Flink aantal problemen..

[jobh]

Oei dat klinkt er niet echt veelbelovend uit.. Heb gedaan wat je zei, zei tijdens het scannen dat ik geen administrator rechten had maar die heb ik wel... Ben de enige gebruiker.. Hier is het logje:

ComboFix 09-12-03.06 - Job 05-12-2009 15:37.1.2 - x86 NETWORK

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3070.2320 [GMT 1:00]

Gestart vanuit: c:\users\Job\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Job\Desktop\CFScript.txt

AV: Windows Live OneCare *On-access scanning enabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}

FW: Windows Live OneCare - Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

SP: Windows Live OneCare *enabled* (Updated) {CC7E50BA-BA8C-4DDE-B5AC-EA53BC38D01B}

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-11-05 to 2009-12-05 ))))))))))))))))))))))))))))))

.

2009-12-05 14:44 . 2009-12-05 14:46 -------- d-----w- c:\users\Job\AppData\Local\temp

2009-12-05 14:44 . 2009-12-05 14:44 -------- d-----w- c:\users\Public\AppData\Local\temp

2009-12-04 20:40 . 2009-12-04 20:40 -------- d-----w- c:\users\Job\AppData\Roaming\Malwarebytes

2009-12-04 20:40 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-04 20:40 . 2009-12-04 20:40 -------- d-----w- c:\programdata\Malwarebytes

2009-12-04 20:40 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-04 16:39 . 2009-12-04 16:39 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2009-12-04 16:32 . 2009-12-05 14:22 680 ----a-w- c:\users\Job\AppData\Local\d3d9caps.dat

2009-12-04 15:46 . 2009-12-04 16:16 -------- d-----w- c:\users\Job\AppData\Roaming\Lavasoft

2009-11-26 12:58 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll

2009-11-26 12:57 . 2009-11-26 12:57 -------- d-----w- c:\program files\MSXML 4.0

2009-11-25 20:44 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll

2009-11-25 20:44 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll

2009-11-24 14:29 . 2009-11-24 14:29 1010936 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2009-11-18 20:45 . 2009-11-18 20:45 -------- d-----w- c:\program files\Windows Portable Devices

2009-11-18 12:54 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll

2009-11-18 12:54 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll

2009-11-18 12:54 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll

2009-11-18 12:52 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe

2009-11-18 12:52 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll

2009-11-18 12:52 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll

2009-11-18 12:52 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll

2009-11-18 12:52 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll

2009-11-18 12:52 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll

2009-11-18 12:52 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll

2009-11-18 12:52 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll

2009-11-18 12:52 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll

2009-11-18 12:52 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll

2009-11-18 12:52 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll

2009-11-18 12:52 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll

2009-11-18 12:50 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll

2009-11-18 12:50 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2009-11-18 12:50 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll

2009-11-10 20:57 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys

2009-11-10 20:48 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll

2009-11-10 17:39 . 2009-11-12 20:58 4096 d-----w- c:\users\Job\AppData\Local\Microsoft Games

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-05 14:44 . 2009-07-17 11:26 4096 d-----w- c:\users\Job\AppData\Roaming\Skype

2009-12-05 14:28 . 2009-07-17 11:34 4096 d-----w- c:\users\Job\AppData\Roaming\skypePM

2009-12-05 14:21 . 2008-04-16 11:26 666366 ----a-w- c:\windows\system32\perfh013.dat

2009-12-05 14:21 . 2008-04-16 11:26 126270 ----a-w- c:\windows\system32\perfc013.dat

2009-12-05 01:00 . 2009-03-26 21:28 45056 ----a-w- c:\windows\system32\acovcnt.exe

2009-12-02 20:52 . 2009-03-26 19:47 12 ----a-w- c:\windows\bthservsdp.dat

2009-12-02 13:19 . 2009-07-10 12:59 28672 d-----w- c:\program files\Microsoft Windows OneCare Live

2009-11-30 15:13 . 2009-03-26 20:14 4096 d-----w- c:\program files\Google

2009-11-18 20:45 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat

2009-11-18 20:44 . 2009-11-18 20:44 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf

2009-11-14 14:34 . 2009-03-26 19:55 65536 d-----w- c:\programdata\Microsoft Help

2009-11-11 21:04 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail

2009-11-10 17:35 . 2006-11-02 12:37 4096 d-----w- c:\program files\Microsoft Games

2009-10-14 19:35 . 2009-10-14 19:35 -------- d-----w- c:\users\Job\AppData\Roaming\Regensoft

2009-10-14 15:42 . 2009-10-14 15:42 -------- d-----w- c:\users\Job\AppData\Roaming\Red Kawa

2009-10-14 15:34 . 2009-10-14 15:34 -------- d-----w- c:\program files\Regensoft

2009-10-14 13:48 . 2009-10-14 13:48 -------- d-----w- c:\users\Job\AppData\Roaming\Media Player Classic

2009-10-14 13:33 . 2009-10-14 13:33 -------- d-----w- c:\program files\XviD

2009-10-03 13:22 . 2009-10-03 13:22 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe

2009-09-25 02:10 . 2009-11-18 12:53 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll

2009-09-25 02:07 . 2009-11-18 12:53 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2009-09-25 02:04 . 2009-11-18 12:53 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll

2009-09-25 01:49 . 2009-11-18 12:53 1554432 ----a-w- c:\windows\system32\xpsservices.dll

2009-09-25 01:48 . 2009-11-18 12:53 351232 ----a-w- c:\windows\system32\XpsPrint.dll

2009-09-25 01:38 . 2009-11-18 12:53 847360 ----a-w- c:\windows\system32\OpcServices.dll

2009-09-25 01:36 . 2009-11-18 12:53 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2009-09-25 01:35 . 2009-11-18 12:53 135680 ----a-w- c:\windows\system32\XpsRasterService.dll

2009-09-25 01:33 . 2009-11-18 12:53 195584 ----a-w- c:\windows\system32\dxdiagn.dll

2009-09-25 01:33 . 2009-11-18 12:53 829440 ----a-w- c:\windows\system32\d3d10warp.dll

2009-09-25 01:33 . 2009-11-18 12:53 369664 ----a-w- c:\windows\system32\WMPhoto.dll

2009-09-25 01:32 . 2009-11-18 12:53 252928 ----a-w- c:\windows\system32\dxdiag.exe

2009-09-25 01:31 . 2009-11-18 12:53 519680 ----a-w- c:\windows\system32\d3d11.dll

2009-09-25 01:31 . 2009-11-18 12:53 486912 ----a-w- c:\windows\system32\d3d10level9.dll

2009-09-25 01:31 . 2009-11-18 12:53 161280 ----a-w- c:\windows\system32\d3d10_1.dll

2009-09-25 01:31 . 2009-11-18 12:53 218112 ----a-w- c:\windows\system32\d3d10_1core.dll

2009-09-25 01:31 . 2009-11-18 12:53 1030144 ----a-w- c:\windows\system32\d3d10.dll

2009-09-25 01:31 . 2009-11-18 12:53 828928 ----a-w- c:\windows\system32\d2d1.dll

2009-09-25 01:30 . 2009-11-18 12:53 481792 ----a-w- c:\windows\system32\dxgi.dll

2009-09-25 01:30 . 2009-11-18 12:53 190464 ----a-w- c:\windows\system32\d3d10core.dll

2009-09-25 01:27 . 2009-11-18 12:53 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2009-09-25 01:27 . 2009-11-18 12:53 37888 ----a-w- c:\windows\system32\cdd.dll

2009-09-25 01:27 . 2009-11-18 12:53 793088 ----a-w- c:\windows\system32\FntCache.dll

2009-09-25 01:27 . 2009-11-18 12:53 1064448 ----a-w- c:\windows\system32\DWrite.dll

2009-09-24 22:54 . 2009-11-18 12:53 258048 ----a-w- c:\windows\system32\winspool.drv

2009-09-24 22:54 . 2009-11-18 12:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe

2009-09-24 22:54 . 2009-11-18 12:53 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll

2009-09-14 09:29 . 2009-10-14 15:39 144896 ----a-w- c:\windows\system32\drivers\srv2.sys

2009-09-10 16:48 . 2009-10-17 15:13 218624 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-10 14:59 . 2009-10-28 15:40 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2009-09-10 14:58 . 2009-10-28 15:40 310784 ----a-w- c:\windows\system32\unregmp2.exe

