Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Hiallo,jack this na verwijdering activeringscode windows 7

Anoniem
None
18 antwoorden
  • Hallo,
    Ik heb dit weekend iets vervelends aan de had gehad.
    Via mail een besmet bestandje ontvangen die ervoor zorgde dat de activeringscode van Windows 7 is weggehaald.
    Ik heb met behulp van de originele Windows 7 schijf dit weer in orde gebracht, maar ben bang dat mijn pc geïfecteerd is.

    Met Bitdefender en Spybot meerdere register entries verwijderd, maar ben nog steeds wantrouwig.
    Kan iemand onderstaand hijjack log bekijken?
    Bedankt

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:25:36, on 23-2-2010
    Platform: Unknown Windows (WinNT 6.01.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
    C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Norton Ghost\Agent\VProTray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
    C:\Program Files\Java\jre6\bin\java.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?cc=be
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
    O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
    O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
    O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe"
    O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
    O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O13 - Gopher Prefix:
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_62dfbbc3466d0409\aestsrv.exe
    O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
    O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
    O23 - Service: BitDefender Arrakis-server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Service (hpsrv) - Hewlett-Packard - C:\Windows\system32\Hpservice.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: BitDefender Desktop-updateservice (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_62dfbbc3466d0409\STacSV.exe
    O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe


    End of file - 10274 bytes
  • Hallo Jan, je HJT-log toont niks bijzonders, maar - dat kan schone schijn zijn.


    Belangrijk: schakel eerst in kladblok via Opmaak de Automatische terugloop uit!

    1) download [b:a6cd42a32f]TFC[/b:a6cd42a32f] (klick) naar je bureaublad.

    • Klik/dubbelklik op [b:a6cd42a32f]TFC.exe[/b:a6cd42a32f] om het programma te starten.
    • Niet schrikken - het tool sluit alle lopende programma's - ergo: verzeker je dus ervan, dat je werk al is opgeslagen!
    • Vervolgens klik je op de knop [b:a6cd42a32f]Start[/b:a6cd42a32f] om de scan te starten. Deze scan kan kort of langer duren, wees geduldig en laat TFC zijn taak doen en wacht to TFC klaaar is.
    • Indien TFC klaar is, dan komt de melding dat de computer opnieu opgestart wordt.
    • Gebeurt het afsluiten niet automatisch, start dan zelf de computer opnieuw op.


    2) Belangrijk: schakel eerst in kladblok via Opmaak de Automatische terugloop uit!


    2) Download, installeer en blijf [b:a6cd42a32f]MBAM[/b:a6cd42a32f] gebruiken.
    Al meteen na de installatie wil [b:a6cd42a32f]MBAM[/b:a6cd42a32f] zijn database opwaarderen – toestaan dus.
    Ook bij herhaald gebruik: eerst de tab [b:a6cd42a32f]Update[/b:a6cd42a32f] aandoen!

    [b:a6cd42a32f]Download MBAM[/b:a6cd42a32f] (KLIK)

    Start [b:a6cd42a32f]MBAM[/b:a6cd42a32f] en kies voor [b:a6cd42a32f]Snelle Scan[/b:a6cd42a32f]


    [b:a6cd42a32f]N.B.: Vista- en Windows 7 gebruik(st)ers starten MBAM middels rechtsklikken en dan kiezen voor Als Administrator uitvoeren.[/b:a6cd42a32f]



    Het scannen kan een tijdje duren, dus wees geduldig.
    Wanneer de scan voltooid is, klik dan op de knop [b:a6cd42a32f]OK[/b:a6cd42a32f] , daarna op de knop [b:a6cd42a32f]Bekijk Resultaten[/b:a6cd42a32f] om de resultaten te zien.
    Zorg ervoor dat daar alles aangevinkt is, daarna klikken op: [b:a6cd42a32f]Verwijder geselecteerde[/b:a6cd42a32f] .
    Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

    Het log wordt automatisch bewaard door [b:a6cd42a32f]MBAM[/b:a6cd42a32f] en dat kan je terugvinden door op de tab [b:a6cd42a32f]Logs[/b:a6cd42a32f] te klikken in [b:a6cd42a32f]MBAM[/b:a6cd42a32f] .

    Indien [b:a6cd42a32f]MBAM[/b:a6cd42a32f] moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op [b:a6cd42a32f]OK[/b:a6cd42a32f] klikken!
    Daarna zal [b:a6cd42a32f]MBAM[/b:a6cd42a32f] vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.


    3) download [b:a6cd42a32f] naar je bureaublad.

    • dds.scr dubbelklikken (Vista/Win 7 gebruikers doen dit via rechtsklik en kiezen voor Als Administrator uitvoeren)
    - wacht tot de scan klaar is.
    • Na de scan worden twee tekstdocumnenten geopend


    Resumerend: je post de volgende keer de inhoud van de volgende logs -

    1) beide DDS log

    2) het log van MBAM
  • Dag Abraham54,

    Bedankt voor je reactie.Hieronder vind je de drie rapportjes:

    ************* 1 ********** MBAM-LOG:
    Malwarebytes' Anti-Malware 1.44
    Database versie: 3785
    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    24-2-2010 18:38:56
    mbam-log-2010-02-24 (18-38-56).txt

    Scan type: Snelle Scan
    Objecten gescand: 109377
    Verstreken tijd: 8 minute(s), 24 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 1
    Registerwaarden geïnfecteerd: 0
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)


    ************* 2 ********** ATTACH-LOG:

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-12-01.01)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7-2-2010 13:06:58
    System Uptime: 24-2-2010 18:21:49 (0 hours ago)

    Motherboard: Quanta | | 3063
    Processor: AMD Turion™ X2 Ultra Dual-Core Mobile ZM-82 | Socket M2/S1G1 | 2200/1800mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 466 GiB total, 402,905 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is FIXED (NTFS) - 298 GiB total, 108,688 GiB free.

    ==== Disabled Device Manager Items =============

    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: sptd
    Device ID: ROOT\LEGACY_SPTD\0000
    Manufacturer:
    Name: sptd
    PNP Device ID: ROOT\LEGACY_SPTD\0000
    Service: sptd

    ==== System Restore Points ===================

    RP7: 10-2-2010 19:45:39 - Windows Update
    RP8: 10-2-2010 20:53:34 - Windows Update
    RP9: 10-2-2010 20:59:10 - Windows Update
    RP10: 14-2-2010 18:54:53 - Installed Java(TM) 6 Update 18
    RP11: 21-2-2010 13:20:49 - Installed FastPictureViewer (32-bit) with Codecs
    RP13: 21-2-2010 19:08:20 - SPTD setup V1.62
    RP14: 21-2-2010 19:19:05 - Device Driver Package Install: Elaborate Bytes AG Storage controllers
    RP15: 21-2-2010 19:35:01 - Installed Adobe Photoshop Lightroom 2.6.1.
    RP16: 21-2-2010 19:48:43 - Removed Adobe Photoshop Lightroom 2.6.1.
    RP17: 21-2-2010 21:20:38 - Windows Update
    RP18: 21-2-2010 21:26:22 - Windows Anytime Upgrade

    ==== Installed Programs ======================

    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3
    Advertising Center
    Apple Application Support
    Apple Software Update
    ArcSoft PhotoStudio 5.5
    BitDefender Internet Security 2010
    Bonjour
    CCleaner
    Core FTP LE 2.1
    Cropper
    DVD Shrink 3.2
    ENE CIR Receiver Driver
    Free Mp3 Wma Converter V 1.7.3
    HijackThis 2.0.2
    HP 3D DriveGuard
    Iomega Discovery Tool Home
    IZArc 4.0 beta 1
    Java Auto Updater
    Java(TM) 6 Update 18
    Java(TM) SE Runtime Environment 6 Update 1
    JMicron Flash Media Controller Driver
    LiveUpdate 3.2 (Symantec Corporation)
    Malwarebytes' Anti-Malware
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (Dutch) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (Dutch) 2007
    Microsoft Office Groove MUI (Dutch) 2007
    Microsoft Office InfoPath MUI (Dutch) 2007
    Microsoft Office Live Add-in 1.4
    Microsoft Office OneNote MUI (Dutch) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (Dutch) 2007
    Microsoft Office PowerPoint MUI (Dutch) 2007
    Microsoft Office Proof (Dutch) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (German) 2007
    Microsoft Office Proofing (Dutch) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (Dutch) 2007
    Microsoft Office Shared MUI (Dutch) 2007
    Microsoft Office Word MUI (Dutch) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Nero 9 Lite
    Nero ControlCenter
    Nero Installer
    Nero Online Upgrade
    Nero StartSmart
    neroxml
    Norton Ghost
    OGA Notifier 2.0.0048.0
    OLYMPUS Master 2
    OpenMG Limited Patch 4.7-07-14-05-01
    OpenMG Secure Module 4.7.00
    PDFCreator
    pdfforge Toolbar v1.1.2
    Picasa 3
    PIXresizer 1.0.9
    QuickTime
    Realtek USB 2.0 Card Reader
    Safari
    Samsung ML-1510_700 Series
    ScanSoft PaperPort 11
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB973704)
    Security Update for Microsoft Office Excel 2007 (KB973593)
    Security Update for Microsoft Office Outlook 2007 (KB972363)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office Publisher 2007 (KB969693)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Skype™ 4.1
    SonicStage 4.3
    Spector Photo Software
    Spybot - Search & Destroy
    TMPGEnc DVD Author 1.6
    TMPGEnc Plus 2.5
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office InfoPath 2007 (KB976416)
    Update for Microsoft Office Word 2007 (KB974561)
    Update for Outlook 2007 Junk Email Filter (kb977719)
    Update voor Microsoft Office Excel 2007 Help (KB963678)
    Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
    Update voor Microsoft Office Word 2007 Help (KB963665)
    VirtualCloneDrive
    virtualStudio 1.0.38
    Visual C++ 8.0 ATL (x86) WinSXS MSM
    Visual C++ 8.0 CRT (x86) WinSXS MSM
    Vuze
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Player Firefox Plugin
    XMind

