011-04-07 21:19 797288 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-04-07 21:19 . 2011-04-07 21:19 6338152 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-07 21:18 . 2011-04-07 21:18 3041384 ----a-w- c:\windows\system32\nvsvc64.dll
2011-03-19 13:16 . 2009-12-04 00:11 1417216 ----a-w- c:\windows\SysWow64\rapture3d_oal.dll
2011-03-12 12:08 . 2011-04-27 20:33 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-12 11:23 . 2011-04-27 20:33 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-03-11 06:41 . 2011-04-27 20:33 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2011-03-11 06:41 . 2011-04-27 20:33 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-03-11 06:41 . 2011-04-27 20:33 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-03-11 06:41 . 2011-04-27 20:33 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-03-11 06:41 . 2011-04-27 20:33 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-03-11 06:41 . 2011-04-27 20:33 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-03-11 06:41 . 2011-04-27 20:33 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-03-11 06:34 . 2011-04-14 16:49 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 06:34 . 2011-04-14 16:49 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 06:33 . 2011-04-27 20:33 2565632 ----a-w- c:\windows\system32\esent.dll
2011-03-11 06:30 . 2011-04-27 20:33 96768 ----a-w- c:\windows\system32\fsutil.exe
2011-03-11 05:33 . 2011-04-14 16:49 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-11 05:33 . 2011-04-14 16:49 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-11 05:33 . 2011-04-27 20:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2011-03-11 05:31 . 2011-04-27 20:33 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-03 25600]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-01 136176]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-10-12 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;d:\everest ultimate edition v.4.60.1529 beta\kerneld.amd64 [2008-09-20 21632]
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-01 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [x]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [x]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [x]
R3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\DRIVERS\ssceserd.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-05-25 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-05-25 119632]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-07 378472]
S3 AtcL001;NDIS-minipoortstuurprogramma voor L1 Gigabit Ethernet-controller van Atheros;c:\windows\system32\DRIVERS\l160x64.sys [x]
S3 camfilt2;Hercules Filter Driver;c:\windows\system32\Drivers\camfilt2.sys [2007-12-10 140800]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-05-25 20568]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
.
.
d

deven

Legacy Member
Inhoud van de 'Gedeelde Taken' map
.
2011-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-01 20:57]
.
2011-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-01 20:57]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2010-11-16 104008]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Verzenden naar OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\1\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Verzenden naar &Bluetooth - c:\program files (x86)\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\1\AppData\Roaming\Mozilla\Firefox\Profiles\6v78t98k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ig?hl=nl&auth=DQAAAKgAAAAe_Zxemj-f9xacVayFIKTaqXWCNQFqN6TeqjXSOJ_dwIZ1TUGALRPrKCabmPdygunxdCg_FsVCPuMzjF3iP4c8S595ylwAIrq72oq5VnROhHXMdJyzqmgxNuvd7iaqfKMrrAWdOOxpdztF1eI-mNpJ7eGHt-YvP1dVFssHKFunzyY3W_kz7-GMKnkmnwu5WvINJI1cnT3GAPsMFomvvNVrf1_zrg4wUT_o_1BbZP6fdw
.
- - - - ORPHANS VERWIJDERD - - - -
.
URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
Wow6432Node-HKLM-Run-NPSStartup - (no file)
SafeBoot-SolutoService
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\d:\everest ultimate edition v.4.60.1529 beta\kerneld.amd64"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-3670446751-1902120736-307879912-1000\Software\SecuROM\License information*]
"datasecu"=hex:5f,b9,7a,ed,6c,44,50,dd,e7,0b,34,d2,97,ef,48,16,1c,72,a9,3b,b3,
cc,6e,e1,8d,28,86,52,dc,c7,82,29,16,ed,10,a0,72,e4,9d,d2,88,db,ce,d6,7b,73,\
"rkeysecu"=hex:07,fd,fd,04,c7,27,80,bb,24,c6,bb,fe,c2,03,08,50
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2011-05-31 23:22:37
ComboFix-quarantined-files.txt 2011-05-31 21:22
.
Pre-Run: 84.600.905.728 bytes beschikbaar
Post-Run: 84.557.627.392 bytes beschikbaar
.
- - End Of File - - 6865CB75E707AB43D8529D2FCA3F8656
d

deven

Legacy Member
ik ondervind er niks meer van in ieder geval. dit was louter bedoeld om zeker te zijn of alles wel weg was.

Alles is voor de rest in orde dan ?

alvast bedankt.
J

Juisterr

Legacy Member
Ja hoor,

Ga naar Start - Uitvoeren
en Geef hier het volgende in: Combofix /Uninstall
Druk daarna op OK.
Als het goed is krijg je dan een melding dat Combofix verwijderd werd.

Voorbeeld:

CFUninstall.PNG


Uitvoeren kan ook gestart worden door de toetsencombinatie
W+R.jpg
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan