Ga naar inhoud

bestantivirus2011.exe


Aanbevolen berichten

  • Reacties 39
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

Dit is de log na de combo met de babylon-cfscript.txt

Kan je hiermee verder?

CU & Thx,

Emp

ComboFix 11-03-24.06 - Emperor 25/03/2011 23:28:26.3.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.32.1043.18.1022.414 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Emperor\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Emperor\Bureaublad\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-02-25 to 2011-03-25 ))))))))))))))))))))))))))))))

.

.

2011-03-24 17:37 . 2011-03-25 22:28 1409 ----a-w- c:\windows\QTFont.for

2011-03-23 20:25 . 2011-03-23 20:25 -------- d-----w- c:\documents and settings\Emperor\Application Data\Malwarebytes

2011-03-23 20:22 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-03-23 20:22 . 2011-03-23 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-03-23 20:22 . 2011-03-23 20:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-03-23 20:22 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-03-23 19:35 . 2011-03-23 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-03-23 18:38 . 2010-07-16 13:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys

2011-03-23 18:38 . 2010-07-16 13:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys

2011-03-23 18:38 . 2011-01-17 08:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2011-03-23 18:38 . 2010-12-10 12:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2011-03-23 18:37 . 2010-12-10 15:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2011-03-23 18:27 . 2010-12-16 07:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2011-03-23 17:53 . 2011-03-23 18:57 -------- d-----w- c:\program files\Common Files\PC Tools

2011-03-23 17:53 . 2011-03-23 20:05 -------- d-----w- c:\program files\PC Tools Security

2011-03-23 17:53 . 2011-03-23 17:53 -------- d-----w- c:\documents and settings\Emperor\Application Data\PC Tools

2011-03-23 17:53 . 2011-03-25 20:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2011-03-23 17:40 . 2011-03-23 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2011-03-23 11:10 . 2011-02-23 14:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-03-23 11:10 . 2011-02-23 14:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-03-23 11:10 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-03-23 11:10 . 2011-02-23 14:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-03-23 11:10 . 2011-02-23 14:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-03-23 11:10 . 2011-02-23 14:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-03-23 11:10 . 2011-02-23 14:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-03-23 11:10 . 2011-02-23 14:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-03-23 11:09 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr

2011-03-23 11:09 . 2011-02-23 15:04 190016 ----a-w- c:\windows\system32\aswBoot.exe

2011-03-23 11:09 . 2011-03-23 11:09 -------- d-----w- c:\program files\AVAST Software

2011-03-23 11:09 . 2011-03-23 11:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-21 09:11 . 2010-11-18 17:59 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2004-11-01 14:33 . 2006-03-20 17:30 1519800 ----a-w- c:\program files\dMC-r101.exe

2004-10-31 01:21 . 2005-11-24 23:06 2421920 ----a-w- c:\program files\winzip90sr1.exe

2003-11-09 22:49 . 2005-11-24 23:05 401952 ----a-w- c:\program files\3DwindowsXP.exe

2003-11-07 13:40 . 2005-11-24 20:02 1897672 ----a-w- c:\program files\winzip81.exe

2002-08-30 09:53 . 2006-04-07 12:09 122880 ----a-w- c:\program files\AtlasNOCD.exe

2000-11-13 21:31 . 2000-11-13 21:31 9468736 ----a-w- c:\program files\sp2upd.exe

1998-09-15 16:22 . 2006-04-07 12:09 11776 ----a-w- c:\program files\Startop.exe

1997-07-19 16:55 . 2006-04-07 12:09 1347344 ----a-w- c:\program files\MSVBVM50.DLL

