Vraag & Antwoord

Beveiliging & privacy

Hijackthis

5 antwoorden
  • Nadat ik tehoren kreeg van AVG dat ik een virus had, heb ik mijn pc geheel laten scannen door zowel AVG als Malwarebytes. Nu heb ik Hijackthis een logje laten maken en zou willen vragen of er mensen zijn die deze kunnen nakijken. Alvast bedankt, Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:59:33, on 19-7-2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: D:\Games\Steam\Steam.exe C:\Program Files (x86)\AVG\AVG9\avgtray.exe C:\Program Files (x86)\Winamp\winampa.exe C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe C:\Program Files (x86)\Xfire\Xfire.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\PowerISO\PWRISOVM.EXE C:\Users\Niek\AppData\Local\Temp\geurge.exe C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\Niek\Downloads\drivers\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.undamed-wow.com/dovote.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll O3 - Toolbar: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [ewrgetuj] C:\Users\Niek\AppData\Local\Temp\geurge.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Steam] "D:\Games\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [RGSC] D:\Games\Grand Theft Auto IV\Rockstar Games Social Club\RGSCLauncher.exe /silent O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{DE7491F4-0EAC-4644-B1A3-CA57E5D2746B}: NameServer = 212.54.40.25,212.54.35.25 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll O20 - AppInit_DLLs: avgrssta.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASP.NET-statusservice (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SCM_Service - Unknown owner - C:\Windows\SysWOW64\WinService.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11169 bytes
  • Hallo Niek, je hebt windows 7 64-bit en HijackThis kan nog steeds niet goed met 64-bit Windows overweg. Dus doe het volgende: [b:69ec96d516]download [url=http://download.bleepingcomputer.com/sUBs/dds.scr]DDS.scr (klick)[/url] naar je bureaublad.[/b:69ec96d516] [list:69ec96d516][*:69ec96d516] [b:69ec96d516]Gebruikers van Windows Vista en Windows 7 starten het tool middels rechtsklik en daarbij dan kiezend voor Als Administrator uitvoeren![/b:69ec96d516] [*:69ec96d516] Sluit eerst alle vensters om daarna dds.scr dubbelklikken - wacht tot de scan klaar is. [*:69ec96d516] Na de scan worden twee tekstdocumnenten geopend - post de inhoud van beide logs![/list:u:69ec96d516]
  • DDS (Ver_10-03-17.01) - NTFSX64 Run by Niek at 17:40:04,60 on ma 19-07-2010 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18 Microsoft Windows 7 Professional 6.1.7600.0.1252.31.1043.18.3957.2559 [GMT 2:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Program Files (x86)\AVG\AVG9\avgchsva.exe C:\Program Files (x86)\AVG\AVG9\avgrsa.exe C:\Windows\system32\lsm.exe C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\SysWOW64\ZoneLabs\vsmon.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe C:\Windows\system32\Dwm.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\SysWOW64\WinService.exe D:\Games\Steam\Steam.exe C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe C:\Program Files (x86)\Xfire\Xfire.exe C:\Program Files (x86)\AVG\AVG9\avgemc.exe C:\Program Files (x86)\AVG\AVG9\avgnsa.exe C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe C:\Program Files (x86)\Xfire\xfire64.exe C:\Program Files (x86)\AVG\AVG9\avgtray.exe C:\Program Files (x86)\Winamp\winampa.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\PowerISO\PWRISOVM.EXE C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Xfire\xfire64.