Volledige versie bekijken : hijackthis log
seane 23 February 2010, 20:21 Hallo, mijn pc reageert trager dan anders en ik vind de oorzaak maar niet..
Malwarebytes' Anti-Malware 1.44
Database version: 3781
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
23/02/2010 18:46:33
mbam-log-2010-02-23 (18-46-33).txt
Scan type: Quick Scan
Objects scanned: 103141
Time elapsed: 2 minute(s), 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:15:09, on 23/02/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telenet.be
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telenet.be
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telenet.be
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlServi ce.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9793 bytes
Mvg,
Sean
seane 26 February 2010, 07:55 Is er iemand die mij hiermee kan helpen?
Emphyrio 26 February 2010, 11:51 Hoi seane,
Het trager werken van een PC hoeft niet steeds op malware te duiden...
Download TFC (http://oldtimer.geekstogo.com/TFC.exe) en sla deze op je Bureaublad op.
Dubbelklik op TFC.exe om het programma te openen.
Het programma zal alle andere programma's sluiten, zorg er dus voor dat je al je werk hebt opgeslagen voordat je verder gaat.
Klik op de knop Start om het programma te starten.
Als het programma klaar is, dan zal het je computer opnieuw opstarten.
Als dit niet gebeurt, start dan je computer handmatig opnieuw op.
Download MalwareBytes' Anti-Malware (http://www.besttechie.net/mbam/mbam-setup.exe) en sla het op je bureaublad op.
Dubbelklik op mbam-setup.exe om het programma te installeren.
Zorg dat er na de installatie een vinkje is geplaatst bij:
Update MalwareBytes' Anti-Malware
Start MalwareBytes' Anti-Malware
Klik daarna op "Voltooien". Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.
Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
Druk vervolgens op "Scannen" om de scan te starten.
Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
Indien MBAM vraagt om een herstart, doe dit dan ook.
Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.
Plaats dit logje
Download DDS.com, DDS.scr of DDS.pif van één van deze locaties en plaats het op je bureaublad:
DDS - Techsupport download (http://www.techsupportforum.com/sectools/sUBs/dds).
DDS - Bleeping download (http://download.bleepingcomputer.com/sUBs/dds.scr).
DDS - Forospyware Download (http://www.forospyware.com/sUBs/dds).
DDS is een diagnosetool en maakt gebruik van scripts. Is het uitvoeren van scripts uitgeschakeld, dan schakel je dit weer in zodat er geen problemen optreden bij gebruik van DDS.
Dubbelklik op DDS om de tool te starten. (afhankelijk van de download die je gekozen hebt kan dit het bestand DDS.com, DDS.scr of DDS.pif zijn)
Wanneer het klaar is openen er twee logfiles: DDS.txt en Attach.txt
Beide logfiles sla je op je bureaublad.
Post de inhoud van DDS.txt.
De inhoud Attach.txt moet je niet posten en Attach.txt moet je niet als bijlage toevoegen aan je post, tenzij ik er om vraag.
Emphyrio :)
seane 26 February 2010, 15:22 Malwarebytes' Anti-Malware 1.44
Database version: 3795
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
26/02/2010 14:17:59
mbam-log-2010-02-26 (14-17-59).txt
Scan type: Quick Scan
Objects scanned: 103296
Time elapsed: 2 minute(s), 13 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
DDS (Ver_09-12-01.01) - NTFSX64
Run by Sean at 14:20:06,75 on vr 26/02/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.32.1043.18.3966.2731 [GMT 1:00]
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlServi ce.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Sean\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.telenet.be
uWindow Title = Telenet Internet
uDefault_Page_URL = hxxp://www.telenet.be
mDefault_Page_URL = hxxp://www.telenet.be
mStart Page = hxxp://www.telenet.be
mLocal Page = c:\windows\syswow64\blank.htm
mWindow Title = Telenet Internet
uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - c:\program files (x86)\devicevm\browser configuration utility\AddressBarSearch.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\micros~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6}