1997-06-04 01:00 . 2006-04-07 12:09 11264 ----a-w- c:\program files\_SETUP.DLL

1995-09-07 20:22 . 2006-04-07 12:09 8192 ----a-w- c:\program files\_ISDEL.EXE

1997-06-23 11:06 287504 --sha-w- c:\windows\system32\Msxbse35.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-03-25_08.58.55 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-03-25 11:35 . 2011-03-25 11:35 16384 c:\windows\Temp\Perflib_Perfdata_5b4.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UNILEX"="c:\program files\Easy Computing\De Grote Encyclopedie '99\tft.exe" [1998-09-29 33280]

"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]

"PhotoShow Deluxe Media Manager"="c:\progra~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2005-02-01 163840]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]

"Gadwin PrintScreen 3.1"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2005-09-27 1073152]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-12 68856]

"Google Update"="c:\documents and settings\Emperor\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-22 133104]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-22 7282688]

"nwiz"="nwiz.exe" [2005-09-22 1519616]

"NvMediaCenter"="NvMCTray.dll" [2005-09-22 86016]

"RTHDCPL"="RTHDCPL.EXE" [2005-08-18 14820864]

"MedionVFD"="c:\program files\Medion Info Display\MdionLCM.exe" [2005-10-11 126976]

"CmUCRRun"="c:\windows\system32\CmUCReye.exe" [2005-08-04 237568]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-10-27 180269]

"RemoteControl"="c:\program files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 32768]

"AntivirusRegistration"="c:\program files\CA\Etrust Antivirus\Register.exe" [2005-08-22 258048]

"Realtime Monitor"="c:\progra~1\CA\ETRUST~1\realmon.exe" [2004-04-06 504080]

"InstantOn"="c:\program files\CyberLink\PowerCinema Linux\ion_install.exe" [2005-09-22 93640]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-11-27 77824]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-26 172032]

"PCMService"="c:\program files\Medion Home CinemaXL\PowerCinema\PCMService.exe" [2003-02-17 57344]

"CHotkey"="mHotkey.exe" [2004-06-03 549376]

"ledpointer"="CNYHKey.exe" [2003-07-21 5577216]

"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-10 406016]

"Ulead AutoDetector"="c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-02-27 45056]

"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]

"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]

"ISTray"="c:\program files\PC Tools Security\pctsGui.exe" [2011-01-13 1589208]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

.

c:\documents and settings\Emperor\Menu Start\Programma's\Opstarten\

Rainlendar.lnk - c:\program files\Rainlendar\Rainlendar.exe [2003-10-4 49152]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

2Mega Camera Manager Monitor.lnk - c:\program files\MD40323\ICON.EXE [2005-11-25 49152]

Adobe Acrobat Snelle start.lnk - c:\windows\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Acrobat.exe [2008-10-4 295606]

Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 734872]

HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [N/A]

LG SyncManager.lnk - c:\program files\LG PC Suite\LG PC Sync\LGSyncManager.exe [2010-9-15 299008]

NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-4-20 118784]

Scanner Finder.lnk - c:\program files\ScanWizard 5\ScannerFinder.exe [2007-2-18 315392]

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2005-11-24 118784]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\NetMeeting\\Conf.exe"=

"c:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"=

"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=

"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=

"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=

"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqcopy2.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqsudi.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server

"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server

"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server

"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

.

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [23/03/2011 19:38 239168]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [23/03/2011 19:38 338880]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [23/03/2011 19:38 656320]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [23/03/2011 12:10 371544]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23/03/2011 12:10 301528]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23/03/2011 12:10 19544]

R2 EFUploadSrv;ExtraFilm upload service;c:\program files\ExtraFilm Designer BE NL\EFUploadSrv.exe [9/07/2009 13:27 1716224]

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [23/03/2011 18:57 366840]

R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [18/10/2005 14:01 826112]

R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [4/10/2005 17:37 69248]

R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29/09/2009 7:11 12160]

R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29/09/2009 7:11 10496]

R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29/09/2009 7:11 12928]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/01/2010 9:38 135664]

S3 USTOR;Silver Crest Memory Adapter;c:\windows\system32\drivers\UStork.sys [29/11/2005 19:14 20218]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Inhoud van de 'Gedeelde Taken' map

.

