[OPGELOST] Beestjes

Sunflower · 22 mei 2008

Als ik wat je zegt uitvoer geeft hij een foutmelding. Hij zegt dat de code invalied is. :s

De volgende stappen heb ik daarom nog maar niet uitgevoerd.

Download The Avenger en plaats het op je bureaublad:
Unzip het.

Start het programma door op avenger.exe te klikken.

In het venster "Input Script here", plak je het volgende (vetgedrukte):

Registry keys to delete:

HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da30eff8-ccc6-4162-a20d-67402a26a215}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar

HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser

HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}

Klik daarna op de knop "Execute".

Avenger zal aangeven dat de computer gaat herstarten, sta dit toe.

Na nieuwe opstart opent een logfile (avenger.txt).

Verwijder volgende vetgedrukte map (indien nog aanwezig) :

C:\Program Files\Best_Security_Tips

Download MBAM (Malwarebytes' Anti-Malware).

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)

De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje van The Avenger en MBAM in je volgende bericht, samen met een nieuw HijackThis log.

kape · 23 mei 2008

In neem aan dat je die foutmelding krijgt bij het laden van The Avenger. Dan zetten we even een stapje terug en proberen het opnieuw met Combofix.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da30eff8-ccc6-4162-a20d-67402a26a215}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

[-HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

[-HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

En dan mag je verder met het vorige verhaal (eventueel verwijderen map en MABM laten runnen).

Post na herstart de inhoud van de Combofix.txt en het log van MBAM in je volgende bericht, samen met een nieuw logje van HijackThis.

Sunflower · 23 mei 2008

Het loopt eigenlijk mis als ik de code in avenger geplakt heb en op 'execute' klik. Dan krijg ik een heel aantal foutmeldingen. Ik krijg dan wel de optie 'ondanks die fout, toch verdergaan'. Als ik deze optie aanklik, blijft het foutmeldingen regelen...

Hij zegt iets à la 'code invalid', het gaat dan om die ' HKEY_CLASSES_ROOT ..." en geeft aan dat hij enkel kan werken met de HKEY_LOCAL_MACHINE - code. Bij het uitvoeren van avenger krijg ik als ik op avenger klik opnieuw de foutmelding. Hij zegt dat er een fout zit in de input script en dat voor dit programma enkel registry codes aanpasbaar zijn die onder de HKEY_LOCAL_MACHINE hive zitten.

kape · 24 mei 2008

OK, maar heb je mijn nieuwe bericht - terug Combofix gebruiken - al eens uitgeprobeerd ?

Sunflower · 11 juni 2008

In neem aan dat je die foutmelding krijgt bij het laden van The Avenger. Dan zetten we even een stapje terug en proberen het opnieuw met Combofix.
Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da30eff8-ccc6-4162-a20d-67402a26a215}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

[-HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

[-HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

En dan mag je verder met het vorige verhaal (eventueel verwijderen map en MABM laten runnen).

Post na herstart de inhoud van de Combofix.txt en het log van MBAM in je volgende bericht, samen met een nieuw logje van HijackThis.

Hoi! Sorry ik had even een periode heel weinig tijd. Ik heb deze stap vandaag hernomen en dit is het resultaat van combofix:

* Nieuw herstelpunt werd aangemaakt * Resident AV is active . (((((((((((((((((((( Bestanden Gemaakt van 2008-05-11 to 2008-06-11 )))))))))))))))))))))))))))))) . Geen nieuwe bestanden aangemaakt in deze periode . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-11 11:47 --------- d-----w C:\Program Files\Windows Mail 2008-06-11 11:47 --------- d-----w C:\Program Files\McAfee 2008-05-21 18:46 --------- d-----w C:\Program Files\Google 2008-05-16 22:45 --------- d-----w C:\Program Files\IrfanView 2008-05-16 11:50 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-05-12 19:43 812,344 ----a-w C:\Users\Anja\HJTInstall.exe 2008-05-12 19:43 --------- d-----w C:\Program Files\Trend Micro 2008-05-10 17:19 --------- d-----w C:\Program Files\BitComet 2008-05-10 16:29 5,742,544 ----a-w C:\Users\Anja\bitcomet_setup.exe 2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll 2008-05-10 01:21 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys 2008-05-06 21:45 --------- d-----w C:\Program Files\Common Files\Adobe 2008-05-05 20:41 690,648 ----a-w C:\Users\Anja\installer-9258-865-Ares.exe 2008-05-04 20:56 174 --sha-w C:\Program Files\desktop.ini 2008-05-04 20:48 --------- d-----w C:\Program Files\Windows Sidebar 2008-05-04 20:48 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-05-04 20:48 --------- d-----w C:\Program Files\Windows Journal 2008-05-04 20:48 --------- d-----w C:\Program Files\Windows Defender 2008-05-04 20:48 --------- d-----w C:\Program Files\Windows Collaboration 2008-05-04 20:48 --------- d-----w C:\Program Files\Windows Calendar 2008-05-04 20:33 79,872 ----a-w C:\Windows\System32\axaltocm.dll 2008-05-04 20:33 101,376 ----a-w C:\Windows\System32\ifxcardm.dll 2008-04-30 15:43 318,904 ----a-w C:\Users\Anja\wmpfirefoxplugin.exe 2008-04-30 15:32 --------- d-----w C:\Program Files\Dell 2008-04-30 15:31 --------- d-----w C:\Program Files\PCCheckupOnline 2008-04-30 13:48 --------- d-----w C:\ProgramData\Dell 2008-04-30 13:46 31,542,424 ----a-w C:\Users\Anja\R180808-3.exe 2008-04-30 13:05 895,016 ----a-w C:\Users\Anja\WGAPluginInstall.exe 2008-04-28 18:43 --------- d-----w C:\Program Files\Conduit 2008-04-28 18:43 --------- d-----w C:\Program Files\Ares Galaxy Turbo Accelerator 2008-04-28 18:42 --------- d-----w C:\Users\Anja\AppData\Roaming\Download Manager 2008-04-28 18:41 128,376 ----a-w C:\Users\Anja\Download_AresGalaxyTurboAccelerator_installer.exe 2008-04-28 15:54 --------- d-----w C:\Program Files\Ares 2008-04-28 15:52 690,648 ----a-w C:\Users\Anja\installer-5130-865-Ares-Galaxy.exe 2008-04-27 19:37 --------- d-----w C:\Program Files\Advanced Diary 2008-04-27 19:35 --------- d-----w C:\Program Files\iDailyDiary 2008-04-26 21:47 --------- d-----w C:\Users\Anja\AppData\Roaming\Microsoft Web Folders 2008-04-26 21:30 2,018,372 ----a-w C:\Users\Anja\aresregular209_installer.exe 2008-04-26 20:43 --------- d-----w C:\Program Files\Bullfrog 2008-04-26 19:42 1,495,112 ----a-w C:\Users\Anja\install_flash_player.exe 2008-04-26 18:48 --------- d-----w C:\Program Files\SPSSEval 2008-04-26 18:36 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-04-26 18:33 --------- d-----w C:\Users\Anja\AppData\Roaming\SAS 2008-04-26 18:33 --------- d-----w C:\ProgramData\SAS 2008-04-26 17:42 --------- d-----w C:\ProgramData\Lavasoft 2008-04-26 17:41 --------- d-----w C:\Program Files\Lavasoft 2008-04-26 17:39 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-04-26 17:04 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-26 17:04 --------- d-----w C:\Program Files\SAS 2008-04-26 14:47 --------- d-----w C:\ProgramData\Messenger Plus! 2008-04-26 07:41 1,327,616 ----a-w C:\Windows\System32\quartz.dll 2008-04-25 23:56 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-04-25 23:56 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys 2008-04-25 23:55 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys 2008-04-25 23:55 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys 2008-04-25 23:55 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-04-25 23:55 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-04-25 23:55 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys 2008-04-25 23:55 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys 2008-04-25 23:55 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys 2008-04-25 23:55 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys 2008-04-25 23:55 110,136 ----a-w C:\Windows\system32\drivers\ataport.sys 2008-04-25 23:55 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys 2008-04-25 23:54 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-04-25 23:54 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-04-25 23:54 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-04-25 23:54 217,144 ----a-w C:\Windows\system32\drivers\netio.sys 2008-04-25 23:54 2,027,008 ----a-w C:\Windows\System32\win32k.sys 2008-04-25 23:54 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-04-25 23:53 296,448 ----a-w C:\Windows\System32\gdi32.dll 2008-04-25 23:51 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll 2008-04-25 23:51 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe 2008-04-25 23:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll 2008-04-25 21:07 126 ----a-w C:\Users\Anja\AppData\Roaming\wklnhst.dat 2008-04-25 20:50 --------- d-----w C:\Users\Anja\AppData\Roaming\Template 2008-04-25 19:23 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-04-25 18:54 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-04-25 18:54 --------- d-----w