    ==== Event Viewer Messages From Past Week ========

    24-2-2010 18:22:39, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
    24-2-2010 18:22:14, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
    24-2-2010 18:22:14, Error: atikmdag [43029] - Display is not active
    24-2-2010 18:21:53, Error: sptd [4] - Driver detected an internal error in its data structures for .
    21-2-2010 21:44:29, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
    21-2-2010 21:12:31, Error: Service Control Manager [7034] - The Bonjour-service service terminated unexpectedly. It has done this 1 time(s).
    21-2-2010 20:37:08, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    21-2-2010 20:37:07, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    21-2-2010 20:37:07, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    21-2-2010 20:37:06, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    21-2-2010 20:37:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    21-2-2010 20:36:58, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    21-2-2010 20:35:42, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: bdfsfltr bdfwfpf discache ElbyCDIO spldr sptd Wanarpv6

    ==== End Of File ===========================


    ************* 3 ********** DDS-LOG:

    DDS (Ver_09-12-01.01) - NTFSx86
    Run by Jan at 18:39:59,85 on wo 24-02-2010
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1033.18.3070.1992 [GMT 1:00]

    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_62dfbbc3466d0409\STacSV.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_62dfbbc3466d0409\aestsrv.exe
    C:\Program Files\Application Updater\ApplicationUpdater.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\dllhost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
    C:\Windows\system32\dllhost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\msdtc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Norton Ghost\Agent\VProTray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Safari\Safari.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Jan\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.bing.com/?cc=be
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\pdfforge toolbar\SearchSettings.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\1.1.2\pdfforgeToolbarIE.dll
    BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\pdfforge toolbar\SearchSettings.dll
    TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\1.1.2\pdfforgeToolbarIE.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [ccleaner] "c:\program files\ccleaner\ccleaner.exe" /AUTO
    mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
    mRun: [Norton Ghost 14.0] "c:\program files
    orton ghost\agent\VProTray.exe"
    mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"
    mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SearchSettings] c:\program files\pdfforge toolbar\SearchSettings.exe
    mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
    mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    Hosts: 127.0.0.1 www.spywareinfo.com

    ============= SERVICES / DRIVERS ===============

    R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\drivers\BdfNdisf6.sys [2009-10-19 72200]
    R1 bdfwfpf;bdfwfpf;c:\program files\common files\bitdefender\bitdefender firewall\bdfwfpf.sys [2009-10-19 79368]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_62dfbbc3466d0409\AEstSrv.exe [2009-3-2 81920]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
    R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-1-8 380928]
    R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2010\bdvedisk.sys [2009-9-22 83208]
    R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2009-7-8 26168]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-12-14 1153368]
    R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2009-12-13 5120]
    R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-7-14 7168]
    R3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-11-10 153448]
    R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2009-6-29 59904]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
    R3 SymSnapService;SymSnapService;c:\program files
    orton ghost\shared\drivers\SymSnapService.exe [2007-12-20 1562096]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
    S3 Arrakis3;BitDefender Arrakis-server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-10-19 183880]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-2-7 54632]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
    S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-7-20 116136]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-21 1343400]

    =============== Created Last 30 ================

    2010-02-24 17:25:58 0 d—–w- c:\users\jan\appdata\roaming\Malwarebytes
    2010-02-24 17:25:54 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-02-24 17:25:50 0 d—–w- c:\programdata\Malwarebytes
    2010-02-24 17:25:48 19160 —-a-w- c:\windows\system32\drivers\mbam.sys
    2010-02-24 17:25:48 0 d—–w- c:\program files\Malwarebytes' Anti-Malware
    2010-02-23 20:01:29 0 d—–w- c:\program files\Trend Micro
    2010-02-22 20:24:58 0 d—–w- c:\program files\virtualStudio
    2010-02-21 20:31:11 0 d—–w- C:\VProRecovery
    2010-02-21 20:21:16 0 d—–w- c:\windows\system32\Wat
    2010-02-21 20:18:14 6640 —ha-w- c:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2010-02-21 20:18:14 6640 —ha-w- c:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2010-02-21 18:36:24 9200 ——w- c:\windows\system32\drivers\cdralw2k.sys
    2010-02-21 18:36:24 9072 ——w- c:\windows\system32\drivers\cdr4_xp.sys
    2010-02-21 18:18:37 0 d—–w- c:\program files\Elaborate Bytes
    2010-02-21 12:39:15 0 d—–w- c:\users\jan\appdata\roaming\CoreFTP
    2010-02-21 12:10:06 0 d—–w- c:\users\jan\appdata\roaming\XMind
    2010-02-21 12:09:48 0 d—–w- c:\program files\XMind
    2010-02-14 17:56:10 0 d—–w- c:\programdata\Sun
    2010-02-14 17:55:43 411368 —-a-w- c:\windows\system32\deploytk.dll
    2010-02-14 09:29:31 0 d—–w- c:\programdata\SonicStage
    2010-02-10 20:00:31 0 d—–w- c:\program files\IDT
    2010-02-10 20:00:28 61440 —-a-w- c:\windows\system32\aestaren.dll
    2010-02-10 20:00:28 368640 —-a-w- c:\windows\system32\aestecap.dll
    2010-02-10 20:00:28 142848 —-a-w- c:\windows\system32\aestacap.dll
    2010-02-10 20:00:27 86016 —-a-w- c:\windows\system32\AESTCom.dll
    2010-02-10 20:00:27 536576 —-a-w- c:\windows\system32\idtmini1.exe
    2010-02-10 20:00:27 450652 —-a-w- c:\windows\sttray.exe
    2010-02-10 20:00:27 3774 —-a-w- c:\windows\system32\bltinmic.ico
    2010-02-10 20:00:27 3774 —-a-w- c:\windows\system32\2hps.ico
    2010-02-10 20:00:27 3567616 —-a-w- c:\windows\system32\stlang.dll
    2010-02-10 20:00:27 15222 —-a-w- c:\windows\system32
    bspkrs.ico
    2010-02-10 20:00:27 12021852 —-a-w- c:\windows\system32\idtcpl.cpl
    2010-02-10 20:00:25 0 d—–w- c:\windows\system32\SRSLabs
    2010-02-07 20:12:46 0 d—–w- c:\windows\Panther
    2010-02-07 19:49:58 0 d—–w- c:\program files\Application Updater
    2010-02-07 19:49:57 0 d—–w- c:\program files\pdfforge Toolbar
    2010-02-07 19:49:27 137000 —-a-w- c:\windows\system32\MSMAPI32.OCX
    2010-02-07 19:49:24 23552 —-a-w- c:\windows\system32\MSMPIDE.DLL
    2010-02-07 19:49:23 0 d—–w- c:\program files\PDFCreator
    2010-02-07 19:38:08 151 —-a-w- c:\windows\system32\~.inf
    2010-02-07 18:12:47 0 d—–w- c:\users\jan\appdata\roaming\ChromePlus
    2010-02-07 17:47:17 0 d—–w- c:\program files\Microsoft Office Outlook Connector
    2010-02-07 17:47:00 54632 —-a-w- c:\windows\system32\drivers\fssfltr.sys
    2010-02-07 17:45:20 3426072 —-a-w- c:\windows\system32\d3dx9_32.dll
    2010-02-07 17:45:12 0 d—–w- c:\program files\Microsoft SQL Server Compact Edition
    2010-02-07 17:44:25 0 d—–w- c:\program files\Windows Live SkyDrive
    2010-02-07 17:20:54 0 d—–w- c:\program files\Microsoft
    2010-02-07 17:20:06 2048 —-a-w- c:\windows\system32\tzres.dll
    2010-02-07 17:19:54 257024 —-a-w- c:\windows\system32\msv1_0.dll
    2010-02-07 17:10:43 285696 —-a-w- c:\windows\system32\winlogon.exe
    2010-02-07 17:10:43 2614272 —-a-w- c:\windows\explorer.exe
    2010-02-07 17:10:28 977920 —-a-w- c:\windows\system32\wininet.dll
    2010-02-07 17:10:08 108544 —-a-w- c:\windows\system32\t2embed.dll
    2010-02-07 17:10:07 70656 —-a-w- c:\windows\system32\fontsub.dll
    2010-02-07 17:09:49 34816 —-a-w- c:\windows\system32\msasn1.dll
    2010-02-07 17:09:27 728648 —-a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2010-02-07 17:09:27 507568 —-a-w- c:\windows\system32\winload.exe
    2010-02-07 17:09:27 442920 —-a-w- c:\windows\system32\winresume.exe
    2010-02-07 17:09:27 293888 —-a-w- c:\windows\system32\atmfd.dll
    2010-02-07 17:09:27 1320960 —-a-w- c:\windows\system32\CertEnroll.dll
    2010-02-07 17:09:26 12625408 —-a-w- c:\windows\system32\wmploc.DLL
    2010-02-07 13:11:56 385 —-a-w- c:\windows\system32\user_gensett.xml
    2010-02-07 13:08:08 0 d—–w- c:\users\jan\appdata\roaming\BitDefender
    2010-02-07 13:08:08 0 d—–w- c:\programdata\BitDefender
    2010-02-07 13:08:08 0 d—–w- c:\program files\BitDefender
    2010-02-07 13:07:05 0 d—–w- c:\program files\common files\BitDefender
    2010-02-07 12:12:20 717892 —-a-w- c:\windows\system32\PerfStringBackup.INI
    2010-02-07 12:09:24 0 d—–w- c:\windows\system32\wbem\Performance
    2010-02-07 12:07:06 20 –sh–w- c:\users\jan
    tuser.ini
    2010-02-07 11:55:43 22508 —-a-w- c:\windows\system32\emptyregdb.dat
    2010-02-07 11:18:54 0 —ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
    2010-02-07 11:18:12 0 —-a-w- c:\windows\ativpsrm.bin
    2010-02-07 10:05:46 1890 —-a-w- c:\windows\diagwrn.xml
    2010-02-07 10:05:46 1890 —-a-w- c:\windows\diagerr.xml
    2010-02-06 16:36:51 0 d—–w- c:\users\jan\appdata\roaming\CheeseSoft
    2010-02-06 16:36:42 0 d—–w- c:\program files\FinalUninstaller
    2010-01-31 13:15:21 0 d—–w- c:\program files\DVDSmith Movie Backup
    2010-01-29 20:44:32 52 —-a-w- c:\windows\system32\ashttpstats.csv
    2010-01-25 21:15:31 0 —-a-w- c:\windows\vtpwra.INI