2011-03-25 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-08 06:15]

.

2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 08:38]

.

2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 08:38]

.

2011-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3420337748-1825179515-3679239416-1007Core.job

- c:\documents and settings\Andere gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-13 16:59]

.

2011-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3420337748-1825179515-3679239416-1007UA.job

- c:\documents and settings\Andere gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-13 16:59]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Geselecteerde koppelingen converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: Koppelingdoel converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Koppelingdoel converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Selectie converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Selectie converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Toevoegen aan bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

.

- - - - ORPHANS VERWIJDERD - - - -

.

HKCU-Run-Spyware Doctor - c:\documents and settings\DEmperor\Bureaublad\sdsetup_revwire207.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-03-25 23:43

Windows 5.1.2600 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'explorer.exe'(620)

c:\windows\system32\msi.dll

c:\windows\system32\AcSignIcon.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll

c:\program files\Babylon\Babylon-Pro\Captlib.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Voltooingstijd: 2011-03-25 23:51:00

ComboFix-quarantined-files.txt 2011-03-25 22:50

ComboFix2.txt 2011-03-25 21:48

ComboFix3.txt 2011-03-25 09:05

.

Pre-Run: 25.121.751.040 bytes beschikbaar

Post-Run: 25.102.659.584 bytes beschikbaar

.

- - End Of File - - C55F933F401FD263C7F6356C43CACBE5

Link naar reactie
Delen op andere sites

heb de indruk dat de pc sneller werkt opnieuw.

Heb in 'configuratiescherm' en 'software' enkele programma's ook verwijderd die ik niet meer nodig had, en dat liep prima.

Enkel die Babylon blijft er precies opstaan. Die start niet meer automatisch op, maar als ik in 'siftware' op "verwijderen" klik, dan gebeurt er niets.

En ik probeerde Doctor Spyware ook te verwijderen, en dan kreeg ik de melding dat 'sdloader.exe' niet gevonden is, en daardoor wordt het blijkbaar niet verwijderd.

Link naar reactie
Delen op andere sites

Dit bestandje mag je nog manueel verwijderen : c:\windows\system32\ConduitEngine.tmp

Voor Babylon kan je deze map volledig verwijderen c:\program files\Babylon. Het kan inderdaad dat je - om een of andere reden - de vermelding in software niet meer kan verwijderen, maar dat is op zich geen probleem (behalve visueel) indien de rest van de PC is gehaald.

En die Doctor Spyware is dat misschien Spyware Doctor van PC Tools ?

Link naar reactie
Delen op andere sites

En die Doctor Spyware is dat misschien Spyware Doctor van PC Tools ?

Ja, da's Spyware Doctor :-)

Enig idee wat hiermee te doen (blijkbaar is trouwens alleen de scan gratis, het opschonen van de bestanden betalend :s )

ps: die Conduitengine zal ik verwijderen.

Link naar reactie
Delen op andere sites

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\drivers\pctEFA.sys

c:\windows\system32\drivers\pctDS.sys

c:\windows\system32\drivers\pctgntdi.sys

c:\windows\system32\drivers\PCTCore.sys

c:\windows\system32\drivers\PCTAppEvent.sys

c:\windows\system32\drivers\pctplsg.sys

c:\program files\PC Tools Security\pctsAuxs.exe

Folder::

c:\program files\Common Files\PC Tools

c:\program files\PC Tools Security

c:\documents and settings\Emperor\Application Data\PC Tools

c:\documents and settings\All Users\Application Data\PC Tools

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISTray"=-

Driver::

PCTCore

pctDS

pctEFA

sdAuxService

pctgntdi

PCTAppEvent

pctplsg

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

En dan zou alles van PC Tools verwijderd moeten zijn.

Link naar reactie
Delen op andere sites

  • 2 weken later...
Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.