mRun-x64: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
================= FIREFOX ===================
FF - ProfilePath - c:\users\sean\appdata\roaming\mozilla\firefox\prof iles\kitkbdgd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\users\sean\appdata\roaming\mozilla\firefox\prof iles\kitkbdgd.default\extensions\battlefieldheroes patcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\users\sean\appdata\roaming\mozilla\firefox\prof iles\kitkbdgd.default\extensions\devicedetection@l ogitech.com\plugins\npLogitechDeviceDetection.dll
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\asus\assysctrlservice\1.00.02\AsSysCtrlServi ce.exe [2010-2-20 90112]
R2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\devicevm\browser configuration utility\BCUService.exe [2009-10-26 223464]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\x86\ekrn.exe [2009-9-29 735960]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfw wfpr.sys [2009-9-29 123200]
R2 MBAMService;MBAMService;c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe [2010-2-10 236368]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nvPDsvc.exe [2009-7-19 4908576]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-1-11 240232]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\tuneup utilities 2010\TuneUpUtilitiesService64.exe [2010-2-2 1393480]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\intel\intel(r) management engine components\uns\UNS.exe [2010-2-20 2320920]
R2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-11-5 129536]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2010-2-20 56344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [2010-2-10 22104]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-2-20 84584]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-12-19 314400]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\tuneup utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
S3 DrvAgent64;DrvAgent64;c:\windows\syswow64\drivers\ DrvAgent64.SYS [2010-2-20 21712]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2010-2-6 1038088]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 15208]
S3 RivaTuner64;RivaTuner64;c:\program files (x86)\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
S3 TVICHW64;TVICHW64;c:\windows\syswow64\drivers\tvic hw64.sys [2010-2-23 13824]
=============== Created Last 30 ================
2010-02-26 10:57:41 0 d-----w- c:\users\sean\appdata\roaming\Cycling '74
2010-02-26 10:44:57 0 d-----w- c:\program files (x86)\Cycling '74
2010-02-26 09:33:41 34632 ----a-w- c:\windows\system32\TURegOpt.exe
2010-02-26 09:33:39 36168 ----a-w- c:\windows\system32\uxtuneup.dll
2010-02-26 09:33:38 30024 ----a-w- c:\windows\syswow64\uxtuneup.dll
2010-02-26 09:33:38 25928 ----a-w- c:\windows\system32\authuitu.dll
2010-02-26 09:33:38 21320 ----a-w- c:\windows\syswow64\authuitu.dll
2010-02-24 10:00:18 0 d-----w- c:\users\sean\appdata\roaming\Western Digital
2010-02-24 09:59:57 0 d-----w- c:\program files\Western Digital
2010-02-24 09:59:57 0 d-----w- c:\program files (x86)\Western Digital
2010-02-24 09:59:32 0 d-----w- c:\programdata\Western Digital
2010-02-24 09:19:15 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-02-24 09:19:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 09:19:12 716800 ----a-w- c:\windows\syswow64\jscript.dll
2010-02-23 17:35:13 0 d-----w- c:\program files (x86)\Trend Micro
2010-02-23 16:22:40 0 d-----w- c:\program files (x86)\Driver-Soft
2010-02-22 17:18:40 63616 ----a-w- c:\windows\system32\drivers\intelsmb.sys
2010-02-22 17:08:51 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-02-22 17:08:40 40976 ----a-w- c:\windows\system32\drivers\LUsbFilt.sys
2010-02-22 17:08:40 1843216 ----a-w- c:\windows\system32\LkmdfCoInst.dll
2010-02-22 17:02:41 190992 ----a-w- c:\windows\system32\BtCoreIf.dll
2010-02-22 17:02:38 96272 ----a-w- c:\windows\system32\KemXML.dll
2010-02-22 17:02:38 235536 ----a-w- c:\windows\system32\KemUtil.dll
2010-02-22 17:02:38 235536 ----a-w- c:\windows\system32\kemutb.dll