    ==================== Find3M ====================

    2010-02-21 18:08:46 691696 —-a-w- c:\windows\system32\drivers\sptd.sys
    2010-02-15 16:58:32 153448 —-a-w- c:\windows\system32\drivers\bdfm.sys
    2010-02-15 16:58:32 106464 —-a-w- c:\windows\system32\drivers\bdhv.sys
    2010-01-18 23:29:31 85504 —-a-w- c:\windows\system32\secproc_ssp_isv.dll
    2010-01-18 23:29:31 85504 —-a-w- c:\windows\system32\secproc_ssp.dll
    2010-01-18 23:29:31 365568 —-a-w- c:\windows\system32\secproc_isv.dll
    2010-01-18 23:29:30 369152 —-a-w- c:\windows\system32\secproc.dll
    2010-01-18 23:28:33 324608 —-a-w- c:\windows\system32\RMActivate_isv.exe
    2010-01-18 23:28:33 277504 —-a-w- c:\windows\system32\RMActivate_ssp_isv.exe
    2010-01-18 23:28:30 320512 —-a-w- c:\windows\system32\RMActivate.exe
    2010-01-18 23:28:30 280064 —-a-w- c:\windows\system32\RMActivate_ssp.exe
    2010-01-08 03:18:02 221184 —-a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2010-01-08 03:17:36 123392 —-a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-01-06 08:11:16 129520 ——w- c:\windows\system32\pxafs.dll
    2010-01-06 08:11:14 120568 ——w- c:\windows\system32\pxcpyi64.exe
    2010-01-06 08:11:14 118256 ——w- c:\windows\system32\pxinsi64.exe
    2009-12-19 09:02:52 12288 —-a-w- c:\windows\system32\tsbyuv.dll
    2009-12-19 09:02:48 1328640 —-a-w- c:\windows\system32\quartz.dll
    2009-12-19 09:02:46 22016 —-a-w- c:\windows\system32\msyuv.dll
    2009-12-19 09:02:45 31744 —-a-w- c:\windows\system32\msvidc32.dll
    2009-12-19 09:02:45 13312 —-a-w- c:\windows\system32\msrle32.dll
    2009-12-19 09:02:40 84480 —-a-w- c:\windows\system32\mciavi32.dll
    2009-12-19 09:02:39 50176 —-a-w- c:\windows\system32\iyuv_32.dll
    2009-12-19 09:02:01 91648 —-a-w- c:\windows\system32\avifil32.dll
    2009-12-14 19:15:14 2146304 —-a-w- c:\windows\system32\GPhotos.scr
    2009-12-14 18:23:50 140200 —ha-w- c:\windows\system32\mlfcache.dat
    2009-12-14 17:56:46 10752 ——w- c:\windows\system32\pxwma.dll
    2009-12-08 11:40:12 3955288 —-a-w- c:\windows\system32
    tkrnlpa.exe
    2009-12-08 11:40:12 3899464 —-a-w- c:\windows\system32
    toskrnl.exe
    2009-12-08 11:32:02 292864 —-a-w- c:\windows\system32\apphelp.dll
    2009-07-14 04:56:42 31548 —-a-w- c:\windows\inf\perflib\0409\perfd.dat
    2009-07-14 04:56:42 31548 —-a-w- c:\windows\inf\perflib\0409\perfc.dat
    2009-07-14 04:56:42 291294 —-a-w- c:\windows\inf\perflib\0409\perfi.dat
    2009-07-14 04:56:42 291294 —-a-w- c:\windows\inf\perflib\0409\perfh.dat
    2009-07-14 04:41:57 174 –sha-w- c:\program files\desktop.ini
    2009-07-14 00:34:40 291294 —-a-w- c:\windows\inf\perflib\0000\perfi.dat
    2009-07-14 00:34:40 291294 —-a-w- c:\windows\inf\perflib\0000\perfh.dat
    2009-07-14 00:34:38 31548 —-a-w- c:\windows\inf\perflib\0000\perfd.dat
    2009-07-14 00:34:38 31548 —-a-w- c:\windows\inf\perflib\0000\perfc.dat
    2009-06-10 21:26:35 9633792 –sha-r- c:\windows\fonts\StaticCache.dat
    2009-07-14 01:14:45 396800 –sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

    ============= FINISH: 18:42:13,32 ===============

    Bedankt voor je reactie





  • Hallo Jan, je hoeft me nog niet te bedanken hoor - ik help je graag.

    DDS-attach geeft dit aan: [b:d3f47f82b7]C: is FIXED (NTFS) - 466 GiB total, 402,905 GiB free[/b:d3f47f82b7] - dat is een enorm grote partitie als syteem-partitie!

    Je hebt nu ca 65GB ervan gebruikt, zou je de partitie resizen naar zeg 120 GB, dan kan je de rest van de HD gebruiken voor al je persoonlijke data!

    Maar goed - nu het volgende: [b:d3f47f82b7]Laat Combofix jouw Windows scannen[/b:d3f47f82b7] (klik).

    [b:d3f47f82b7]Hoe Combofix goed te gebruiken[/b:d3f47f82b7] (klik)

    [b:d3f47f82b7]Aanvulling: om Combofix te kunnen gebruiken geldt het volgende:
  • Dag Abraham54,

    Hier komt het rapport:

    ComboFix 10-02-24.03 - Jan 25-02-2010 18:48:21.1.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1033.18.3070.2121 [GMT 1:00]
    Gestart vanuit: c:\users\Jan\Desktop\ComboFix.exe
    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    * Aanwezig AV is actief

    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\pdfforge Toolbar\SearchSettings.dll
    c:\windows\patchw32.dll
    c:\windows\pw32a.dll
    c:\windows\system32\~.inf

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2010-01-25 to 2010-02-25 ))))))))))))))))))))))))))))))
    .