C:\Program Files\Windows Live 2008-04-25 18:44 --------- d-----w C:\ProgramData\WLInstaller 2008-04-25 18:37 --------- d-----w C:\Program Files\Zone Labs 2008-04-25 18:31 53,080 ----a-w C:\Windows\System32\wuauclt.exe 2008-04-25 18:31 43,352 ----a-w C:\Windows\System32\wups2.dll 2008-04-25 18:31 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll 2008-04-25 18:31 1,524,224 ----a-w C:\Windows\System32\wucltux.dll 2008-04-25 18:29 80,896 ----a-w C:\Windows\System32\wudriver.dll 2008-04-25 18:29 549,720 ----a-w C:\Windows\System32\wuapi.dll 2008-04-25 18:29 33,624 ----a-w C:\Windows\System32\wups.dll 2008-04-25 18:29 31,232 ----a-w C:\Windows\System32\wuapp.exe 2008-04-25 18:29 163,000 ----a-w C:\Windows\System32\wuwebv.dll 2008-04-25 18:19 --------- d-----w C:\Users\Anja\AppData\Roaming\CyberLink 2008-04-25 04:23 826,368 ----a-w C:\Windows\System32\wininet.dll 2008-04-25 04:23 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-04-25 04:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-04-23 19:04 --------- d-----w C:\Users\Anja\AppData\Roaming\Creative 2008-04-23 18:38 --------- d-sh--w C:\ProgramData\Sjablonen 2008-04-23 18:38 --------- d-sh--w C:\ProgramData\Menu Start 2008-04-23 18:38 --------- d-sh--w C:\ProgramData\Favorieten 2008-04-23 18:38 --------- d-sh--w C:\ProgramData\Documenten 2008-04-23 18:38 --------- d-sh--w C:\ProgramData\Bureaublad . ((((((((((((((((((((((((((((( snapshot_2008-05-21_20.37.57,34 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-25 23:53:40 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll + 2008-03-08 04:30:03 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll - 2008-04-25 23:53:39 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll + 2008-03-08 04:30:03 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll - 2008-04-25 23:53:40 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll + 2008-03-08 00:22:51 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll - 2008-04-25 23:53:39 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll + 2008-03-08 04:30:03 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll - 2008-04-25 23:53:39 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll + 2008-03-08 04:30:03 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll - 2008-05-21 16:02:32 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-06-11 17:00:50 67,584 --s-a-w C:\Windows\bootstat.dat - 2000-08-31 06:00:00 73,728 ----a-w C:\Windows\fdsv.exe + 2000-08-31 06:00:00 89,504 ----a-w C:\Windows\fdsv.exe - 2008-05-04 20:11:10 665,600 ----a-w C:\Windows\inf\drvindex.dat + 2008-06-11 11:47:27 665,600 ----a-w C:\Windows\inf\drvindex.dat - 2008-05-04 20:46:00 51,200 ----a-w C:\Windows\inf\infpub.dat + 2008-06-11 11:47:27 51,200 ----a-w C:\Windows\inf\infpub.dat - 2008-05-04 20:45:59 86,016 ----a-w C:\Windows\inf\infstor.dat + 2008-06-11 11:47:26 86,016 ----a-w C:\Windows\inf\infstor.dat - 2008-05-04 20:45:59 143,360 ----a-w C:\Windows\inf\infstrng.dat + 2008-06-11 11:47:26 143,360 ----a-w C:\Windows\inf\infstrng.dat - 2008-05-20 17:06:31 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-06-11 17:00:52 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2008-05-20 17:06:31 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2008-06-11 17:00:52 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2008-05-17 00:27:26 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat + 2008-06-04 00:23:39 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat - 2008-05-20 17:08:28 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-06-11 17:01:41 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-06-11 17:01:41 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2008-05-17 00:25:27 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat + 2008-06-04 00:24:06 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat - 2008-05-20 17:08:23 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-06-11 17:01:36 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT - 2008-04-25 23:51:10 124,928 ----a-w C:\Windows\System32\advpack.dll + 2008-04-25 04:23:05 124,928 ----a-w C:\Windows\System32\advpack.dll - 2008-05-21 14:36:39 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-06-11 17:01:01 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-05-21 14:36:39 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-06-11 17:01:01 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-05-21 14:36:39 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-06-11 17:01:01 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-05-21 18:32:23 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat + 2008-06-11 17:56:48 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat + 2008-06-11 17:56:48 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1 + 2008-04-29 01:42:12 19,456 ----a-w C:\Windows\System32\DriverStore\FileRepository\bth.inf_c206c850\bthenum.sys + 2008-04-29 01:42:12 220,160 ----a-w C:\Windows\System32\DriverStore\FileRepository\bth.inf_c206c850\bthport.sys + 2008-04-29 01:42:08 29,184 ----a-w C:\Windows\System32\DriverStore\FileRepository\bth.inf_c206c850\BTHUSB.SYS + 2008-04-29 03:50:12 181,760 ----a-w C:\Windows\System32\DriverStore\FileRepository\bth.inf_c206c850\fsquirt.exe - 2008-04-25 23:51:08 347,136 ----a-w C:\Windows\System32\dxtmsft.dll + 2008-04-25 04:23:06 347,136 ----a-w C:\Windows\System32\dxtmsft.dll - 2008-04-25 23:51:08 214,528 ----a-w C:\Windows\System32\dxtrans.dll + 2008-04-25 04:23:06 214,528 ----a-w C:\Windows\System32\dxtrans.dll - 2008-04-25 