2010-02-22 17:02:38 159248 ----a-w- c:\windows\system32\KemWnd.dll
2010-02-22 17:02:33 0 d-----w- c:\programdata\Logitech
2010-02-22 17:02:17 0 d-----w- c:\program files\Logitech
2010-02-22 16:30:36 0 d-----w- c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2010-02-22 16:16:07 0 d-----w- c:\program files (x86)\Phyxion.net
2010-02-21 20:07:21 0 d-----w- c:\program files (x86)\EVGA Precision
2010-02-21 19:23:57 0 d-----w- c:\program files (x86)\Windows Installer 4.5 SDK
2010-02-21 12:07:20 20 ----a-w- c:\windows\system32\PDBootState
2010-02-20 16:20:53 0 d-----w- c:\programdata\Codemasters
2010-02-20 16:15:50 0 d-----w- c:\program files (x86)\BRS
2010-02-20 16:15:21 0 d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2010-02-20 16:15:07 0 d-----w- c:\program files (x86)\OpenAL
2010-02-20 16:14:57 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2010-02-20 16:14:57 452440 ----a-w- c:\windows\syswow64\d3dx10_40.dll
2010-02-20 16:14:57 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2010-02-20 16:14:57 2036576 ----a-w- c:\windows\syswow64\D3DCompiler_40.dll
2010-02-20 16:14:55 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2010-02-20 16:14:55 4379984 ----a-w- c:\windows\syswow64\D3DX9_40.dll
2010-02-20 16:02:23 0 d-----w- c:\program files (x86)\Codemasters
2010-02-20 14:19:31 84584 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2010-02-20 14:19:31 22528 ----a-w- c:\windows\system32\nvhdap64.dll
2010-02-20 13:49:47 0 d-----w- c:\windows\system32\SmartDoc552
2010-02-20 11:58:26 8388608 ----a-w- c:\windows\P7H55-M-PRO-ASUS-0401.ROM
2010-02-20 11:37:49 3011052 ----a-w- c:\windows\P7H55-M-PRO-ASUS-0401.zip
2010-02-20 11:23:04 0 d-----w- c:\program files (x86)\GIGABYTE
2010-02-20 11:22:08 649832 ----a-w- c:\windows\system32\nvuninst.exe
2010-02-20 11:21:57 199272 ----a-w- c:\windows\system32\nvcohda6.dll
2010-02-20 11:21:56 645224 ----a-w- c:\windows\system32\nvuhda6.exe
2010-02-20 11:21:55 1481 ----a-w- c:\windows\system32\nvhda.nvu
2010-02-20 11:21:54 0 d-----w- C:\NVIDIA
2010-02-20 11:21:28 0 d-----w- c:\program files (x86)\NVIDIA Corporation
2010-02-20 11:20:10 0 d-----w- c:\program files (x86)\common files\Wise Installation Wizard
2010-02-20 11:19:51 645736 ----a-w- c:\windows\system32\nvudisp.exe
2010-02-20 11:19:50 14646 ----a-w- c:\windows\system32\nvdisp.nvu
2010-02-20 11:11:01 0 d--h--w- c:\program files (x86)\DeviceVM
2010-02-20 11:06:40 0 d-----w- c:\programdata\ASUS OC Profiles
2010-02-20 11:03:48 0 d-----w- c:\program files (x86)\common files\postureAgent
2010-02-20 11:03:32 56344 ----a-w- c:\windows\system32\drivers\HECIx64.sys
2010-02-20 11:03:03 0 d-----w- c:\program files\Realtek
2010-02-20 11:02:36 0 d-----w- c:\program files (x86)\Realtek
2010-02-20 11:02:32 0 d--h--w- c:\program files (x86)\Temp
2010-02-20 11:00:01 24576 ----a-r- c:\windows\syswow64\AsIO.dll
2010-02-20 10:59:54 0 d-----w- c:\program files (x86)\ASUS
2010-02-20 10:58:30 28210 ----a-w- c:\windows\Ascd_tmp.ini
2010-02-20 10:22:45 53248 ----a-w- c:\windows\syswow64\CSVer.dll
2010-02-20 10:22:27 1769 ----a-w- c:\windows\Language_trs.ini
2010-02-20 10:22:27 0 d-----w- C:\Intel
2010-02-19 15:52:57 0 d-----w- c:\users\sean\appdata\roaming\Ubisoft
2010-02-19 15:52:16 0 d-----w- c:\programdata\Ubisoft
2010-02-18 17:06:19 0 d-----w- c:\programdata\Apple Computer
2010-02-18 17:05:51 0 d-----w- c:\programdata\Apple
2010-02-14 19:04:15 0 d-----w- c:\users\sean\appdata\roaming\URSoft
2010-02-14 19:04:07 0 d-----w- c:\program files (x86)\Your Uninstaller 2010
2010-02-14 12:36:18 0 d-----w- c:\programdata\Innovative Solutions
2010-02-14 12:36:13 0 d-----w- c:\program files (x86)\Innovative Solutions
2010-02-13 09:55:19 65536 --sha-w- c:\users\sean\ntuser.dat{8d013646-1885-11df-84bd-806e6f6e6963}.TM.blf
2010-02-13 09:55:19 524288 --sha-w- c:\users\sean\ntuser.dat{8d013646-1885-11df-84bd-806e6f6e6963}.TMContainer00000000000000000002.regt rans-ms
2010-02-13 09:55:19 524288 --sha-w- c:\users\sean\ntuser.dat{8d013646-1885-11df-84bd-806e6f6e6963}.TMContainer00000000000000000001.regt rans-ms