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files\CheckPoint\ZAForceField\ForceField.exe C:\Windows\system32\wbem\wmiprvse.exe c:\program files (x86)\common files\installshield\updateservice\isuspm.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\agent.exe C:\Windows\system32\sppsvc.exe C:\Windows\system32\taskhost.exe C:\Users\Niek\Downloads\dds.scr C:\Windows\system32\conhost.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.undamed-wow.com/dovote.html mLocal Page = c:\windows\syswow64\blank.htm uURLSearchHooks: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files (x86)\zonealarm\tbZone.dll mURLSearchHooks: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files (x86)\zonealarm\tbZone.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files (x86)\zonealarm\tbZone.dll BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\wow64\trustchecker\bin\TrustCheckerIEPlugin.dll BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\wow64\trustchecker\bin\TrustCheckerIEPlugin.dll TB: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files (x86)\zonealarm\tbZone.dll uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background uRun: [Steam] "d:\games\steam\Steam.exe" -silent uRun: [ISUSPM Startup] c:\progra~2\common~1\instal~1\update~1\isuspm.exe -startup uRun: [DAEMON Tools Lite] "c:\program files (x86)\daemon tools lite\DTLite.exe" -autorun uRun: [RGSC] d:\games\grand theft auto iv\rockstar games social club\RGSCLauncher.exe /silent mRun: [IMSS] "c:\program files (x86)\intel\intel(r) management engine components\imss\PIconStartup.exe" mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe mRun: [WinampAgent] "c:\program files (x86)\winamp\winampa.exe" mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [ISUSScheduler] "c:\program files (x86)\common files\installshield\updateservice\issch.exe" -start mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe" mRun: [PWRISOVM.EXE] c:\program files (x86)\poweriso\PWRISOVM.EXE mRun: [ZoneAlarm Client] "c:\program files (x86)\zone labs\zonealarm\zlclient.exe" StartupFolder: c:\users\niek\appdata\roaming\micros~1\windows\startm~1\programs\startup\xfire.lnk - c:\program files (x86)\xfire\Xfire.exe StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files (x86)\microsoft office\office10\OSA.EXE StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files (x86)\netgear\wg111v2\WG111v2.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xporteren naar Microsoft Excel - c:\progra~2\micros~3\office10\EXCEL.EXE/3000 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: {DE7491F4-0EAC-4644-B1A3-CA57E5D2746B} = 212.54.40.25,212.54.35.25 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll AppInit_DLLs: avgrssta.dll {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe -s mRun-x64: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden" AppInit_DLLs-X64: avgrssta.dll ================= FIREFOX =================== FF - ProfilePath - c:\users\niek\appdata\roaming\mozilla\firefox\profiles\jm2wiapd.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - www.google.nl FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?PC=BRTH&FORM=BT074D&q= FF - component: c:\program files\checkpoint\zaforcefield\wow64\trustchecker\components\TrustCheckerMozillaPlugin.dll FF - component: c:\users\niek\appdata\roaming\mozilla\firefox\profiles\jm2wiapd.default\extensions\{9e1d7c80-43d1-11db-b0de-0800200c9a66}\components\TSHelper.dll FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\program files\checkpoint\zaforcefield\wow64\trustchecker\bin\npFFApi.dll FF - plugin: c:\users\niek\appdata\roaming\mozilla\firefox\profiles\jm2wiapd.