23:53:38 1,686,528 ----a-w C:\Windows\System32\gameux.dll + 2008-03-08 04:30:04 1,686,528 ----a-w C:\Windows\System32\gameux.dll - 2008-04-25 23:53:39 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll + 2008-03-08 00:37:02 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll - 2008-04-25 23:51:02 63,488 ----a-w C:\Windows\System32\icardie.dll + 2008-04-25 04:23:06 63,488 ----a-w C:\Windows\System32\icardie.dll - 2008-04-25 23:50:59 70,656 ----a-w C:\Windows\System32\ie4uinit.exe + 2008-04-25 04:22:36 70,656 ----a-w C:\Windows\System32\ie4uinit.exe - 2008-04-25 23:51:09 383,488 ----a-w C:\Windows\System32\ieapfltr.dll + 2008-04-25 04:23:06 383,488 ----a-w C:\Windows\System32\ieapfltr.dll - 2008-04-25 23:51:07 6,066,176 ----a-w C:\Windows\System32\ieframe.dll + 2008-04-25 04:23:06 6,066,176 ----a-w C:\Windows\System32\ieframe.dll - 2008-04-25 23:50:59 44,544 ----a-w C:\Windows\System32\iernonce.dll + 2008-04-25 04:23:06 44,544 ----a-w C:\Windows\System32\iernonce.dll - 2008-04-25 23:51:07 180,736 ----a-w C:\Windows\System32\ieui.dll + 2008-04-25 04:23:06 180,736 ----a-w C:\Windows\System32\ieui.dll - 2008-04-25 23:51:09 27,648 ----a-w C:\Windows\System32\jsproxy.dll + 2008-04-25 04:23:06 27,648 ----a-w C:\Windows\System32\jsproxy.dll - 2008-04-25 23:51:09 64,512 ----a-w C:\Windows\System32\migration\WininetPlugin.dll + 2008-04-25 04:23:11 64,512 ----a-w C:\Windows\System32\migration\WininetPlugin.dll - 2008-05-09 21:35:04 16,863,864 ----a-w C:\Windows\System32\mrt.exe + 2008-05-29 23:35:11 17,486,968 ----a-w C:\Windows\System32\mrt.exe - 2008-04-25 23:51:05 3,591,680 ----a-w C:\Windows\System32\mshtml.dll + 2008-04-25 04:23:07 3,591,680 ----a-w C:\Windows\System32\mshtml.dll - 2008-04-25 23:51:05 478,208 ----a-w C:\Windows\System32\mshtmled.dll + 2008-04-25 04:23:07 478,208 ----a-w C:\Windows\System32\mshtmled.dll - 2008-04-25 23:51:03 671,232 ----a-w C:\Windows\System32\mstime.dll + 2008-04-25 04:23:09 671,232 ----a-w C:\Windows\System32\mstime.dll - 2008-04-25 23:50:59 44,544 ----a-w C:\Windows\System32\pngfilt.dll + 2008-04-25 04:23:10 44,544 ----a-w C:\Windows\System32\pngfilt.dll - 2008-05-14 06:40:29 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT + 2008-06-11 13:49:06 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT - 2008-04-25 23:51:00 1,159,680 ----a-w C:\Windows\System32\urlmon.dll + 2008-04-25 04:23:11 1,159,680 ----a-w C:\Windows\System32\urlmon.dll - 2008-05-20 17:10:08 4,822 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-857107312-1383821795-3718403111-1000_UserData.bin + 2008-06-11 17:13:22 5,514 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-857107312-1383821795-3718403111-1000_UserData.bin - 2008-05-20 17:10:07 59,230 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-06-11 17:13:05 59,734 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-06-04 00:24:13 2,638 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat - 2008-05-20 17:29:58 33,722 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-06-11 17:13:01 35,214 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin - 2008-05-14 00:07:21 107,014,928 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin + 2008-06-11 00:52:00 113,848,795 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin + 2008-04-29 01:42:12 19,456 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6000.16682_none_700a06c9bea9b8da\bthenum.sys + 2008-04-29 01:42:12 220,160 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6000.16682_none_700a06c9bea9b8da\bthport.sys + 2008-04-29 01:42:08 29,184 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6000.16682_none_700a06c9bea9b8da\BTHUSB.SYS + 2008-04-29 03:50:12 181,760 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6000.16682_none_700a06c9bea9b8da\fsquirt.exe + 2008-04-29 01:35:24 19,456 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6000.20824_none_70d68596d794e0d3\bthenum.sys + 2008-04-29 01:35:25 220,160 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6000.20824_none_70d68596d794e0d3\bthport.sys + 2008-04-29 01:35:23 29,184 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6000.20824_none_70d68596d794e0d3\BTHUSB.SYS + 2008-04-29 01:35:24 181,760 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6000.20824_none_70d68596d794e0d3\fsquirt.exe + 2008-01-19 05:53:38 19,456 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.18064_none_7207e5dbbbbe4497\bthenum.sys + 2008-04-29 01:42:23 220,160 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.18064_none_7207e5dbbbbe4497\bthport.sys + 2008-04-29 01:42:21 29,184 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.18064_none_7207e5dbbbbe4497\BTHUSB.SYS + 2008-04-29 03:54:02 181,760 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.18064_none_7207e5dbbbbe4497\fsquirt.exe + 2008-04-29 01:43:50 19,456 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.22168_none_729583ced4d849bd\bthenum.sys + 2008-04-29 01:43:50 220,160 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.22168_none_729583ced4d849bd\bthport.sys + 2008-04-29 01:43:48 29,184 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.22168_none_729583ced4d849bd\BTHUSB.SYS + 2008-04-29 01:43:51 181,760 ----a-w C:\Windows\winsxs\x86_bth.inf_31bf3856ad364e35_6.0.6001.22168_none_729583ced4d849bd\fsquirt.exe + 2008-03-08 00:22:51 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16651_none_0a06ea31f54d7fe8\AcRes.dll + 2008-03-08 00:15:10 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.20788_none_0a77193f0e7d24e6\AcRes.dll + 2008-03-08 01:58:43 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18032_none_0c03c8f9f262f24e\AcRes.dll + 2008-03-08 01:56:45 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22132_none_0c8d65c50b809218\AcRes.dll + 2008-03-08 04:30:03 2,144,256 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16651_none_0a08eac5f54bb296\AcGenral.dll + 2008-03-08 04:15:43 2,144,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.20788_none_0a7919d30e7b5794\AcGenral.dll + 2008-03-08 04:19:20 2,153,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18032_none_0c05c98df26124fc\AcGenral.dll + 2008-03-08 04:09:28 2,153,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22132_none_0c8f66590b7ec4c6\AcGenral.dll + 2008-03-08 04:30:03 449,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16651_none_0a09eb0ff54acbed\AcSpecfc.dll + 2008-03-08 04:15:44 450,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.20788_none_0a7a1a1d0e7a70eb\AcSpecfc.dll + 2008-03-08 04:19:21 458,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18032_none_0c06c9d7f2603e53\AcSpecfc.dll + 2008-03-08 04:09:29 458,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22132_none_0c9066a30b7dde1d\AcSpecfc.dll + 2008-03-08 04:30:03 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16651_none_0a0aeb59f549e544\AcLayers.dll + 2008-03-08 04:30:03 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16651_none_0a0aeb59f549e544\AcXtrnal.dll + 2008-03-08 04:15:44 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20788_none_0a7b1a670e798a42\AcLayers.dll + 2008-03-08 04:15:44 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20788_none_0a7b1a670e798a42\AcXtrnal.dll + 2008-03-08 04:19:20 540,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18032_none_0c07ca21f25f57aa\AcLayers.dll + 2008-03-08 04:19:21 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18032_none_0c07ca21f25f57aa\AcXtrnal.dll + 2008-03-08 04:09:28 540,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22132_none_0c9166ed0b7cf774\AcLayers.dll + 2008-03-08 04:09:30 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22132_none_0c9166ed0b7cf774\AcXtrnal.dll + 2008-04-25 04:23:05 124,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16681_none_a98fa7bdf5e9f5de\advpack.dll + 2008-04-25 04:06:14 124,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.20823_none_aa5c268b0ed51dd7\advpack.dll + 2008-04-26 08:02:05 1,327,104 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directshow-core_31bf3856ad364e35_6.0.6000.16681_none_a4347a24f0ff937a\quartz.dll + 2008-04-26 07:41:59 1,327,616 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directshow-core_31bf3856ad364e35_6.0.6000.20823_none_a500f8f209eabb73\quartz.dll + 2008-04-26 08:08:15 1,314,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directshow-core_31bf3856ad364e35_6.0.6001.18063_none_a6325936ee141f37\quartz.dll + 2008-04-26 07:57:58 1,314,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-directshow-core_31bf3856ad364e35_6.0.6001.22167_none_a6bff72a072e245d\quartz.dll + 2008-03-08 04:30:04 1,686,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16651_none_3fe50116c43e1596\gameux.dll + 2008-03-08 00:37:02 4,247,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16651_none_3fe50116c43e1596\GameUXLegacyGDFs.dll + 2008-03-08 04:16:23 1,686,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20788_none_40553023dd6dba94\gameux.dll + 2008-03-08 00:29:38 4,247,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20788_none_40553023dd6dba94\GameUXLegacyGDFs.dll + 2008-03-08 04:21:55 1,695,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18032_none_41e1dfdec15387fc\gameux.dll + 2008-03-08 02:08:55 4,240,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18032_none_41e1dfdec15387fc\GameUXLegacyGDFs.dll + 2008-03-08 04:10:46 1,695,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22132_none_426b7ca9da7127c6\gameux.dll + 2008-03-08 02:09:25 4,240,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22132_none_426b7ca9da7127c6\GameUXLegacyGDFs.dll + 2008-04-25 04:23:10 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16681_none_eb8ab16d1682dbdd\pngfilt.dll + 2008-04-25 04:09:24 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.20823_none_ec57303a2f6e03d6\pngfilt.dll + 2008-04-25 04:23:11 1,159,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16681_none_b2a75a1fd9e35341\urlmon.dll + 2008-04-25 04:09:51 1,162,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20823_none_b373d8ecf2ce7b3a\urlmon.dll + 2008-04-25 04:35:19 1,166,336 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18063_none_b4a53931d6f7defe\urlmon.dll + 2008-04-25 04:21:54 1,166,336 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22167_none_b532d724f011e424\urlmon.dll + 2008-04-25 04:23:09 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16681_none_de89e8e87f8c12b0\mstime.dll + 2008-04-25 04:08:10 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.20823_none_df5667b598773aa9\mstime.dll + 2008-04-25 04:35:16 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18063_none_e087c7fa7ca09e6d\mstime.dll + 2008-04-25 04:20:09 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22167_none_e11565ed95baa393\mstime.dll + 2008-04-25 04:23:06 27,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16681_none_ffad35c1a4ec79d4\jsproxy.dll + 2008-04-25 04:23:11 826,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16681_none_ffad35c1a4ec79d4\wininet.dll + 2008-04-25 04:23:11 