    2010-02-25 18:02 . 2010-02-25 18:03 ——– d—–w- c:\users\Jan\AppData\Local\temp
    2010-02-25 18:02 . 2010-02-25 18:02 ——– d—–w- c:\users\Default\AppData\Local\temp
    2010-02-25 17:44 . 2010-02-25 17:45 ——– d—–w- C:\32788R22FWJFW
    2010-02-24 17:39 . 2010-02-24 17:39 524288 —-a-w- c:\users\Jan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Optimalisatie\dds.scr
    2010-02-24 17:25 . 2010-02-24 17:25 ——– d—–w- c:\users\Jan\AppData\Roaming\Malwarebytes
    2010-02-24 17:25 . 2010-01-07 15:07 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-02-24 17:25 . 2010-02-24 17:25 ——– d—–w- c:\programdata\Malwarebytes
    2010-02-24 17:25 . 2010-02-24 17:25 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2010-02-24 17:25 . 2010-01-07 15:07 19160 —-a-w- c:\windows\system32\drivers\mbam.sys
    2010-02-24 12:29 . 2009-12-13 09:30 641536 —-a-w- c:\windows\system32\CPFilters.dll
    2010-02-24 12:29 . 2009-12-13 09:30 465408 —-a-w- c:\windows\system32\psisdecd.dll
    2010-02-24 12:29 . 2009-12-13 09:29 417792 —-a-w- c:\windows\system32\msdri.dll
    2010-02-24 12:29 . 2010-02-02 07:45 2048 —-a-w- c:\windows\system32\tzres.dll
    2010-02-23 20:45 . 2010-02-23 20:56 ——– d—–w- c:\users\Jan\AppData\Local\Microsoft Games
    2010-02-23 20:01 . 2010-02-23 20:01 ——– d—–w- c:\program files\Trend Micro
    2010-02-22 20:24 . 2010-02-22 20:30 ——– d—–w- c:\program files\virtualStudio
    2010-02-21 20:32 . 2010-02-21 20:32 ——– d—–w- c:\users\Jan\AppData\Local\Symantec_Corporation
    2010-02-21 20:31 . 2010-02-21 20:35 ——– d—–w- C:\VProRecovery
    2010-02-21 20:21 . 2010-02-21 20:21 ——– d—–w- c:\windows\system32\Wat
    2010-02-21 19:24 . 2010-02-21 19:24 ——– d—–w- c:\users\Jan\AppData\Local\OLYMPUS
    2010-02-21 18:53 . 2010-02-21 18:53 109288 —-a-w- c:\users\Jan\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-02-21 18:36 . 2010-01-06 08:11 9200 ——w- c:\windows\system32\drivers\cdralw2k.sys
    2010-02-21 18:36 . 2010-01-06 08:11 9072 ——w- c:\windows\system32\drivers\cdr4_xp.sys
    2010-02-21 18:18 . 2010-02-21 18:18 ——– d—–w- c:\program files\Elaborate Bytes
    2010-02-21 17:07 . 2010-02-21 17:07 77824 —-a-w- c:\users\Jan\AppData\Roaming\XMind\configuration-cathy\org.eclipse.osgi\bundles\178\1\.cp\swt-xulrunner-win32-3555.dll
    2010-02-21 12:39 . 2010-02-21 12:58 ——– d—–w- c:\users\Jan\AppData\Roaming\CoreFTP
    2010-02-21 12:11 . 2010-02-21 12:11 77824 —-a-w- c:\users\Jan\AppData\Roaming\XMind\configuration-cathy\org.eclipse.osgi\bundles\178\1\.cp\swt-gdip-win32-3555.dll
    2010-02-21 12:11 . 2010-02-21 12:11 348160 —-a-w- c:\users\Jan\AppData\Roaming\XMind\configuration-cathy\org.eclipse.osgi\bundles\178\1\.cp\swt-win32-3555.dll
    2010-02-21 12:10 . 2010-02-21 12:11 ——– d—–w- c:\users\Jan\AppData\Roaming\XMind
    2010-02-21 12:09 . 2010-02-21 17:06 ——– d—–w- c:\program files\XMind
    2010-02-14 17:55 . 2010-02-14 17:55 411368 —-a-w- c:\windows\system32\deploytk.dll
    2010-02-14 09:29 . 2010-02-14 09:29 ——– d—–w- c:\programdata\SonicStage
    2010-02-10 20:00 . 2010-02-10 20:00 ——– d—–w- c:\program files\IDT
    2010-02-10 20:00 . 2009-03-02 16:57 142848 —-a-w- c:\windows\system32\aestacap.dll
    2010-02-10 20:00 . 2009-03-02 16:57 61440 —-a-w- c:\windows\system32\aestaren.dll
    2010-02-10 20:00 . 2009-03-02 16:08 368640 —-a-w- c:\windows\system32\aestecap.dll
    2010-02-10 20:00 . 2009-06-03 19:43 536576 —-a-w- c:\windows\system32\idtmini1.exe
    2010-02-10 20:00 . 2009-06-03 19:43 450652 —-a-w- c:\windows\sttray.exe
    2010-02-10 20:00 . 2009-06-03 19:43 3567616 —-a-w- c:\windows\system32\stlang.dll
    2010-02-10 20:00 . 2009-03-02 16:47 86016 —-a-w- c:\windows\system32\AESTCom.dll
    2010-02-10 20:00 . 2010-02-10 20:00 ——– d—–w- c:\windows\system32\SRSLabs
    2010-02-10 16:08 . 2009-12-08 11:40 3955288 —-a-w- c:\windows\system32
    tkrnlpa.exe
    2010-02-07 20:12 . 2010-02-07 12:06 ——– d—–w- c:\windows\Panther
    2010-02-07 19:49 . 2010-02-07 19:49 ——– d—–w- c:\program files\Application Updater
    2010-02-07 19:49 . 2010-02-25 18:01 ——– d—–w- c:\program files\pdfforge Toolbar
    2010-02-07 19:49 . 1998-07-05 23:00 23552 —-a-w- c:\windows\system32\MSMPIDE.DLL
    2010-02-07 19:49 . 2010-02-07 19:50 ——– d—–w- c:\program files\PDFCreator
    2010-02-07 18:12 . 2010-02-07 18:12 54082 —-a-w- c:\users\Jan\AppData\Roaming\ChromePlus\ChromePlus_uninstall.exe
    2010-02-07 18:12 . 2010-02-10 19:13 ——– d—–w- c:\users\Jan\AppData\Roaming\ChromePlus
    2010-02-07 17:53 . 2010-02-07 17:53 ——– d—–w- c:\program files\Common Files\Adobe
    2010-02-07 17:47 . 2010-02-07 17:47 ——– d—–w- c:\program files\Microsoft Office Outlook Connector
    2010-02-07 17:47 . 2009-08-05 21:48 54632 —-a-w- c:\windows\system32\drivers\fssfltr.sys
    2010-02-07 17:46 . 2010-02-07 17:46 ——– d—–w- c:\program files\Microsoft Sync Framework
    2010-02-07 17:45 . 2006-11-29 12:06 3426072 —-a-w- c:\windows\system32\d3dx9_32.dll
    2010-02-07 17:45 . 2010-02-07 17:45 ——– d—–w- c:\program files\Microsoft SQL Server Compact Edition
    2010-02-07 17:44 . 2010-02-07 17:44 ——– d—–w- c:\program files\Windows Live SkyDrive
    2010-02-07 17:44 . 2010-02-07 17:46 ——– d—–w- c:\program files\Windows Live
    2010-02-07 17:21 . 2010-02-07 17:55 ——– d—–w- c:\program files\Microsoft Silverlight
    2010-02-07 17:20 . 2010-02-07 17:44 ——– d—–w- c:\program files\Microsoft
    2010-02-07 17:19 . 2009-09-10 05:52 257024 —-a-w- c:\windows\system32\msv1_0.dll
    2010-02-07 17:10 . 2009-10-31 05:45 2614272 —-a-w- c:\windows\explorer.exe
    2010-02-07 17:10 . 2009-10-28 06:17 285696 —-a-w- c:\windows\system32\winlogon.exe
    2010-02-07 17:10 . 2009-12-19 09:02 977920 —-a-w- c:\windows\system32\wininet.dll
    2010-02-07 17:10 . 2009-10-19 14:10 108544 —-a-w- c:\windows\system32\t2embed.dll
    2010-02-07 17:10 . 2009-10-19 14:10 70656 —-a-w- c:\windows\system32\fontsub.dll
    2010-02-07 17:09 . 2009-08-29 06:57 34816 —-a-w- c:\windows\system32\msasn1.dll
    2010-02-07 17:09 . 2009-10-02 04:06 728648 —-a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2010-02-07 17:09 . 2009-09-03 07:04 1320960 —-a-w- c:\windows\system32\CertEnroll.dll
    2010-02-07 17:09 . 2009-08-19 07:20 442920 —-a-w- c:\windows\system32\winresume.exe
    2010-02-07 17:09 . 2009-08-19 07:20 507568 —-a-w- c:\windows\system32\winload.exe
    2010-02-07 17:09 . 2009-07-30 04:44 293888 —-a-w- c:\windows\system32\atmfd.dll
    2010-02-07 17:09 . 2009-08-29 06:54 12625408 —-a-w- c:\windows\system32\wmploc.DLL
    2010-02-07 15:30 . 2010-02-07 15:30 704320 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2010-02-07 13:08 . 2010-02-07 13:11 ——– d—–w- c:\programdata\BitDefender
    2010-02-07 13:08 . 2010-02-07 13:08 ——– d—–w- c:\users\Jan\AppData\Roaming\BitDefender
    2010-02-07 13:08 . 2010-02-07 13:08 ——– d—–w- c:\program files\BitDefender
    2010-02-07 13:07 . 2010-02-07 13:08 ——– d—–w- c:\program files\Common Files\BitDefender
    2010-02-07 12:09 . 2010-02-25 17:35 ——– d—–w- c:\windows\system32\wbem\Performance
    2010-02-07 11:55 . 2010-02-07 11:55 22508 —-a-w- c:\windows\system32\emptyregdb.dat
    2010-02-07 11:46 . 2010-02-07 11:46 ——– d—–w- c:\users\Default\AppData\Local\Microsoft Help
    2010-02-07 11:18 . 2010-02-07 11:18 0 —-a-w- c:\windows\ativpsrm.bin
    2010-02-06 16:36 . 2010-02-07 11:43 ——– d—–w- c:\users\Jan\AppData\Roaming\CheeseSoft
    2010-02-06 16:36 . 2010-02-07 11:25 ——– d—–w- c:\program files\FinalUninstaller
    2010-01-31 13:15 . 2010-02-07 11:25 ——– d—–w- c:\program files\DVDSmith Movie Backup
    2010-01-31 13:08 . 2010-02-07 11:32 ——– d—–w- c:\windows\Sun