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2010-7-15 25312] R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2010-3-27 269904] R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2010-3-27 35536] R1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2010-3-27 317520] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 59904] R2 avg9emc;AVG Free E-mail Scanner;c:\program files (x86)\avg\avg9\avgemc.exe [2010-7-17 921440] R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-7-17 308136] R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-10-14 33008] R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-10-14 823272] R2 SCM_Service;SCM_Service;c:\windows\syswow64\WinService.exe [2010-7-15 186848] R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\intel\intel(r) management engine components\uns\UNS.exe [2010-3-27 2320920] R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k62x64.sys [2009-12-10 294064] R3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2009-9-17 56344] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-3-27 84584] S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?] S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-10-12 50072] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v2.sys [2010-7-15 450048] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136] S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-16 50176] S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-29 1255736] =============== Created Last 30 ================ 2010-07-18 21:10:32 0 d-----w- c:\program files (x86)\Conduit 2010-07-18 21:10:31 0 d-----w- c:\program files (x86)\ZoneAlarm 2010-07-18 21:09:39 374664 ----a-w- c:\windows\system32\drivers\netio.sys 2010-07-18 21:09:39 1898376 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-07-18 21:09:05 69120 ----a-w- c:\windows\syswow64\zlcomm.dll 2010-07-18 21:09:05 103936 ----a-w- c:\windows\syswow64\zlcommdb.dll 2010-07-18 21:09:01 43008 ----a-w- c:\windows\syswow64\vswmi.dll 2010-07-18 21:09:00 110080 ----a-w- c:\windows\syswow64\vsxml.dll 2010-07-18 21:08:59 0 d-----w- c:\windows\system32\ZoneLabs 2010-07-18 20:03:53 46592 ----a-w- c:\windows\syswow64\libusb0.dll 2010-07-18 20:03:53 19456 ----a-w- c:\windows\syswow64\libusbd-9x.exe 2010-07-18 20:03:53 18944 ----a-w- c:\windows\syswow64\libusbd-nt.exe 2010-07-18 20:03:53 0 d-----w- c:\program files (x86)\LibUSB-Win32-0.1.10.1 2010-07-17 17:18:26 0 d-----w- c:\program files\common files\logishrd 2010-07-17 15:22:09 13048 ----a-w- c:\windows\system32\avgrssta.dll 2010-07-16 22:40:06 0 d-----w- c:\programdata\Codemasters 2010-07-16 22:24:50 805400 ----a-r- c:\windows\syswow64\tmp73FE.tmp 2010-07-16 21:27:46 805400 ----a-r- c:\windows\syswow64\tmp73FD.tmp 2010-07-15 11:18:48 450048 ----a-w- c:\windows\system32\drivers\wg111v2.sys 2010-07-15 11:18:48 290816 ------w- c:\windows\syswow64\SCMLib.dll 2010-07-15 11:18:48 25312 ----a-w- c:\windows\system32\drivers\SCMNdisP.sys 2010-07-15 11:18:48 186848 ----a-w- c:\windows\syswow64\WinService.exe 2010-07-15 11:18:48 0 d-----w- c:\program files (x86)\NETGEAR 2010-07-14 23:40:04 0 d-sh--w- c:\programdata\SecuROM 2010-07-14 19:27:47 91568 ----a-w- c:\windows\system32\drivers\scdemu.sys 2010-07-14 19:27:47 0 d-----w- c:\program files (x86)\PowerISO 2010-07-14 19:01:14 65536 --sha-w- c:\users\niek\ntuser.dat{3edf6a87-8f79-11df-99fa-00270e048c8c}.TM.blf 2010-07-14 19:01:14 524288 --sha-w- c:\users\niek\ntuser.dat{3edf6a87-8f79-11df-99fa-00270e048c8c}.TMContainer00000000000000000002.regtrans-ms 2010-07-14 19:01:14 524288 --sha-w- c:\users\niek\ntuser.dat{3edf6a87-8f79-11df-99fa-00270e048c8c}.TMContainer00000000000000000001.regtrans-ms 