2010-02-11 19:46:47 0 d-----w- c:\programdata\Raxco
2010-02-11 19:46:47 0 d-----w- c:\program files\Raxco
2010-02-11 19:46:19 0 d-----w- c:\program files (x86)\Raxco
2010-02-11 18:45:34 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-02-11 18:02:30 65536 --sha-w- c:\users\sean\ntuser.dat{46969d23-1737-11df-be38-806e6f6e6963}.TM.blf
2010-02-11 18:02:30 524288 --sha-w- c:\users\sean\ntuser.dat{46969d23-1737-11df-be38-806e6f6e6963}.TMContainer00000000000000000002.regt rans-ms
2010-02-11 18:02:30 524288 --sha-w- c:\users\sean\ntuser.dat{46969d23-1737-11df-be38-806e6f6e6963}.TMContainer00000000000000000001.regt rans-ms
2010-02-11 18:01:43 0 --sha-w- c:\users\sean\NTUSER.DAT_tureg_new.LOG2
2010-02-11 18:01:43 0 --sha-w- c:\users\sean\NTUSER.DAT_tureg_new.LOG1
2010-02-10 15:54:33 0 d-----w- c:\program files (x86)\Microsoft WSE
2010-02-10 13:58:19 0 d-----w- c:\programdata\Lavasoft
2010-02-10 13:58:19 0 d-----w- c:\program files (x86)\Lavasoft
2010-02-10 13:47:02 0 d-----w- c:\users\sean\appdata\roaming\Malwarebytes
2010-02-10 13:46:58 0 d-----w- c:\programdata\Malwarebytes
2010-02-10 13:46:57 22104 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-10 13:46:57 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-02-10 13:01:15 16 ----a-w- c:\windows\syswow64\w3data.vss
2010-02-10 13:01:15 16 ----a-w- c:\windows\syswow64\msvcsv60.dll
2010-02-10 13:01:15 16 ----a-w- c:\windows\msocreg32.dat
2010-02-10 13:01:10 499712 ----a-w- c:\windows\syswow64\msvcp71.dll
2010-02-10 13:01:10 348160 ----a-w- c:\windows\syswow64\msvcr71.dll
2010-02-10 13:00:59 0 d-----w- c:\program files (x86)\common files\DigiDesign
2010-02-10 13:00:55 0 d-----w- c:\program files (x86)\Steinberg
2010-02-10 13:00:51 0 d-----w- c:\program files (x86)\IK Multimedia
2010-02-10 13:00:40 0 d-----w- c:\programdata\IK Multimedia
2010-02-09 18:15:39 0 d-----w- c:\programdata\NCH Swift Sound
2010-02-09 18:15:36 0 d-----w- c:\program files (x86)\NCH Swift Sound
2010-02-08 16:44:32 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-08 16:42:23 0 d-----w- c:\windows\syswow64\directx
2010-02-08 16:39:17 0 d-----w- c:\program files\MPC HomeCinema (x64)
2010-02-08 15:12:29 0 d-----w- c:\users\sean\appdata\roaming\LolClient.F24C99354F 615F3BAB18AE7B93E3F9B9E8784FA6.1
2010-02-08 14:17:37 0 d-----w- c:\program files (x86)\Hothead Games
2010-02-08 14:03:52 68616 ----a-w- c:\windows\syswow64\XAPOFX1_1.dll
2010-02-08 14:03:52 509448 ----a-w- c:\windows\syswow64\XAudio2_2.dll
2010-02-08 14:03:52 467984 ----a-w- c:\windows\syswow64\d3dx10_39.dll
2010-02-08 14:03:52 3851784 ----a-w- c:\windows\syswow64\D3DX9_39.dll
2010-02-08 14:03:52 1493528 ----a-w- c:\windows\syswow64\D3DCompiler_39.dll
2010-02-07 18:19:01 0 d-----w- c:\program files (x86)\CCleaner
2010-02-07 14:41:48 70992 ----a-w- c:\windows\syswow64\XAPOFX1_2.dll
2010-02-07 14:41:48 65032 ----a-w- c:\windows\syswow64\XAPOFX1_0.dll
2010-02-07 14:41:48 514384 ----a-w- c:\windows\syswow64\XAudio2_3.dll
2010-02-07 14:41:48 507400 ----a-w- c:\windows\syswow64\XAudio2_1.dll
2010-02-07 14:41:48 235856 ----a-w- c:\windows\syswow64\xactengine3_3.dll
2010-02-07 14:41:48 23376 ----a-w- c:\windows\syswow64\X3DAudio1_5.dll
2010-02-07 14:41:47 467984 ----a-w- c:\windows\syswow64\d3dx10_38.dll
2010-02-07 14:41:47 3850760 ----a-w- c:\windows\syswow64\D3DX9_38.dll
2010-02-07 14:41:47 25608 ----a-w- c:\windows\syswow64\X3DAudio1_4.dll
2010-02-07 14:41:47 238088 ----a-w- c:\windows\syswow64\xactengine3_1.dll
2010-02-07 14:41:47 1491992 ----a-w- c:\windows\syswow64\D3DCompiler_38.dll
2010-02-07 12:53:30 0 d-----w- c:\programdata\Soulseek
2010-02-07 12:53:15 0 d-----w- c:\program files (x86)\SoulseekNS
2010-02-07 12:00:14 0 d-----w- c:\program files (x86)\Winamp Detect
2010-02-07 12:00:10 0 d-----w- c:\program files (x86)\common files\PX Storage Engine
2010-02-07 00:37:01 0 d-----w- c:\programdata\Ableton
2010-02-07 00:34:06 0 d-----w- c:\users\sean\appdata\roaming\Ableton
2010-02-07 00:32:41 368640 ----a-w- c:\windows\syswow64\ReWire.dll
2010-02-07 00:32:41 233472 ----a-w- c:\windows\syswow64\REX Shared Library.dll
2010-02-07 00:31:06 0 d-----w- c:\program files (x86)\Ableton