2008-07-02 02:28 . 2008-07-02 02:28 61440 ----a-w- c:\program files\Common Files\CPInstallAction.dll

2008-05-22 16:35 . 2008-05-22 16:35 51962 ----a-w- c:\program files\Common Files\banner.jpg

2007-06-12 17:34 . 2007-06-12 17:34 35822 ----a-w- c:\program files\Common Files\ASPG_icon.ico

2009-03-26 20:13 . 2009-03-26 20:13 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"Google Update"="c:\users\Job\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-07-23 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" [X]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]

"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-12 98304]

"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2008-07-15 7651328]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]

"ADSMTray"="c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2008-04-01 266240]

"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744]

"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-10-12 106496]

"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2009-03-26 33136]

"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]

"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2009-07-09 65240]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]

"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-07-16 6253088]

"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2008-07-16 1833504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

"Malwarebytes' Anti-Malware"="d:\malwarebytes' anti-malware\mbamgui.exe" [2009-12-03 429392]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-30 752168]

FancyStart daemon.lnk - c:\windows\Installer\{DC905847-D537-427F-BF91-47CC7ACCDE58}\_DF3A81D17C478A2A6C60A5.exe [2009-3-26 12862]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiSpywareOverride"=dword:00000001

"FirewallOverride"=dword:00000001

"VistaSp2"=hex(:2c,e3,d1,d6,2d,18,ca,01

R0 ***laby;***laby;c:\windows\System32\drivers\***laby.sys [26-3-2009 22:16 15416]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [2-5-2008 9:07 48128]

S2 gupdate1ca2352ee0ffca0;Google Updateservice (gupdate1ca2352ee0ffca0);c:\program files\Google\Update\GoogleUpdate.exe [22-8-2009 19:04 133104]

S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Mouse Driver\KMWDSrv.exe [30-5-2008 0:22 208896]

S2 MDES;DVM Meta Data Export Service;c:\asus.sys\DVMExportService.exe [21-10-2008 17:57 307200]

S2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [9-7-2009 11:15 26104]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [26-3-2009 22:03 29736]

S3 CRFILTER;USB Mass Storage Filter;c:\windows\System32\drivers\CRFILTER.sys [7-4-2008 7:00 6656]

S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21-1-2008 3:23 21504]

S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [1-10-2009 16:17 54632]

S3 fsssvc;De service Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [5-8-2009 21:48 704864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

Inhoud van de 'Gedeelde Taken' map

2009-12-05 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-22 18:03]

2009-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-22 18:03]

2009-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-22 18:03]

2009-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1777717061-635218429-414337746-1000Core.job

- c:\users\Job\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-23 23:06]

2009-12-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1777717061-635218429-414337746-1000UA.job

- c:\users\Job\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-23 23:06]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

.

- - - - ORPHANS VERWIJDERD - - - -

HKLM-RunOnce-<NO NAME> - (no file)

**************************************************************************

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden:

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'lsass.exe'(536)

c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll

- - - - - - - > 'Explorer.exe'(1264)

c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll

c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe

c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

.

**************************************************************************

.

Voltooingstijd: 2009-12-05 15:51 - machine werd herstart

ComboFix-quarantined-files.txt 2009-12-05 14:51

ComboFix2.txt 2009-12-04 23:10

ComboFix3.txt 2009-12-04 21:57

Pre-Run: 112.339.595.264 bytes beschikbaar

Post-Run: 112.218.697.728 bytes beschikbaar

- - End Of File - - E264D4D90665F97239887CFD1D9AA601

Edit. Heb nog geprobeerd in de normale modus op te starten, hetzelfde probleem, niets veranderd. Kan wel via taakbeheer in "Computer" en mijn bestanden zien.. Erg vreemd dus.. En wat betekent het als er een groter probleem aan de hand is? Moet ik m dan opnieuw formateren?

5 december 2009 aangepast door jobh

[kape]

Download Findykill en laat dit programma runnen. Kies voor de optie 1 en plaats dan het logje in je volgende bericht.