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-02-25 17:55 . 2009-12-14 18:04 ——– d—–w- c:\users\Jan\AppData\Roaming\Skype
    2010-02-25 17:32 . 2009-12-14 18:10 ——– d—–w- c:\users\Jan\AppData\Roaming\skypePM
    2010-02-23 17:24 . 2009-12-14 18:13 ——– d—–w- c:\programdata\Spybot - Search & Destroy
    2010-02-21 20:13 . 2009-12-13 19:43 ——– d—–w- c:\program files\Bonjour
    2010-02-21 18:49 . 2009-12-13 20:17 ——– d—–w- c:\program files\Common Files\PX Storage Engine
    2010-02-21 18:08 . 2009-12-13 22:05 691696 —-a-w- c:\windows\system32\drivers\sptd.sys
    2010-02-21 18:00 . 2009-12-14 18:24 ——– d—–w- c:\users\Jan\AppData\Roaming\Azureus
    2010-02-20 10:28 . 2009-12-16 18:22 ——– d—–w- c:\users\Jan\AppData\Roaming\Canon
    2010-02-17 14:39 . 2009-12-14 18:07 ——– d—–w- c:\program files\Spector Photo Software
    2010-02-15 16:58 . 2009-11-10 16:04 153448 —-a-w- c:\windows\system32\drivers\bdfm.sys
    2010-02-15 16:58 . 2009-11-10 16:03 106464 —-a-w- c:\windows\system32\drivers\bdhv.sys
    2010-02-14 17:56 . 2009-12-13 19:52 ——– d—–w- c:\program files\Common Files\Java
    2010-02-14 17:55 . 2009-12-13 19:52 ——– d—–w- c:\program files\Java
    2010-02-14 09:29 . 2009-12-14 18:30 ——– d—–w- c:\users\Jan\AppData\Roaming\Sony Corporation
    2010-02-10 18:47 . 2009-12-13 19:11 ——– d—–w- c:\programdata\Microsoft Help
    2010-02-07 17:54 . 2009-12-13 19:01 132 —-a-w- c:\windows\system32\rezumatenoi.dat
    2010-02-07 15:30 . 2009-07-14 04:52 ——– d—–w- c:\program files\Windows Sidebar
    2010-02-07 15:30 . 2009-07-14 02:37 ——– d—–w- c:\program files\Windows Mail
    2010-02-07 15:30 . 2009-07-14 07:49 ——– d—–w- c:\program files\Windows Journal
    2010-02-07 15:30 . 2009-07-14 04:52 ——– d—–w- c:\program files\Windows Photo Viewer
    2010-02-07 15:30 . 2009-07-14 04:52 ——– d—–w- c:\program files\Windows Defender
    2010-02-07 11:43 . 2010-01-02 15:02 ——– d—–w- c:\users\Jan\AppData\Roaming\vlc
    2010-02-07 11:43 . 2009-12-13 22:21 ——– d—–w- c:\users\Jan\AppData\Roaming\Zeon
    2010-02-07 11:43 . 2009-12-13 20:32 ——– d—–w- c:\users\Jan\AppData\Roaming\Symantec
    2010-02-07 11:43 . 2009-12-14 18:10 ——– d—–w- c:\users\Jan\AppData\Roaming\SPB
    2010-02-07 11:43 . 2009-12-24 15:42 ——– d—–w- c:\users\Jan\AppData\Roaming\Nero
    2010-02-07 11:43 . 2009-12-13 22:20 ——– d—–w- c:\users\Jan\AppData\Roaming\ScanSoft
    2010-02-07 11:43 . 2009-12-13 23:00 ——– d—–w- c:\users\Jan\AppData\Roaming\Cropper
    2010-02-07 11:43 . 2009-12-13 22:03 ——– d—–w- c:\users\Jan\AppData\Roaming\DAEMON Tools Lite
    2010-02-07 11:43 . 2009-12-14 06:46 ——– d—–w- c:\users\Jan\AppData\Roaming\ArcSoft
    2010-02-07 11:42 . 2009-12-13 19:44 ——– d—–w- c:\users\Jan\AppData\Roaming\Apple Computer
    2010-02-07 11:31 . 2009-12-13 20:00 ——– d—–w- c:\programdata\Symantec
    2010-02-07 11:31 . 2009-12-14 18:35 ——– d—–w- c:\programdata\Sony Corporation
    2010-02-07 11:31 . 2009-12-14 18:04 ——– d—–w- c:\programdata\Skype
    2010-02-07 11:31 . 2009-12-13 22:18 ——– d—–w- c:\programdata\ScanSoft
    2010-02-07 11:31 . 2010-01-21 04:33 ——– d—–w- c:\programdata\Office Genuine Advantage
    2010-02-07 11:31 . 2009-12-14 17:28 ——– d—–w- c:\programdata\Nero
    2010-02-07 11:30 . 2009-12-14 17:24 ——– d—–w- c:\programdata\DVD Shrink
    2010-02-07 11:30 . 2009-12-13 22:19 ——– d—–w- c:\programdata\InstallShield
    2010-02-07 11:30 . 2009-12-13 22:03 ——– d—–w- c:\programdata\DAEMON Tools Lite
    2010-02-07 11:30 . 2009-12-14 18:24 ——– d—–w- c:\programdata\Azureus
    2010-02-07 11:30 . 2009-12-13 22:01 ——– d–h–w- c:\programdata\CanonBJ
    2010-02-07 11:30 . 2009-12-13 19:43 ——– d—–w- c:\programdata\Apple Computer
    2010-02-07 11:30 . 2009-12-13 19:42 ——– d—–w- c:\programdata\Apple
    2010-02-07 11:30 . 2009-12-14 18:22 ——– d—–w- c:\program files\Vuze
    2010-02-07 11:30 . 2009-12-27 19:48 ——– d—–w- c:\program files\Symantec
    2010-02-07 11:30 . 2009-12-14 18:13 ——– d—–w- c:\program files\Spybot - Search & Destroy
    2010-02-07 11:29 . 2009-12-14 18:32 ——– d—–w- c:\program files\Sony
    2010-02-07 11:29 . 2009-12-14 18:04 ——– d—–r- c:\program files\Skype
    2010-02-07 11:28 . 2009-12-13 22:17 ——– d—–w- c:\program files\ScanSoft
    2010-02-07 11:28 . 2009-12-13 22:24 ——– d—–w- c:\program files\SAMSUNG
    2010-02-07 11:28 . 2009-12-13 19:43 ——– d—–w- c:\program files\Safari
    2010-02-07 11:28 . 2009-12-24 13:07 ——– d—–w- c:\program files\Realtek
    2010-02-07 11:28 . 2009-12-18 18:42 ——– d—–w- c:\program files\QuickTime
    2010-02-07 11:28 . 2009-12-13 20:27 ——– d—–w- c:\program files\PIXresizer
    2010-02-07 11:28 . 2009-12-14 17:56 ——– d—–w- c:\program files\Pegasys Inc
    2010-02-07 11:27 . 2009-12-27 19:46 ——– d—–w- c:\program files\Norton Ghost
    2010-02-07 11:27 . 2009-12-14 06:50 ——– d—–w- c:\program files\OLYMPUS
    2010-02-07 11:27 . 2009-12-14 17:28 ——– d—–w- c:\program files\Nero
    2010-02-07 11:27 . 2009-12-13 19:17 ——– d—–w- c:\program files\Microsoft Works
    2010-02-07 11:27 . 2009-12-13 19:16 ——– d—–w- c:\program files\Microsoft.NET
    2010-02-07 11:27 . 2009-07-14 04:52 ——– d—–w- c:\program files\MSBuild
    2010-02-07 11:27 . 2009-12-13 19:13 ——– d—–w- c:\program files\Microsoft Visual Studio 8
    2010-02-07 11:26 . 2009-12-24 13:08 ——– d—–w- c:\program files\JMicron
    2010-02-07 11:24 . 2009-12-13 19:42 ——– d—–w- c:\program files\Common Files\Apple
    2010-02-07 11:24 . 2009-12-13 20:22 ——– d—–w- c:\program files\CCleaner
    2010-02-07 11:23 . 2009-12-14 06:45 ——– d—–w- c:\program files\ArcSoft
    2010-02-07 11:23 . 2009-12-13 19:42 ——– d—–w- c:\program files\Apple Software Update
    2010-02-07 11:18 . 2010-02-07 11:18 0 —ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
    2010-02-06 16:45 . 2009-12-13 22:45 ——– d—–w- c:\users\Jan\AppData\Roaming\hpqLog
    2010-01-22 07:57 . 2010-01-22 07:57 90112 —-a-w- c:\users\Jan\AppData\Roaming\ChromePlus\1.3.6.0\Installer\ChromePlusUpgrade.exe
    2010-01-22 06:33 . 2010-01-22 06:33 49152 —-a-w- c:\users\Jan\AppData\Roaming\ChromePlus\1.3.6.0\IETab.dll
    2010-01-22 06:12 . 2010-01-22 06:12 529408 —-a-w- c:\users\Jan\AppData\Roaming\ChromePlus\old_chrome.exe
    2010-01-22 06:12 . 2010-01-22 06:12 15650816 —-a-w- c:\users\Jan\AppData\Roaming\ChromePlus\1.3.6.0\chrome.dll
    2010-01-22 04:37 . 2010-01-22 04:37 150016 —-a-w- c:\users\Jan\AppData\Roaming\ChromePlus\1.3.6.0\locales\it.dll
    2010-01-18 23:29 . 2010-02-10 16:08 85504 —-a-w- c:\windows\system32\secproc_ssp_isv.dll
    2010-01-18 23:29 . 2010-02-10 16:08 85504 —-a-w- c:\windows\system32\secproc_ssp.dll
    2010-01-18 23:29 . 2010-02-10 16:08 365568 —-a-w- c:\windows\system32\secproc_isv.dll
    2010-01-18 23:29 . 2010-02-10 16:08 369152 —-a-w- c:\windows\system32\secproc.dll
    2010-01-18 23:28 . 2010-02-10 16:08 324608 —-a-w- c:\windows\system32\RMActivate_isv.exe
    2010-01-18 23:28 . 2010-02-10 16:08 277504 —-a-w- c:\windows\system32\RMActivate_ssp_isv.exe
    2010-01-18 23:28 . 2010-02-10 16:08 320512 —-a-w- c:\windows\system32\RMActivate.exe
    2010-01-18 23:28 . 2010-02-10 16:08 280064 —-a-w- c:\windows\system32\RMActivate_ssp.exe
    2010-01-08 03:18 . 2010-02-10 16:08 221184 —-a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2010-01-08 03:17 . 2010-02-10 16:08 123392 —-a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-01-06 11:11 . 2010-01-06 11:11 98304 —-a-w- c:\users\Jan\AppData\Roaming\ChromePlus\1.3.6.0\IEHost.exe
    2010-01-06 08:11 . 2009-12-14 18:38 129520 ——w- c:\windows\system32\pxafs.dll
    2010-01-06 08:11 . 2009-12-14 17:56 120568 ——w- c:\windows\system32\pxcpyi64.exe
    2010-01-06 08:11 . 2009-12-14 17:56 118256 ——w- c:\windows\system32\pxinsi64.exe
    2010-01-02 14:40 . 2010-01-02 14:40 48648 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
    2010-01-02 14:39 . 2010-01-02 14:39 923456 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2009-12-31 15:45 . 2009-12-31 15:45 61440 —-a-r- c:\users\Jan\AppData\Roaming\Microsoft\Installer\{088348F9-1E7B-4269-A6A2-621FEC00DBB7}\Uninstall_Iomega_N_088348F91E7B4269A6A2621FEC00DBB7.exe
    2009-12-31 15:45 . 2009-12-31 15:45 61440 —-a-r- c:\users\Jan\AppData\Roaming\Microsoft\Installer\{088348F9-1E7B-4269-A6A2-621FEC00DBB7}\IOM_SHORTCUT_DESKT_088348F91E7B4269A6A2621FEC00DBB7_1.exe
    2009-12-31 15:45 . 2009-12-31 15:45 61440 —-a-r- c:\users\Jan\AppData\Roaming\Microsoft\Installer\{088348F9-1E7B-4269-A6A2-621FEC00DBB7}\IOM_SHORTCUT_DESKT_088348F91E7B4269A6A2621FEC00DBB7.exe
    2009-12-31 15:45 . 2009-12-31 15:45 61440 —-a-r- c:\users\Jan\AppData\Roaming\Microsoft\Installer\{088348F9-1E7B-4269-A6A2-621FEC00DBB7}\ARPPRODUCTICON.exe
    2009-12-19 09:02 . 2010-02-10 16:08 12288 —-a-w- c:\windows\system32\tsbyuv.dll
    2009-12-19 09:02 . 2010-02-10 16:08 1328640 —-a-w- c:\windows\system32\quartz.dll
    2009-12-19 09:02 . 2010-02-10 16:08 22016 —-a-w- c:\windows\system32\msyuv.dll
    2009-12-19 09:02 . 2010-02-10 16:08 31744 —-a-w- c:\windows\system32\msvidc32.dll
    2009-12-19 09:02 . 2010-02-10 16:08 13312 —-a-w- c:\windows\system32\msrle32.dll
    2009-06-10 21:26 . 2009-07-14 02:04 9633792 –sha-r- c:\windows\Fonts\StaticCache.dat
    2009-07-14 01:14 . 2009-07-13 23:42 396800 –sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
    2010-01-08 02:17 700416 —-a-w- c:\program files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll" [2010-01-08 700416]