2010-02-07 00:23:13 0 d-----w- c:\users\sean\Library
2010-02-07 00:19:18 0 d-----w- c:\programdata\FLEXnet
2010-02-06 22:41:35 0 d-----w- c:\program files\common files\Macrovision Shared
2010-02-06 22:40:13 0 d-----w- c:\program files (x86)\common files\Macrovision Shared
2010-02-06 22:25:47 0 d-----w- C:\AdobeTemp
2010-02-06 22:15:57 0 d-----w- c:\program files (x86)\Windows Installer Clean Up
2010-02-06 22:00:21 0 d-----w- c:\program files\Adobe
2010-02-06 21:57:58 0 d-----w- c:\windows\syswow64\spool
2010-02-06 21:56:45 0 d-----w- c:\program files\common files\Adobe
2010-02-06 21:55:56 0 d-----w- c:\programdata\Adobe
2010-02-06 19:43:18 190160 ----a-w- c:\windows\syswow64\PnkBstrB.xtr
2010-02-06 19:40:16 190160 ----a-w- c:\windows\syswow64\PnkBstrB.exe
2010-02-06 19:40:15 75064 ----a-w- c:\windows\syswow64\PnkBstrA.exe
2010-02-06 19:40:15 2395944 ----a-w- c:\windows\syswow64\pbsvc_heroes.exe
2010-02-06 19:34:46 0 d-----w- c:\program files (x86)\EA Games
2010-02-06 19:04:43 4767 ----a-w- c:\windows\Irremote.ini
2010-02-06 18:55:40 0 d-----w- c:\program files (x86)\Nero
2010-02-06 18:55:20 0 d-----w- c:\programdata\Nero
2010-02-06 18:54:51 2388176 ----a-w- c:\windows\syswow64\d3dx9_30.dll
2010-02-06 16:05:13 0 d-----w- c:\users\sean\appdata\roaming\TuneUp Software
2010-02-06 16:05:07 0 d-----w- c:\program files (x86)\TuneUp Utilities 2010
2010-02-06 16:04:47 0 d-----w- c:\programdata\TuneUp Software
2010-02-06 16:04:38 0 d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-02-06 15:44:30 0 d-----w- c:\program files (x86)\MSECache
2010-02-06 15:15:57 0 d-----w- c:\windows\PCHEALTH
2010-02-06 15:14:34 0 d-----w- c:\program files\Microsoft Office
2010-02-06 15:14:30 0 d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2010-02-06 15:00:49 90544 ----a-w- c:\windows\system32\drivers\scdemu.sys
2010-02-06 15:00:49 0 d-----w- c:\program files (x86)\PowerISO
2010-02-06 13:50:35 0 d---a-w- c:\programdata\TEMP
2010-02-06 13:50:26 0 d-----w- c:\program files (x86)\SpywareBlaster
2010-02-06 13:23:17 65536 --sha-w- c:\users\sean\ntuser.dat{b8829ebd-1322-11df-b2e6-e0cb4ec3e6e1}.TM.blf
2010-02-06 13:23:17 524288 --sha-w- c:\users\sean\ntuser.dat{b8829ebd-1322-11df-b2e6-e0cb4ec3e6e1}.TMContainer00000000000000000002.regt rans-ms
2010-02-06 13:23:17 524288 --sha-w- c:\users\sean\ntuser.dat{b8829ebd-1322-11df-b2e6-e0cb4ec3e6e1}.TMContainer00000000000000000001.regt rans-ms
2010-02-06 10:14:15 0 d-----w- c:\program files (x86)\Secunia
2010-02-06 10:04:35 0 d-----w- c:\programdata\BVRP Software
2010-02-06 10:03:39 0 d-----w- c:\programdata\Sony Ericsson
2010-02-06 10:03:39 0 d-----w- c:\program files (x86)\Sony Ericsson
2010-02-06 09:00:22 0 d-----w- c:\users\sean\Tracing
2010-02-06 09:00:08 0 d-----w- c:\program files (x86)\Microsoft Office Outlook Connector
2010-02-06 08:59:22 0 d-----w- c:\program files (x86)\Microsoft
2010-02-06 08:59:07 0 d-----w- c:\program files (x86)\Windows Live SkyDrive
2010-02-06 08:56:44 0 d-----w- c:\program files (x86)\common files\Windows Live
2010-02-06 08:43:35 0 d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2010-02-06 08:32:36 0 d-----w- c:\program files (x86)\MSXML 4.0
2010-02-06 08:24:24 0 d-----w- c:\windows\pss
2010-02-06 08:22:51 0 d-----w- c:\windows\system32\appmgmt
2010-02-06 08:09:04 9526 ----a-w- c:\windows\animsmalN.bmp
2010-02-06 08:09:04 335 ----a-w- c:\windows\mozregistry.dat
2010-02-06 08:09:04 2598 ----a-w- c:\windows\big static.bmp
2010-02-06 08:09:04 25398 ----a-w- c:\windows\animbigN.bmp
2010-02-06 08:09:04 1606 ----a-w- c:\windows\small static.bmp
2010-02-06 08:09:04 0 d-----w- c:\program files (x86)\Qualcomm
2010-02-06 08:09:04 0 d-----w- c:\program files (x86)\Netscape
2010-02-06 08:08:58 9728 ----a-w- c:\windows\syswow64\rnaph.dll
2010-02-06 07:47:18 0 d-----w- c:\programdata\Microsoft Help
2010-02-06 07:27:34 0 d-----w- c:\program files\WinRAR
2010-02-06 07:18:46 0 d-----w- c:\programdata\TomTom
2010-02-06 07:18:37 0 d-----w- c:\users\sean\appdata\roaming\TomTom
2010-02-06 07:18:34 0 d-----w- c:\program files (x86)\TomTom International B.V