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16681_none_ffad35c1a4ec79d4\WininetPlugin.dll + 2008-04-25 04:07:19 27,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20823_none_0079b48ebdd7a1cd\jsproxy.dll + 2008-04-25 04:09:57 827,392 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20823_none_0079b48ebdd7a1cd\wininet.dll + 2008-04-25 04:09:57 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20823_none_0079b48ebdd7a1cd\WininetPlugin.dll + 2008-04-25 04:35:13 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18063_none_01ab14d3a2010591\jsproxy.dll + 2008-04-25 04:35:23 826,880 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18063_none_01ab14d3a2010591\wininet.dll + 2008-04-25 04:35:24 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18063_none_01ab14d3a2010591\WininetPlugin.dll + 2008-04-25 04:19:00 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22167_none_0238b2c6bb1b0ab7\jsproxy.dll + 2008-04-25 04:22:01 826,880 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22167_none_0238b2c6bb1b0ab7\wininet.dll + 2008-04-25 04:22:01 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22167_none_0238b2c6bb1b0ab7\WininetPlugin.dll + 2008-04-19 20:01:02 2,455,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16681_none_f956589b6ed7f427\ieapfltr.dat + 2008-04-25 04:23:06 383,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16681_none_f956589b6ed7f427\ieapfltr.dll + 2008-04-19 20:01:02 2,455,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20823_none_fa22d76887c31c20\ieapfltr.dat + 2008-04-25 04:07:00 383,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20823_none_fa22d76887c31c20\ieapfltr.dll + 2008-04-25 04:23:06 347,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16681_none_958a915384bd7a55\dxtmsft.dll + 2008-04-25 04:23:06 214,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16681_none_958a915384bd7a55\dxtrans.dll + 2008-04-25 04:06:44 347,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20823_none_965710209da8a24e\dxtmsft.dll + 2008-04-25 04:06:44 214,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20823_none_965710209da8a24e\dxtrans.dll + 2008-04-25 04:23:07 478,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16681_none_45ed2bab467e2ce2\mshtmled.dll + 2008-04-25 04:07:54 478,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.20823_none_46b9aa785f6954db\mshtmled.dll + 2008-04-25 04:23:07 3,591,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16681_none_110754e02542e30a\mshtml.dll + 2008-04-25 04:07:54 3,593,728 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20823_none_11d3d3ad3e2e0b03\mshtml.dll + 2008-04-25 04:35:14 3,578,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18063_none_130533f222576ec7\mshtml.dll + 2008-04-25 04:19:50 3,578,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22167_none_1392d1e53b7173ed\mshtml.dll + 2008-04-25 04:23:06 63,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16681_none_585fc1aa67576f13\icardie.dll + 2008-04-25 04:06:59 63,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.20823_none_592c40778042970c\icardie.dll + 2008-04-25 04:22:36 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16681_none_2d26424d1d17e8b7\ieUnatt.exe + 2008-04-25 04:22:36 625,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16681_none_2d26424d1d17e8b7\iexplore.exe + 2008-04-25 02:03:49 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20823_none_2df2c11a360310b0\ieUnatt.exe + 2008-04-25 02:04:08 625,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20823_none_2df2c11a360310b0\iexplore.exe + 2008-04-25 04:22:36 70,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16681_none_c394f7686192b15c\ie4uinit.exe + 2008-04-25 04:23:06 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16681_none_c394f7686192b15c\iernonce.dll + 2008-04-25 04:23:06 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16681_none_c394f7686192b15c\iesetup.dll + 2008-04-25 02:03:38 70,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20823_none_c46176357a7dd955\ie4uinit.exe + 2008-04-25 04:07:06 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20823_none_c46176357a7dd955\iernonce.dll + 2008-04-25 04:07:06 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20823_none_c46176357a7dd955\iesetup.dll + 2008-04-25 04:23:06 52,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16681_none_29ba0dd8684286b9\iebrshim.dll + 2008-04-25 04:07:00 52,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.20823_none_2a868ca5812daeb2\iebrshim.dll + 2008-04-25 04:23:06 6,066,176 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16681_none_6266aee3b1387137\ieframe.dll + 2008-04-25 04:23:06 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16681_none_6266aee3b1387137\ieui.dll + 2008-04-25 04:07:06 6,068,224 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20823_none_63332db0ca239930\ieframe.dll + 2008-04-25 04:07:06 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20823_none_63332db0ca239930\ieui.dll + 2008-04-25 04:22:36 263,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16681_none_e6601b6294bbc56f\ieinstal.exe + 2008-04-25 02:04:02 263,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.20823_none_e72c9a2fada6ed68\ieinstal.exe + 2008-04-25 04:22:36 301,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16681_none_0b08507ed7368521\ieuser.exe + 2008-04-25 02:04:03 301,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.20823_none_0bd4cf4bf021ad1a\ieuser.exe + 2008-05-02 22:21:56 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16688_none_f0535e6e6e8d6c76\OESpamFilter.dat + 2008-05-02 22:17:48 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20833_none_f10e0b498786feff\OESpamFilter.dat + 2008-05-02 22:18:31 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18071_none_f23d6afa6bb23015\OESpamFilter.dat + 2008-05-02 22:17:54 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22178_none_f2ce09cb84c98140\OESpamFilter.dat + 2008-05-10 01:21:06 113,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6000.16687_none_524810318afeff68\rmcast.sys + 2008-05-10 03:30:50 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6000.16687_none_524810318afeff68\wshrm.dll + 2008-05-10 01:15:20 113,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6000.20832_none_5302bd0ca3f891f1\rmcast.sys + 2008-05-10 03:14:30 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6000.20832_none_5302bd0ca3f891f1\wshrm.dll + 2008-05-10 01:33:10 113,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6001.18069_none_5445ef4388138b25\rmcast.sys + 2006-11-02 09:46:14 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6001.18069_none_5445ef4388138b25\wshrm.dll + 2008-05-10 01:20:02 113,664 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6001.22176_none_54c1bb44a13bfadb\rmcast.sys + 2008-05-10 03:22:18 14,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.0.6001.22176_none_54c1bb44a13bfadb\wshrm.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440] "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-02-13 20:21 202544] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-19 14:39 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-04-19 22:03 1006264] "ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2008-01-18 13:40 17920] "Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-09-07 08:49 159744] "OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-08-28 07:51 36864] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-03-06 09:58 141848] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-03-06 09:58 166424] "Persistence"="C:\Windows\system32\igfxpers.exe" [2008-03-06 09:58 133656] "SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-04-19 14:30 77824] "DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 17:43 118784] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 14:00 174872] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-19 14:39 1838592] "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-13 20:21 16384] "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-11-01 16:39 189736] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992] "SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 13:07 405504] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-02-13 20:21 202544] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-04-19 14:31:45 50688] Microsoft Office.lnk - C:\Microsoft Office2000\Office\OSA9.EXE [1999-02-17 21:05:56 65588] QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2007-09-07 17:27:08 1180952] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "RunStartupScriptSync"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "RunStartupScriptSync"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= divxa32.acm "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{CE00D137-CA7F-4FB2-A737-D8994271EE92}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect "{27C619EE-3650-482C-AC2C-1DE1A7A365D1}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program "{26B2406F-85D3-4744-8B98-3D2A0C6D53A4}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine "{76BCF467-4FF3-4618-BCBA-2B85E5D5D2D6}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server "{B15E3911-7638-4F88-9FAA-820B81B03026}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent "{BD35F392-DF6D-4A4E-A51B-8B76E59BEBD4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{5994E780-10A6-474D-BFE3-7A2493D53894}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client "UDP Query User{C5EBB0FD-A3EC-4203-AACA-549DA7500D0C}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client "TCP Query User{F262DAFF-F4C0-46BF-AA4B-F4992C5E0CA2}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows "UDP Query User{4FB58302-A2D5-4AF8-85E3-EC09E54A5DD5}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "DoNotAllowExceptions"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-11-12 13:07] R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-02-13 20:21] R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-06 09:58] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;C:\Windows\system32\drivers\IntcHdmi.sys [2008-03-06 09:58] R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-08-28 07:51] R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-08-28 07:51] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-29 07:31] S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 09:36] . Inhoud van de 'Gedeelde Taken' map "2008-04-19 12:50:53 C:\Windows\Tasks\McDefragTask.job" - c:\PROGRA~1\mcafee\mqc\QcConsol.exe' "2008-04-19 12:50:54 C:\Windows\Tasks\McQcTask.job" - c:\PROGRA~1\mcafee\mqc\QcConsol.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-11 20:01:09 Windows 6.0.6000 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-06-11 20:02:46 ComboFix-quarantined-files.txt 2008-06-11 18:02:25 ComboFix2.txt 2008-05-21 18:38:33 ComboFix3.txt 2008-05-19 02:45:54 ComboFix4.txt 2008-05-14 06:34:59 Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application. Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application. 434 --- E O F --- 2008-06-11 01:41:39