    [HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
    "ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2010-01-26 1724728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2006-05-05 40960]
    "Norton Ghost 14.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2009-08-03 2250088]
    "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2006-05-05 36864]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
    "BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-02-07 1120704]
    "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
    "SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2010-01-08 974848]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-03 450652]
    "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 10:44 31072 —-a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
    2009-11-25 19:42 95632 —-a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

    R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\System32\drivers\BdfNdisf6.sys [19-10-2009 16:04 72200]
    R1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [19-10-2009 16:04 79368]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [14-7-2009 0:52 48128]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_62dfbbc3466d0409\AEstSrv.exe [2-3-2009 18:43 81920]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [18-8-2009 2:36 176128]
    R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [8-1-2010 0:51 380928]
    R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [22-9-2009 8:22 83208]
    R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [8-7-2009 13:48 26168]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [14-12-2009 19:13 1153368]
    R2 SSPORT;SSPORT;c:\windows\System32\drivers\SSPORT.SYS [13-12-2009 23:24 5120]
    R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\System32\dllhost.exe [14-7-2009 0:43 7168]
    R3 BDFM;BDFM;c:\windows\System32\drivers\bdfm.sys [10-11-2009 17:04 153448]
    R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [29-6-2009 10:17 59904]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [1-3-2009 23:05 139776]
    R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [20-12-2007 17:13 1562096]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\System32\drivers\vwifimp.sys [14-7-2009 0:52 14336]
    S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [13-12-2009 23:05 691696]
    S3 Arrakis3;BitDefender Arrakis-server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [19-10-2009 16:06 183880]
    S3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\System32\drivers\dc3d.sys [4-11-2009 2:59 17408]
    S3 fssfltr;fssfltr;c:\windows\System32\drivers\fssfltr.sys [7-2-2010 18:47 54632]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [5-8-2009 22:48 704864]
    S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [20-7-2009 19:39 116136]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\System32\Wat\WatAdminSvc.exe [21-2-2010 21:21 1343400]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bdx REG_MULTI_SZ scan
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.bing.com/?cc=be
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    .
    - - - - ORPHANS VERWIJDERD - - - -

    URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\program files\pdfforge Toolbar\SearchSettings.dll
    BHO-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\program files\pdfforge Toolbar\SearchSettings.dll
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)


    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Voltooingstijd: 2010-02-25 19:10:39
    ComboFix-quarantined-files.txt 2010-02-25 18:10

    Pre-Run: 434.936.815.616 bytes free
    Post-Run: 434.601.553.920 bytes free

    - - End Of File - - C745DBCC493783FD897A6E3C6A3B9D4F
  • Hallo Jan, doe het volgende:

    Open een nieuw kladblok bestand. (Start>Alle programma’s>Bureau-accessoires>Kladblok), kopieer en plak het volgende (vetgedrukte, blauwe
    tekst) in een leeg venster


    [b:1f0b478c21]
  • Dag Abraham54,
    Ik heb wat moeilijkheden gehad om bitdefender uit te schakelen. Ik hoop dat ik het goed heb gedaan.
    Hier is het logje:

    ComboFix 10-02-24.03 - Jan 25-02-2010 20:13:29.2.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1033.18.3070.2243 [GMT 1:00]
    Gestart vanuit: c:\users\Jan\Desktop\ComboFix.exe
    gebruikte Opdracht switches :: c:\users\Jan\Desktop\CFScript.txt
    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2010-01-25 to 2010-02-25 ))))))))))))))))))))))))))))))
    .