2010-02-06 07:18:28 0 d-----w- c:\program files (x86)\TomTom HOME 2
2010-02-06 07:15:37 0 d-----w- c:\program files (x86)\TomTom DesktopSuite
2010-02-06 07:15:02 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_ 00.Wdf
2010-02-06 07:08:37 428 ----a-w- c:\windows\MAXLINK.INI
2010-02-06 07:08:37 0 d-----w- c:\programdata\InstallShield
2010-02-06 07:08:23 0 d-----w- c:\programdata\ScanSoft
2010-02-06 07:08:23 0 d-----w- c:\program files (x86)\common files\ScanSoft Shared
2010-02-06 07:07:08 0 d-----w- c:\program files (x86)\ScanSoft
2010-02-06 07:01:47 212480 ----a-w- c:\windows\PCDLIB32.DLL
2010-02-06 07:01:17 0 d-----w- c:\program files\common files\CANON
2010-02-06 06:59:31 0 d--h--w- c:\programdata\CanonBJ
2010-02-06 06:59:12 234496 ----a-w- c:\windows\system32\CNMLM83.DLL
2010-02-06 06:59:05 17408 ----a-w- c:\windows\system32\cnco160.dll
2010-02-06 06:59:03 90624 ----a-w- c:\windows\system32\CNCL160.DLL
2010-02-06 06:59:03 49664 ----a-w- c:\windows\system32\CNCI160.DLL
2010-02-06 06:59:02 1336320 ----a-w- c:\windows\system32\CNCC160.DLL
2010-02-06 06:58:48 0 d--h--w- c:\program files\CanonBJ
2010-02-06 06:57:25 0 d-----w- c:\program files (x86)\Canon
2010-02-06 06:33:43 0 d-----w- c:\windows\syswow64\Macromed
2010-02-06 06:31:51 0 d-----w- c:\program files (x86)\SystemRequirementsLab
2010-02-06 06:28:34 0 d-----w- c:\program files (x86)\common files\Logitech
2010-02-06 06:24:54 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_0 1005.Wdf
2010-02-06 06:24:41 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_0 1005.Wdf
2010-02-06 06:24:36 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_0 1005.Wdf
2010-02-06 06:23:47 0 d-----w- c:\program files\common files\Logishrd
2010-02-06 06:23:29 0 d-----w- c:\programdata\LogiShrd
2010-02-06 06:13:32 0 d-----w- c:\programdata\ESET
2010-02-06 06:13:32 0 d-----w- c:\program files\ESET
2010-02-06 06:01:30 0 d-----w- c:\program files (x86)\uTorrent
2010-02-06 06:00:14 0 d-----w- c:\users\sean\appdata\roaming\uTorrent
2010-02-05 21:38:43 0 d-----w- c:\programdata\NVIDIA
2010-02-05 21:34:18 311808 ----a-w- c:\windows\system32\msv1_0.dll
2010-02-05 21:34:18 257024 ----a-w- c:\windows\syswow64\msv1_0.dll
2010-02-05 21:33:21 0 d-sh--w- c:\windows\Installer
2010-02-05 21:33:19 0 d-----w- c:\program files\NVIDIA Corporation
2010-02-05 21:29:43 212864 ------w- c:\windows\system32\MpSigStub.exe
2010-02-05 21:10:59 0 d-----w- C:\WINDOWS 7 ACTIVEREN.EXE
2010-02-05 21:02:56 0 d-sh--we c:\programdata\Sjablonen
2010-02-05 21:02:56 0 d-sh--we c:\programdata\Menu Start
2010-02-05 21:02:56 0 d-sh--we c:\programdata\Favorieten
2010-02-05 21:02:56 0 d-sh--we c:\programdata\Documenten
2010-02-05 21:02:56 0 d-sh--we c:\programdata\Bureaublad
2010-02-05 21:02:56 0 d-sh--w- C:\Recovery
2010-02-05 16:59:05 0 d-----w- c:\windows\Panther
==================== Find3M ====================
2010-02-26 13:17:55 691490 ----a-w- c:\windows\system32\perfh013.dat
2010-02-26 13:17:55 130026 ----a-w- c:\windows\system32\perfc013.dat
2010-02-24 10:48:27 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2010-02-24 10:48:27 445016 ----a-w- c:\windows\syswow64\wrap_oal.dll
2010-02-24 10:48:27 122968 ----a-w- c:\windows\system32\OpenAL32.dll
2010-02-24 10:48:27 109144 ----a-w- c:\windows\syswow64\OpenAL32.dll
2010-02-08 17:47:28 332320 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2010-02-08 17:47:28 1872416 ----a-w- c:\windows\system32\RtPgEx64.dll
2010-02-08 17:47:22 149536 ----a-w- c:\windows\system32\RtkCfg64.dll
2010-02-08 17:47:16 477216 ----a-w- c:\windows\system32\RtkApi64.dll
2010-02-08 17:47:16 1631776 ----a-w- c:\windows\system32\RtkAPO64.dll
2010-02-08 17:47:16 1209376 ----a-w- c:\windows\system32\RTCOM64.dll
2010-02-08 17:47:10 69152 ----a-w- c:\windows\system32\RCoInst64.dll
2010-02-08 17:24:56 2267552 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2010-02-04 09:01:14 74072 ----a-w- c:\windows\syswow64\XAPOFX1_4.dll
2010-02-04 09:01:14 530776 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 09:01:14 528216 ----a-w- c:\windows\syswow64\XAudio2_6.dll