2010-07-14 18:43:01 144384 ----a-w- c:\windows\system32\cdd.dll 2010-07-14 18:42:18 0 d-----w- c:\program files (x86)\DAEMON Tools Lite 2010-07-11 22:54:57 0 d-----w- C:\Programme 2010-07-09 19:04:40 41872 ----a-w- c:\windows\syswow64\xfcodec.dll 2010-07-09 19:04:40 27536 ----a-w- c:\windows\system32\xfcodec64.dll 2010-07-09 12:30:53 6616 ----a-w- c:\windows\syswow64\ealregsnapshot1.reg 2010-07-06 21:51:00 0 d-----w- c:\windows\syswow64\logs 2010-07-06 21:50:23 0 d-----w- c:\windows\syswow64\saves 2010-07-04 18:07:17 0 d-----w- c:\users\niek\appdata\roaming\Touchstone 2010-07-04 17:08:05 0 d-----w- c:\users\niek\appdata\roaming\My Battle for Middle-earth(tm) II Files 2010-06-28 22:17:22 0 d-----w- c:\windows\syswow64\Wat 2010-06-28 22:17:22 0 d-----w- c:\windows\system32\Wat 2010-06-28 17:22:58 69344 ----a-w- c:\users\niek\appdata\roaming\GDIPFONTCACHEV1.DAT 2010-06-24 06:39:22 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll 2010-06-24 06:39:22 49472 ----a-w- c:\windows\syswow64\netfxperf.dll 2010-06-24 06:39:22 48960 ----a-w- c:\windows\system32\netfxperf.dll 2010-06-24 06:39:22 444752 ----a-w- c:\windows\system32\mscoree.dll 2010-06-24 06:39:22 320352 ----a-w- c:\windows\system32\PresentationHost.exe 2010-06-24 06:39:22 297808 ----a-w- c:\windows\syswow64\mscoree.dll 2010-06-24 06:39:22 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe 2010-06-24 06:39:22 1942856 ----a-w- c:\windows\system32\dfshim.dll 2010-06-24 06:39:22 1130824 ----a-w- c:\windows\syswow64\dfshim.dll 2010-06-24 06:39:22 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2010-06-23 21:38:23 1736608 ----a-w- c:\windows\system32\ntdll.dll 2010-06-23 21:38:22 1289528 ----a-w- c:\windows\syswow64\ntdll.dll 2010-06-23 21:31:45 961024 ----a-w- c:\windows\system32\CPFilters.dll 2010-06-23 21:31:45 641536 ----a-w- c:\windows\syswow64\CPFilters.dll 2010-06-23 21:31:45 552960 ----a-w- c:\windows\system32\msdri.dll 2010-06-23 21:31:45 258560 ----a-w- c:\windows\system32\mpg2splt.ax 2010-06-23 21:31:45 199680 ----a-w- c:\windows\syswow64\mpg2splt.ax 2010-06-23 21:31:44 288256 ----a-w- c:\windows\system32\MSNP.ax 2010-06-23 21:31:44 204288 ----a-w- c:\windows\syswow64\MSNP.ax 2010-06-20 20:26:52 86016 ----a-w- c:\windows\unvise32.exe ==================== Find3M ==================== 2010-07-18 21:12:18 420801 ----a-w- c:\windows\system32\drivers\vsconfig.xml 2010-07-17 15:22:10 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys 2010-07-17 15:22:05 269904 ----a-w- c:\windows\system32\drivers\avgldx64.sys 2010-07-16 22:24:50 466456 ----a-w- c:\windows\system32\wrap_oal.dll 2010-07-16 22:24:50 444952 ----a-w- c:\windows\syswow64\wrap_oal.dll 2010-07-16 22:24:50 121880 ----a-w- c:\windows\system32\OpenAL32.dll 2010-07-16 22:24:50 109080 ----a-w- c:\windows\syswow64\OpenAL32.dll 2010-07-15 16:16:09 202448 ----a-w- c:\windows\syswow64\PnkBstrB.exe 2010-07-14 13:11:51 701592 ----a-w- c:\windows\system32\perfh013.dat 2010-07-14 13:11:51 134946 ----a-w- c:\windows\system32\perfc013.dat 2010-06-23 11:51:22 1238528 ----a-w- c:\windows\syswow64\zpeng25.dll 2010-06-23 11:51:18 713728 ----a-w- c:\windows\syswow64\vsutil.dll 2010-06-23 11:51:18 58368 ----a-w- c:\windows\syswow64\vsregexp.dll 2010-06-23 11:51:18 302592 ----a-w- c:\windows\syswow64\vspubapi.dll 2010-06-23 11:51:18 228864 ----a-w- c:\windows\syswow64\vsinit.dll 2010-06-23 11:51:18 112128 ----a-w- c:\windows\syswow64\vsdata.dll 2010-06-23 11:51:18 108032 ----a-w- c:\windows\syswow64\vsmonapi.dll 2010-06-02 16:50:22 35536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys 2010-06-02 02:55:30 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll 2010-06-02 02:55:30 74072 ----a-w- c:\windows\syswow64\XAPOFX1_5.dll 2010-06-02 02:55:30 527192 ----a-w- c:\windows\syswow64\XAudio2_7.dll 2010-06-02 02:55:30 518488 ----a-w- c:\windows\system32\XAudio2_7.dll 2010-06-02 02:55:30 239960 ----a-w- c:\windows\syswow64\xactengine3_7.dll 2010-06-02 02:55:30 176984 ----a-w- c:\windows\system32\xactengine3_7.dll 2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll 2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll 2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll 2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll 2010-05-26 09:41:02 511328 ----a-w- c:\windows\system32\d3dx10_43.dll 2010-05-26 09:41:02 470880 ----a-w- c:\windows\syswow64\d3dx10_43.dll 2010-05-26 09:41:02 276832 ----a-w- c:\windows\system32\d3dx11_43.dll 2010-05-26 09:41:02 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll 2010-05-26 09:41:02 248672 ----a-w- c:\windows\syswow64\d3dx11_43.dll 2010-05-26 09:41:02 2106216 ----a-w- c:\windows\syswow64\D3DCompiler_43.dll 2010-05-26 09:41:02 1998168 ----a-w- c:\windows\syswow64\D3DX9_43.dll 2010-05-26 09:41:02 1907552 ----a-w- c:\windows\system32\d3dcsx_43.dll 2010-05-26 09:41:02 1868128 ----a-w- c:\windows\syswow64\d3dcsx_43.dll 2010-05-26 09:41:00 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll 2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll 2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll 2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll 2010-05-06 12:42:05 1225216 ----a-w- c:\windows\syswow64\urlmon.dll 2010-05-06 12:41:55 606208 ----a-w- c:\windows\syswow64\mstime.dll 2010-05-06 12:41:53 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll 2010-05-06 12:41:53 5970944 ----a-w- c:\windows\syswow64\mshtml.dll 2010-05-06 12:41:49 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll 2010-05-06 12:41:49 10984448 ----a-w- c:\windows\syswow64\ieframe.dll 2010-05-01 15:07:05 3122176 ----a-w- c:\windows\system32\win32k.sys 2010-04-27 12:45:56 72856 ----a-w- c:\windows\syswow64\xliveinstallhost.exe 2010-04-27 12:45:56 187544 ----a-w- c:\windows\syswow64\xliveinstall.dll 2010-04-23 07:13:36 2048 ----a-w- c:\windows\syswow64\tzres.dll 2010-04-23 07:11:58 2048 ----a-w- c:\windows\system32\tzres.dll 2009-07-14 09:16:01 43068 ----a-w- c:\windows\inf\perflib\0413\perfd.dat 2009-07-14 09:16:01 43068 ----a-w- c:\windows\inf\perflib\0413\perfc.dat 2009-07-14 09:16:01 341322 ----a-w- c:\windows\inf\perflib\0413\perfi.dat 2009-07-14 09:16:01 341322 ----a-w- c:\windows\inf\perflib\0413\perfh.dat 2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini 2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2010-03-29 07:27:25 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat 2010-03-29 07:27:25 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat 2010-03-29 07:27:25 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat 2010-03-29 07:27:25 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat 2010-03-29 08:42:52 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat 2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 17:40:23,18 =============== Hiero het logfiletje
  • Hoi Niek, ga naar http://security.symantec.com/sscv6/WelcomePage.asp en klik op de downloadknop om de Norton scanner down te loaden. Na download ervan opstarten, installeren en updaten! Daarna een volledige systeemscan laten doen. Klik op export scanresult en post daarvan de inhoud!
  • Ik gebruik AVG free en Malwarebytes, Zij hebben beide iets gevonden nadat ik gescanned heb. En ze hebben het niet weer teruggevonden.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.