    2010-02-25 19:21 . 2010-02-25 19:21 ——– d—–w- c:\users\Public\AppData\Local\temp
    2010-02-25 19:21 . 2010-02-25 19:21 ——– d—–w- c:\users\Default\AppData\Local\temp
    2010-02-25 19:11 . 2010-02-25 19:11 ——– d—–w- C:\32788R22FWJFW
    2010-02-25 18:31 . 2010-02-25 18:31 ——– d—–w- c:\users\Jan\AppData\Local\Google
    2010-02-25 18:10 . 2010-02-25 19:21 ——– d—–w- c:\users\Jan\AppData\Local\temp
    2010-02-24 17:39 . 2010-02-24 17:39 524288 —-a-w- c:\users\Jan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Optimalisatie\dds.scr
    2010-02-24 17:25 . 2010-02-24 17:25 ——– d—–w- c:\users\Jan\AppData\Roaming\Malwarebytes
    2010-02-24 17:25 . 2010-01-07 15:07 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-02-24 17:25 . 2010-02-24 17:25 ——– d—–w- c:\programdata\Malwarebytes
    2010-02-24 17:25 . 2010-02-24 17:25 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2010-02-24 17:25 . 2010-01-07 15:07 19160 —-a-w- c:\windows\system32\drivers\mbam.sys
    2010-02-24 12:29 . 2009-12-13 09:30 641536 —-a-w- c:\windows\system32\CPFilters.dll
    2010-02-24 12:29 . 2009-12-13 09:30 465408 —-a-w- c:\windows\system32\psisdecd.dll
    2010-02-24 12:29 . 2009-12-13 09:29 417792 —-a-w- c:\windows\system32\msdri.dll
    2010-02-24 12:29 . 2010-02-02 07:45 2048 —-a-w- c:\windows\system32\tzres.dll
    2010-02-23 20:45 . 2010-02-23 20:56 ——– d—–w- c:\users\Jan\AppData\Local\Microsoft Games
    2010-02-23 20:01 . 2010-02-23 20:01 ——– d—–w- c:\program files\Trend Micro
    2010-02-22 20:24 . 2010-02-22 20:30 ——– d—–w- c:\program files\virtualStudio
    2010-02-21 20:32 . 2010-02-21 20:32 ——– d—–w- c:\users\Jan\AppData\Local\Symantec_Corporation
    2010-02-21 20:31 . 2010-02-21 20:35 ——– d—–w- C:\VProRecovery
    2010-02-21 20:21 . 2010-02-21 20:21 ——– d—–w- c:\windows\system32\Wat
    2010-02-21 19:24 . 2010-02-21 19:24 ——– d—–w- c:\users\Jan\AppData\Local\OLYMPUS
    2010-02-21 18:53 . 2010-02-21 18:53 109288 —-a-w- c:\users\Jan\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-02-21 18:36 . 2010-01-06 08:11 9200 ——w- c:\windows\system32\drivers\cdralw2k.sys
    2010-02-21 18:36 . 2010-01-06 08:11 9072 ——w- c:\windows\system32\drivers\cdr4_xp.sys
    2010-02-21 18:18 . 2010-02-21 18:18 ——– d—–w- c:\program files\Elaborate Bytes
    2010-02-21 17:07 . 2010-02-21 17:07 77824 —-a-w- c:\users\Jan\AppData\Roaming\XMind\configuration-cathy\org.eclipse.osgi\bundles\178\1\.cp\swt-xulrunner-win32-3555.dll
    2010-02-21 12:39 . 2010-02-21 12:58 ——– d—–w- c:\users\Jan\AppData\Roaming\CoreFTP
    2010-02-21 12:11 . 2010-02-21 12:11 77824 —-a-w- c:\users\Jan\AppData\Roaming\XMind\configuration-cathy\org.eclipse.osgi\bundles\178\1\.cp\swt-gdip-win32-3555.dll
    2010-02-21 12:11 . 2010-02-21 12:11 348160 —-a-w- c:\users\Jan\AppData\Roaming\XMind\configuration-cathy\org.eclipse.osgi\bundles\178\1\.cp\swt-win32-3555.dll
    2010-02-21 12:10 . 2010-02-21 12:11 ——– d—–w- c:\users\Jan\AppData\Roaming\XMind
    2010-02-21 12:09 . 2010-02-21 17:06 ——– d—–w- c:\program files\XMind
    2010-02-14 17:55 . 2010-02-14 17:55 411368 —-a-w- c:\windows\system32\deploytk.dll
    2010-02-14 09:29 . 2010-02-14 09:29 ——– d—–w- c:\programdata\SonicStage
    2010-02-10 20:00 . 2010-02-10 20:00 ——– d—–w- c:\program files\IDT
    2010-02-10 20:00 . 2009-03-02 16:57 142848 —-a-w- c:\windows\system32\aestacap.dll
    2010-02-10 20:00 . 2009-03-02 16:57 61440 —-a-w- c:\windows\system32\aestaren.dll
    2010-02-10 20:00 . 2009-03-02 16:08 368640 —-a-w- c:\windows\system32\aestecap.dll
    2010-02-10 20:00 . 2009-06-03 19:43 536576 —-a-w- c:\windows\system32\idtmini1.exe
    2010-02-10 20:00 . 2009-06-03 19:43 450652 —-a-w- c:\windows\sttray.exe
    2010-02-10 20:00 . 2009-06-03 19:43 3567616 —-a-w- c:\windows\system32\stlang.dll
    2010-02-10 20:00 . 2009-03-02 16:47 86016 —-a-w- c:\windows\system32\AESTCom.dll
    2010-02-10 20:00 . 2010-02-10 20:00 ——– d—–w- c:\windows\system32\SRSLabs
    2010-02-10 16:08 . 2009-12-08 11:40 3955288 —-a-w- c:\windows\system32
    tkrnlpa.exe
    2010-02-07 20:12 . 2010-02-07 12:06 ——– d—–w- c:\windows\Panther
    2010-02-07 19:49 . 2010-02-07 19:49 ——– d—–w- c:\program files\Application Updater
    2010-02-07 19:49 . 2010-02-25 18:01 ——– d—–w- c:\program files\pdfforge Toolbar
    2010-02-07 19:49 . 1998-07-05 23:00 23552 —-a-w- c:\windows\system32\MSMPIDE.DLL
    2010-02-07 19:49 . 2010-02-07 19:50 ——– d—–w- c:\program files\PDFCreator
    2010-02-07 18:12 . 2010-02-07 18:12 54082 —-a-w- c:\users\Jan\AppData\Roaming\ChromePlus\ChromePlus_uninstall.exe
    2010-02-07 18:12 . 2010-02-10 19:13 ——– d—–w- c:\users\Jan\AppData\Roaming\ChromePlus
    2010-02-07 17:53 . 2010-02-07 17:53 ——– d—–w- c:\program files\Common Files\Adobe
    2010-02-07 17:47 . 2010-02-07 17:47 ——– d—–w- c:\program files\Microsoft Office Outlook Connector
    2010-02-07 17:47 . 2009-08-05 21:48 54632 —-a-w- c:\windows\system32\drivers\fssfltr.sys
    2010-02-07 17:46 . 2010-02-07 17:46 ——– d—–w- c:\program files\Microsoft Sync Framework
    2010-02-07 17:45 . 2006-11-29 12:06 3426072 —-a-w- c:\windows\system32\d3dx9_32.dll
    2010-02-07 17:45 . 2010-02-07 17:45 ——– d—–w- c:\program files\Microsoft SQL Server Compact Edition
    2010-02-07 17:44 . 2010-02-07 17:44 ——– d—–w- c:\program files\Windows Live SkyDrive
    2010-02-07 17:44 . 2010-02-07 17:46 ——– d—–w- c:\program files\Windows Live
    2010-02-07 17:21 . 2010-02-07 17:55 ——– d—–w- c:\program files\Microsoft Silverlight
    2010-02-07 17:20 . 2010-02-07 17:44 ——– d—–w- c:\program files\Microsoft
    2010-02-07 17:19 . 2009-09-10 05:52 257024 —-a-w- c:\windows\system32\msv1_0.dll
    2010-02-07 17:10 . 2009-10-31 05:45 2614272 —-a-w- c:\windows\explorer.exe
    2010-02-07 17:10 . 2009-10-28 06:17 285696 —-a-w- c:\windows\system32\winlogon.exe
    2010-02-07 17:10 . 2009-12-19 09:02 977920 —-a-w- c:\windows\system32\wininet.dll
    2010-02-07 17:10 . 2009-10-19 14:10 108544 —-a-w- c:\windows\system32\t2embed.dll
    2010-02-07 17:10 . 2009-10-19 14:10 70656 —-a-w- c:\windows\system32\fontsub.dll
    2010-02-07 17:09 . 2009-08-29 06:57 34816 —-a-w- c:\windows\system32\msasn1.dll
    2010-02-07 17:09 . 2009-10-02 04:06 728648 —-a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2010-02-07 17:09 . 2009-09-03 07:04 1320960 —-a-w- c:\windows\system32\CertEnroll.dll
    2010-02-07 17:09 . 2009-08-19 07:20 442920 —-a-w- c:\windows\system32\winresume.exe
    2010-02-07 17:09 . 2009-08-19 07:20 507568 —-a-w- c:\windows\system32\winload.exe
    2010-02-07 17:09 . 2009-07-30 04:44 293888 —-a-w- c:\windows\system32\atmfd.dll
    2010-02-07 17:09 . 2009-08-29 06:54 12625408 —-a-w- c:\windows\system32\wmploc.DLL
    2010-02-07 15:30 . 2010-02-07 15:30 704320 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2010-02-07 13:08 . 2010-02-07 13:11 ——– d—–w- c:\programdata\BitDefender
    2010-02-07 13:08 . 2010-02-07 13:08 ——– d—–w- c:\users\Jan\AppData\Roaming\BitDefender
    2010-02-07 13:08 . 2010-02-07 13:08 ——– d—–w- c:\program files\BitDefender
    2010-02-07 13:07 . 2010-02-07 13:08 ——– d—–w- c:\program files\Common Files\BitDefender
    2010-02-07 12:09 . 2010-02-25 19:17 ——– d—–w- c:\windows\system32\wbem\Performance
    2010-02-07 11:55 . 2010-02-07 11:55 22508 —-a-w- c:\windows\system32\emptyregdb.dat
    2010-02-07 11:46 . 2010-02-07 11:46 ——– d—–w- c:\users\Default\AppData\Local\Microsoft Help
    2010-02-07 11:18 . 2010-02-07 11:18 0 —-a-w- c:\windows\ativpsrm.bin
    2010-02-06 16:36 . 2010-02-07 11:43 ——– d—–w- c:\users\Jan\AppData\Roaming\CheeseSoft
    2010-02-06 16:36 . 2010-02-07 11:25 ——– d—–w- c:\program files\FinalUninstaller
    2010-01-31 13:15 . 2010-02-07 11:25 ——– d—–w- c:\program files\DVDSmith Movie Backup
    2010-01-31 13:08 . 2010-02-07 11:32 ——– d—–w- c:\windows\Sun