2010-02-04 09:01:14 24920 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-02-04 09:01:14 238936 ----a-w- c:\windows\syswow64\xactengine3_6.dll
2010-02-04 09:01:14 22360 ----a-w- c:\windows\syswow64\X3DAudio1_7.dll
2010-02-04 09:01:14 176984 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-01 15:14:54 1247776 ----a-w- c:\windows\RtlExUpd.dll
2010-01-28 11:23:38 325904 ----a-w- c:\windows\system32\MaxxAudioAPO20.dll
2010-01-26 13:09:26 260872 ----a-w- c:\windows\system32\PDBoot.exe
2010-01-26 10:38:36 168288 ----a-w- c:\windows\system32\AERTAC64.dll
2010-01-25 18:12:50 321440 ----a-w- c:\windows\system32\FMAPO64.dll
2010-01-19 09:05:57 424960 ----a-w- c:\windows\system32\secproc.dll
2010-01-19 09:05:57 422912 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-19 09:05:57 121856 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-19 09:05:57 121856 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-19 09:00:44 305152 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-19 09:00:43 357888 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-19 09:00:37 356352 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-19 09:00:37 306688 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-18 23:29:31 85504 ----a-w- c:\windows\syswow64\secproc_ssp_isv.dll
2010-01-18 23:29:31 85504 ----a-w- c:\windows\syswow64\secproc_ssp.dll
2010-01-18 23:29:31 365568 ----a-w- c:\windows\syswow64\secproc_isv.dll
2010-01-18 23:29:30 369152 ----a-w- c:\windows\syswow64\secproc.dll
2010-01-18 23:28:33 324608 ----a-w- c:\windows\syswow64\RMActivate_isv.exe
2010-01-18 23:28:33 277504 ----a-w- c:\windows\syswow64\RMActivate_ssp_isv.exe
2010-01-18 23:28:30 320512 ----a-w- c:\windows\syswow64\RMActivate.exe
2010-01-18 23:28:30 280064 ----a-w- c:\windows\syswow64\RMActivate_ssp.exe
2010-01-11 22:19:00 61032 ----a-w- c:\windows\system32\nvshext.dll
2010-01-11 22:19:00 159336 ----a-w- c:\windows\system32\nvvsvc.exe
2010-01-11 22:19:00 1515112 ----a-w- c:\windows\system32\nvsvcr.dll
2010-01-11 22:19:00 14822504 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-11 22:19:00 116328 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-11 22:19:00 1037416 ----a-w- c:\windows\system32\nvsvc64.dll
2010-01-11 07:12:38 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-01-08 03:38:32 285696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:38:28 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-01-05 12:41:08 474896 ----a-w- c:\windows\system32\DTSVoiceClarityDLL64.dll
2010-01-05 12:41:00 1325328 ----a-w- c:\windows\system32\DTSS2SpeakerDLL64.dll
2010-01-05 12:40:56 1178384 ----a-w- c:\windows\system32\DTSS2HeadphoneDLL64.dll
2010-01-05 12:40:52 315152 ----a-w- c:\windows\system32\DTSNeoPCDLL64.dll
2010-01-05 12:40:48 268560 ----a-w- c:\windows\system32\DTSLimiterDLL64.dll
2010-01-05 12:40:44 123664 ----a-w- c:\windows\system32\DTSLFXAPO64.dll
2010-01-05 12:40:34 123152 ----a-w- c:\windows\system32\DTSGFXAPO64.dll
2010-01-05 12:40:30 265488 ----a-w- c:\windows\system32\DTSGainCompensatorDLL64.dll
2010-01-05 12:40:26 1110800 ----a-w- c:\windows\system32\DTSBoostDLL64.dll
2010-01-05 12:40:22 504592 ----a-w- c:\windows\system32\DTSBassEnhancementDLL64.dll
2009-12-22 08:36:19 243200 ----a-w- c:\windows\system32\wow64.dll
2009-12-22 08:24:35 14336 ----a-w- c:\windows\syswow64\ntvdm64.dll
2009-12-22 08:23:35 25600 ----a-w- c:\windows\syswow64\setup16.exe
2009-12-22 08:22:10 5120 ----a-w- c:\windows\syswow64\wow32.dll
2009-12-22 04:28:10 7680 ----a-w- c:\windows\syswow64\instnm.exe
2009-12-22 04:28:08 2048 ----a-w- c:\windows\syswow64\user.exe
2009-12-19 09:51:24 1192960 ----a-w- c:\windows\system32\wininet.dll
2009-12-19 09:50:56 14848 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:49:47 1572352 ----a-w- c:\windows\system32\quartz.dll
2009-12-19 09:47:56 25088 ----a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:47:53 38912 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:47:46 16384 ----a-w- c:\windows\system32\msrle32.dll
2009-12-19 09:46:35 54272 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-15 17:26:40 99016 ----a-w- c:\windows\system32\RTEEL64A.dll