Voor de zekerheid geef ik het even mee, maar ik zal ondertussen de volgende stappen die je hier zette al uitvoeren.

Sunflower · 11 juni 2008

Het loopt eigenlijk mis als ik de code in avenger geplakt heb en op 'execute' klik. Dan krijg ik een heel aantal foutmeldingen. Ik krijg dan wel de optie 'ondanks die fout, toch verdergaan'. Als ik deze optie aanklik, blijft het foutmeldingen regelen...
Hij zegt iets à la 'code invalid', het gaat dan om die ' HKEY_CLASSES_ROOT ..." en geeft aan dat hij enkel kan werken met de HKEY_LOCAL_MACHINE - code. Bij het uitvoeren van avenger krijg ik als ik op avenger klik opnieuw de foutmelding. Hij zegt dat er een fout zit in de input script en dat voor dit programma enkel registry codes aanpasbaar zijn die onder de HKEY_LOCAL_MACHINE hive zitten.

Het loopt opnieuw fout als ik de code ingeef in Avenger en op execute klik. Het programma zegt dat de script in de input niet valide is en dat het programma enkel toegang heeft tot de codes onder de HKEY_LOCAL_MACHINE hive.

kape · 12 juni 2008

Omdat er al enige tijd verlopen is tussen je oorspronkelijke post (en de laatst voorgestelde oplossingen) én je nieuwe logjes, is het ondoenbaar om daar nu nog de actuele toestand uit te distilleren. Daarom is het noodzakelijk om met een actuele situatie te vertrekken om op verder te werken. Dus graag even een actueel log van HiJackThis en een nieuwe run en log van Malwarebytes. En als het even kan een overzichtelijker log van Combofix, met alle lijntjes onder elkaar. Dan kijken we verder.

PS : alles van The Avenger mag je voorlopig vergeten

Sunflower · 12 juni 2008

Oké, dat begrijp ik. Mijn excuses. Dit is de log van hijackthis:

----------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:52:14, on 12/06/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16681)

Boot mode: Normal

Running processes:

C:\PROGRA~1\McAfee.com\Agent\mcagent.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\OEM02Mon.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Java\jre1.6.0\bin\jusched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

c:\PROGRA~1\mcafee\msc\mcuimgr.exe

C:\Windows\system32\conime.exe

C:\Windows\Explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Microsoft Office2000\Office\POWERPNT.EXE

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {da30eff8-ccc6-4162-a20d-67402a26a215} - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O3 - Toolbar: (no name) - {da30eff8-ccc6-4162-a20d-67402a26a215} - (no file)

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"

O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office2000\Office\OSA9.EXE

O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O13 - Gopher Prefix:

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 8852 bytes

kape · 12 juni 2008

Prima, dat is al iets. Hier mag je het volgende aan doen :

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {da30eff8-ccc6-4162-a20d-67402a26a215} - (no file)

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O3 - Toolbar: (no name) - {da30eff8-ccc6-4162-a20d-67402a26a215} - (no file)

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

Klik op 'Fix checked' om de items te verwijderen.

En laat dan de rest maar komen

Sunflower · 12 juni 2008

Dat heb ik gedaan, die eerste was wel verdwenen. Maar dat is geen reden tot bezorgdheid zeker? Weet je toevallig hoe ik die combofixlog onder mekaar kan krijgen? Vroeger had ik daar geen probleem mee maar nu zet hij vanzelf alles achter mekaar als ik op voorbeeldpost klik, ook al staat alles netjes onder mekaar in het bericht. :s

Inloggen

[OPGELOST] Beestjes

Aanbevolen berichten

Link naar reactie

Delen op andere sites

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Welkom op PC Helpforum

Leden statistieken

OVER ONS

SITEMAP

Belangrijke informatie