[jobh]

Bedankt wederom, gedaan wat je zei, logje:

----------------- FindyKill V4.005 ------------------

* User : Job - PC_VAN_JOB

* Emplacement : C:\Program Files\FindyKill

* Outils Mis a jours le 17/10/08 par Chiquitine29

* Recherche effectuée à 16:25:20 le za 05-12-2009

* Windows_NT - Internet Explorer 7.0.6002.18005

((((((((((((((((( *** Recherche *** ))))))))))))))))))

--------------- [ Processus actifs ] ----------------

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Users\Job\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Job\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Job\AppData\Local\Google\Chrome\Application\chrome.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------

»»»» Presence des fichiers dans C:

»»»» Presence des fichiers dans C:\Windows

»»»» Presence des fichiers dans C:\Windows\Prefetch

»»»» Presence des fichiers dans C:\Windows\system32

»»»» Presence des fichiers dans C:\Windows\system32\drivers

»»»» Presence des fichiers dans C:\Users\Job\AppData\Roaming

»»»» Presence des fichiers dans C:\Users\Job\AppData\Local\Temp

--------------- [ Registre / Startup ] ----------------

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Windows Defender REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MSASCui.exe -hide

CLMLServer REG_SZ "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"

P2Go_Menu REG_SZ "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

StartCCC REG_SZ "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

HControlUser REG_SZ "C:\Program Files\ATK Hotkey\HcontrolUser.exe"

ATKOSD2 REG_SZ C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe

RtHDVCpl REG_SZ RtHDVCpl.exe

SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

ADSMTray REG_SZ C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe

ATKMEDIA REG_SZ C:\Program Files\ASUS\ATK Media\DMedia.exe

ASUSTPE REG_SZ C:\Windows\system32\ASUSTPE.exe

ASUS Screen Saver Protector REG_SZ C:\Windows\ASScrPro.exe

fssui REG_SZ "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun

OneCareUI REG_SZ "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"

Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

Skytel REG_SZ Skytel.exe

SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"

QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime

AppleSyncNotifier REG_SZ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe

Google Update REG_SZ "C:\Users\Job\AppData\Local\Google\Update\GoogleUpdate.exe" /c

--------------- [ Registre / Clés infectieuses ] ----------------

--------------- [ Etat / Services ] ----------------

+- Services : [ Auto=2 Demande=3 Désactivé=4 ]

Ndisuio - Type de démarrage = 3

EapHost - Type de démarrage = 3

Wlansvc - Type de démarrage = 2

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

wscsvc - Type de démarrage = 2

--------------- [ Recherche dans supports amovibles] ----------------

+- Informations :

C: - vast station

D: - vast station

+- presence des fichiers :

--------------- [ Registre / Moutpoint2 ] ----------------

-> Recherche négative.

------------------- ! Fin du rapport ! --------------------

[kape]

OK, prima ... nu hetzelfde programma, maar met optie 2.

[jobh]

Oke bedankt, heb stap 2 gedaan, heeft de computer opnieuw opgestart en daarna gebeurde er niets.. Weet niet of dat normaal is en bovendien is mijn Frans niet echt wat het zou moeten zijn.. Heb geen log ontvangen ofzo.

[kape]

Bekijk eens via "zoeken" of je het bestand findykill.txt op de PC kan vinden ? Dat is het log dat we nodig hebben

[jobh]

Heb gezocht maar niet kunnen vinden.. Moet ik het nog een keertje doen? Het is jammer dat het Frans is.. Maar het maakt niet uit dat ik het in de veilige modus doe? En als ie op moet starten de veilige modus opstarten?

[kape]

Antwoord op je vragen :

1. graag nog een keer.

2. & 3. "veilige modus" mag, indien het in normale modus kan, nog beter ... maar eerste optie is ook geen probleem.

[jobh]

Hee, heb het nog een keer gedaan, startte opnieuw op,veilige modus, en daarna gebeurd er niets meer. Start findykill op, stap 2, moet ik op een toets drukken, start ie meteen opnieuw op en daarna gebeurt er niets.. Heb nog een keer naar dat logje gezocht maar kan het nergens vinden.. Normale modus werkt nogsteeds niet...

[kape]

Probeer eens of je dit vetgedrukt bestand c:\windows\System32\drivers\***laby.sys manueel kan verwijderen ?