2009-12-15 17:26:40 76488 ----a-w- c:\windows\system32\RTEEG64A.dll
2009-12-15 17:26:40 372936 ----a-w- c:\windows\system32\RTEEP64A.dll
2009-12-15 17:26:40 201928 ----a-w- c:\windows\system32\RTEED64A.dll
2009-12-13 09:46:36 960512 ----a-w- c:\windows\system32\CPFilters.dll
2009-12-13 09:46:36 613888 ----a-w- c:\windows\system32\psisdecd.dll
2009-12-13 09:46:34 552960 ----a-w- c:\windows\system32\msdri.dll
2009-12-13 09:30:50 641536 ----a-w- c:\windows\syswow64\CPFilters.dll
2009-12-13 09:30:50 465408 ----a-w- c:\windows\syswow64\psisdecd.dll
2009-12-11 08:55:46 307920 ----a-w- c:\windows\system32\RP3DHT64.dll
2009-12-11 08:55:46 307920 ----a-w- c:\windows\system32\RP3DAA64.dll
2009-12-03 08:27:28 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2009-12-03 08:27:28 104480 ----a-w- c:\windows\system32\RTNUninst64.dll
2009-11-30 17:02:40 171144 ----a-w- c:\windows\syswow64\xliveinstall.dll
2009-11-30 17:02:38 72840 ----a-w- c:\windows\syswow64\xliveinstallhost.exe
2009-07-14 09:16:01 43068 ----a-w- c:\windows\inf\perflib\0413\perfd.dat
2009-07-14 09:16:01 43068 ----a-w- c:\windows\inf\perflib\0413\perfc.dat
2009-07-14 09:16:01 341322 ----a-w- c:\windows\inf\perflib\0413\perfi.dat
2009-07-14 09:16:01 341322 ----a-w- c:\windows\inf\perflib\0413\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f6 96639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb 108c86c\WinMail.exe
============= FINISH: 14:20:23,93 ===============
Alvast bedankt om te antwoorden!
Emphyrio 26 February 2010, 15:36 Hoi seane,
Ik kan niets "ongewoons" vinden in je logs.
Ik zie tevens dat je geberuik maakt van TU, misschien teveel "opgeruimd" ?
Voer dit eens even uit :
Download of Update Ccleaner (http://www.piriform.com/ccleaner/download/standard)
Start CCleaner op.
Run Ccleaner en klik in de linkse kolom op Opties
Selecteer het tabblad Geavanceerd
Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
Klik in de linkse kolom op Cleaner.
Klik dan achtereenvolgens op Analyseer en Schoonmaken.
Klik vervolgens in de linkse kolom op Register
Klik op Scan naar problemen.
Als er fouten gevonden worden klik je op Herstel geselecteerde problemen en OK
Download Dr.Web CureIt (http://ftp.drweb.com/pub/drweb/cureit/cureit.exe) en sla het op je bureaublad op. Dubbelklik drweb-cureit.exe en sta het toe om te express scan te starten.
Indien er een popup verschijnt met het voorstel tot kopen/50% korting mag je deze sluiten. De express scan zal de bestanden scannen die momenteel in het geheugen geladen zijn. Wanneer er iets gevonden wordt klik op 'alles selecteren' kies nu voor 'repareren' en uit het kleine menutje dat verschijnt kies je 'verplaatsen'. Kies bovenaan in het menu voor Language/Taal en wijzig deze naar Dutch (Nederlands) indien deze bij jou anders staat ingesteld. Druk op F9, kies daarna voor het tabblad Acties en stel daar het volgende in onder Malware: Adware: Verplaats Dialers: Verplaats Jokes: Rapportage Riskware: Rapportage Hacktools: Verplaats Haal dan het vinkje weg bij 'Prompt bij actie'. Kies daarna voor het tabblad Scan en verwijder het vinkje bij Heuristische analyse.
Druk vervolgens op Toepassen gevolgd door OK. Eenmaal als de korte scan is beëindigd vink je aan: Volledige scan.
Druk daarna op het groene pijltje (start knop) om de scan te starten. Gevonden bestanden worden naar '%USERPROFILE%\DocterWeb\Quarantine' -map verplaatst indien het herstellen niet mogelijk is. Nadat de scan gedaan is ga dan naar Bestand en kies Rapportage lijst opslaan.
Bewaar deze op je bureaublad en sluit daarna Dr.Web CureIt.. Herstart vervolgens de computer!! Dit is een belangrijke stap want het kan zijn dat Dr.Web CureIt bestanden zal verplaatsen/verwijderen tijdens herstart. Na het herstarten, kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.
Emphyrio :)
seane 27 February 2010, 02:08 De scan heeft niets opgeleverd, maar met al die schoonmaakprogramma's te laten draaien werkt mijn pc terug goed.. bedankt voor alle hulp!
Mvg,
Sean
Emphyrio 27 February 2010, 10:59 Graag gedaan :)
Emphyrio :)
|
|