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-02-25 19:13 . 2009-12-14 18:04 ——– d—–w- c:\users\Jan\AppData\Roaming\Skype
    2010-02-25 19:10 . 2009-12-14 18:10 ——– d—–w- c:\users\Jan\AppData\Roaming\skypePM
    2010-02-23 17:24 . 2009-12-14 18:13 ——– d—–w- c:\programdata\Spybot - Search & Destroy
    2010-02-21 20:13 . 2009-12-13 19:43 ——– d—–w- c:\program files\Bonjour
    2010-02-21 18:49 . 2009-12-13 20:17 ——– d—–w- c:\program files\Common Files\PX Storage Engine
    2010-02-21 18:08 . 2009-12-13 22:05 691696 —-a-w- c:\windows\system32\drivers\sptd.sys
    2010-02-21 18:00 . 2009-12-14 18:24 ——– d—–w- c:\users\Jan\AppData\Roaming\Azureus
    2010-02-20 10:28 . 2009-12-16 18:22 ——– d—–w- c:\users\Jan\AppData\Roaming\Canon
    2010-02-17 14:39 . 2009-12-14 18:07 ——– d—–w- c:\program files\Spector Photo Software
    2010-02-15 16:58 . 2009-11-10 16:04 153448 —-a-w- c:\windows\system32\drivers\bdfm.sys
    2010-02-15 16:58 . 2009-11-10 16:03 106464 —-a-w- c:\windows\system32\drivers\bdhv.sys
    2010-02-14 17:56 . 2009-12-13 19:52 ——– d—–w- c:\program files\Common Files\Java
    2010-02-14 17:55 . 2009-12-13 19:52 ——– d—–w- c:\program files\Java
    2010-02-14 09:29 . 2009-12-14 18:30 ——– d—–w- c:\users\Jan\AppData\Roaming\Sony Corporation
    2010-02-10 18:47 . 2009-12-13 19:11 ——– d—–w- c:\programdata\Microsoft Help
    2010-02-07 17:54 . 2009-12-13 19:01 132 —-a-w- c:\windows\system32\rezumatenoi.dat
    2010-02-07 15:30 . 2009-07-14 04:52 ——– d—–w- c:\program files\Windows Sidebar
    2010-02-07 15:30 . 2009-07-14 02:37 ——– d—–w- c:\program files\Windows Mail
    2010-02-07 15:30 . 2009-07-14 07:49 ——– d—–w- c:\program files\Windows Journal
    2010-02-07 15:30 . 2009-07-14 04:52 ——– d—–w- c:\program files\Windows Photo Viewer
    2010-02-07 15:30 . 2009-07-14 04:52 ——– d—–w- c:\program files\Windows Defender
    2010-02-07 11:43 . 2010-01-02 15:02 ——– d—–w- c:\users\Jan\AppData\Roaming\vlc
    2010-02-07 11:43 . 2009-12-13 22:21 ——– d—–w- c:\users\Jan\AppData\Roaming\Zeon
    2010-02-07 11:43 . 2009-12-13 20:32 ——– d—–w- c:\users\Jan\AppData\Roaming\Symantec
    2010-02-07 11:43 . 2009-12-14 18:10 ——– d—–w- c:\users\Jan\AppData\Roaming\SPB
    2010-02-07 11:43 . 2009-12-24 15:42 ——– d—–w- c:\users\Jan\AppData\Roaming\Nero
    2010-02-07 11:43 . 2009-12-13 22:20 ——– d—–w- c:\users\Jan\AppData\Roaming\ScanSoft
    2010-02-07 11:43 . 2009-12-13 23:00 ——– d—–w- c:\users\Jan\AppData\Roaming\Cropper
    2010-02-07 11:43 . 2009-12-13 22:03 ——– d—–w- c:\users\Jan\AppData\Roaming\DAEMON Tools Lite
    2010-02-07 11:43 . 2009-12-14 06:46 ——– d—–w- c:\users\Jan\AppData\Roaming\ArcSoft
    2010-02-07 11:42 . 2009-12-13 19:44 ——– d—–w- c:\users\Jan\AppData\Roaming\Apple Computer
    2010-02-07 11:31 . 2009-12-13 20:00 ——– d—–w- c:\programdata\Symantec
    2010-02-07 11:31 . 2009-12-14 18:35 ——– d—–w- c:\programdata\Sony Corporation
    2010-02-07 11:31 . 2009-12-14 18:04 ——– d—–w- c:\programdata\Skype
    2010-02-07 11:31 . 2009-12-13 22:18 ——– d—–w- c:\programdata\ScanSoft
    2010-02-07 11:31 . 2010-01-21 04:33 ——– d—–w- c:\programdata\Office Genuine Advantage
    2010-02-07 11:31 . 2009-12-14 17:28 ——– d—–w- c:\programdata\Nero
    2010-02-07 11:30 . 2009-12-14 17:24 ——– d—–w- c:\programdata\DVD Shrink
    2010-02-07 11:30 . 2009-12-13 22:19 ——– d—–w- c:\programdata\InstallShield
    2010-02-07 11:30 . 2009-12-13 22:03 ——– d—–w- c:\programdata\DAEMON Tools Lite
    2010-02-07 11:30 . 2009-12-14 18:24 ——– d—–w- c:\programdata\Azureus
    2010-02-07 11:30 . 2009-12-13 22:01 ——– d–h–w- c:\programdata\CanonBJ
    2010-02-07 11:30 . 2009-12-13 19:43 ——– d—–w- c:\programdata\Apple Computer
    2010-02-07 11:30 . 2009-12-13 19:42 ——– d—–w- c:\programdata\Apple
    2010-02-07 11:30 . 2009-12-14 18:22 ——– d—–w- c:\program files\Vuze
    2010-02-07 11:30 . 2009-12-27 19:48 ——– d—–w- c:\program files\Symantec
    2010-02-07 11:30 . 2009-12-14 18:13 ——– d—–w- c:\program files\Spybot - Search & Destroy
    2010-02-07 11:29 . 2009-12-14 18:32 ——– d—–w- c:\program files\Sony
    2010-02-07 11:29 . 2009-12-14 18:04 ——– d—–r- c:\program files\Skype
    2010-02-07 11:28 . 2009-12-13 22:17 ——– d—–w- c:\program files\ScanSoft
    2010-02-07 11:28 . 2009-12-13 22:24 ——– d—–w- c:\program files\SAMSUNG
    2010-02-07 11:28 . 2009-12-13 19:43 ——– d—–w- c:\program files\Safari
    2010-02-07 11:28 . 2009-12-24 13:07 ——– d—–w- c:\program files\Realtek
    2010-02-07 11:28 . 2009-12-18 18:42 ——– d—–w- c:\program files\QuickTime
    2010-02-07 11:28 . 2009-12-13 20:27 ——– d—–w- c:\program files\PIXresizer
    2010-02-07 11:28 . 2009-12-14 17:56 ——– d—–w- c:\program files\Pegasys Inc
    2010-02-07 11:27 . 2009-12-27 19:46 ——– d—–w- c:\program files\Norton Ghost
    2010-02-07 11:27 . 2009-12-14 06:50 ——– d—–w- c:\program files\OLYMPUS
    2010-02-07 11:27 . 2009-12-14 17:28 ——– d—–w- c:\program files\Nero
    2010-02-07 11:27 . 2009-12-13 19:17 ——– d—–w- c:\program files\Microsoft Works
    2010-02-07 11:27 . 2009-12-13 19:16 ——– d—–w- c:\program files\Microsoft.NET
    2010-02-07 11:27 . 2009-07-14 04:52 ——– d—–w- c:\program files\MSBuild
    2010-02-07 11:27 . 2009-12-13 19:13 ——– d—–w- c:\program files\Microsoft Visual Studio 8
    2010-02-07 11:26 . 2009-12-24 13:08 ——– d—–w- c:\program files\JMicron
    2010-02-07 11:24 . 2009-12-13 19:42 ——– d—–w- c:\program files\Common Files\Apple
    2010-02-07 11:24 . 2009-12-13 20:22 ——– d—–w- c:\program files\CCleaner
    2010-02-07 11:23 . 2009-12-14 06:45 ——– d—–w- c:\program files\ArcSoft
    2010-02-07 11:23 . 2009-12-13 19:42 ——– d—–w- c:\program files\Apple Software Update
    2010-02-07 11:18 . 2010-02-07 11:18 0 —ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
    2010-02-06 16:45 . 2009-12-13 22:45 ——– d—–w- c:\users\Jan\AppData\Roaming\hpqLog
    2010-01-22 07:57 . 2010-01-22 07:57 90112 —-a-w- c:\users\Jan\AppData\Roaming\ChromePlus\1.3.6.0\Installer\ChromePlusUpgrade.exe
    2010-01-22 06:33 . 2010-01-22 06:33 49152 —-a-w- c:\users\Jan\AppData\Roaming\ChromePlus\1.3.6.0\IETab.dll
    2010-01-22 06:12 . 2010-01-22 06:12 529408 —-a-w- c:\users\Jan\AppData\Roaming\ChromePlus\old_chrome.exe
    2010-01-22 06:12 . 2010-01-22 06:12 15650816 —-a-w- c:\users\Jan\AppData\Roaming\ChromePlus\1.3.6.0\chrome.dll
    2010-01-22 04:37 . 2010-01-22 04:37 150016 —-a-w- c:\users\Jan\AppData\Roaming\ChromePlus\1.3.6.0\locales\it.dll
    2010-01-18 23:29 . 2010-02-10 16:08 85504 —-a-w- c:\windows\system32\secproc_ssp_isv.dll
    2010-01-18 23:29 . 2010-02-10 16:08 85504 —-a-w- c:\windows\system32\secproc_ssp.dll
    2010-01-18 23:29 . 2010-02-10 16:08 365568 —-a-w- c:\windows\system32\secproc_isv.dll
    2010-01-18 23:29 . 2010-02-10 16:08 369152 —-a-w- c:\windows\system32\secproc.dll
    2010-01-18 23:28 . 2010-02-10 16:08 324608 —-a-w- c:\windows\system32\RMActivate_isv.exe
    2010-01-18 23:28 . 2010-02-10 16:08 277504 —-a-w- c:\windows\system32\RMActivate_ssp_isv.exe
    2010-01-18 23:28 . 2010-02-10 16:08 320512 —-a-w- c:\windows\system32\RMActivate.exe
    2010-01-18 23:28 . 2010-02-10 16:08 280064 —-a-w- c:\windows\system32\RMActivate_ssp.exe
    2010-01-08 03:18 . 2010-02-10 16:08 221184 —-a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2010-01-08 03:17 . 2010-02-10 16:08 123392 —-a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-01-06 11:11 . 2010-01-06 11:11 98304 —-a-w- c:\users\Jan\AppData\Roaming\ChromePlus\1.3.6.0\IEHost.exe
    2010-01-06 08:11 . 2009-12-14 18:38 129520 ——w- c:\windows\system32\pxafs.dll
    2010-01-06 08:11 . 2009-12-14 17:56 120568 ——w- c:\windows\system32\pxcpyi64.exe
    2010-01-06 08:11 . 2009-12-14 17:56 118256 ——w- c:\windows\system32\pxinsi64.exe
    2010-01-02 14:40 . 2010-01-02 14:40 48648 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
    2010-01-02 14:39 . 2010-01-02 14:39 923456 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2009-12-31 15:45 . 2009-12-31 15:45 61440 —-a-r- c:\users\Jan\AppData\Roaming\Microsoft\Installer\{088348F9-1E7B-4269-A6A2-621FEC00DBB7}\Uninstall_Iomega_N_088348F91E7B4269A6A2621FEC00DBB7.exe
    2009-12-31 15:45 . 2009-12-31 15:45 61440 —-a-r- c:\users\Jan\AppData\Roaming\Microsoft\Installer\{088348F9-1E7B-4269-A6A2-621FEC00DBB7}\IOM_SHORTCUT_DESKT_088348F91E7B4269A6A2621FEC00DBB7_1.exe
    2009-12-31 15:45 . 2009-12-31 15:45 61440 —-a-r- c:\users\Jan\AppData\Roaming\Microsoft\Installer\{088348F9-1E7B-4269-A6A2-621FEC00DBB7}\IOM_SHORTCUT_DESKT_088348F91E7B4269A6A2621FEC00DBB7.exe
    2009-12-31 15:45 . 2009-12-31 15:45 61440 —-a-r- c:\users\Jan\AppData\Roaming\Microsoft\Installer\{088348F9-1E7B-4269-A6A2-621FEC00DBB7}\ARPPRODUCTICON.exe
    2009-12-19 09:02 . 2010-02-10 16:08 12288 —-a-w- c:\windows\system32\tsbyuv.dll
    2009-12-19 09:02 . 2010-02-10 16:08 1328640 —-a-w- c:\windows\system32\quartz.dll
    2009-12-19 09:02 . 2010-02-10 16:08 22016 —-a-w- c:\windows\system32\msyuv.dll
    2009-12-19 09:02 . 2010-02-10 16:08 31744 —-a-w- c:\windows\system32\msvidc32.dll
    2009-12-19 09:02 . 2010-02-10 16:08 13312 —-a-w- c:\windows\system32\msrle32.dll
    2009-06-10 21:26 . 2009-07-14 02:04 9633792 –sha-r- c:\windows\Fonts\StaticCache.dat
    2009-07-14 01:14 . 2009-07-13 23:42 396800 –sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-02-25_18.03.36 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-02-07 11:19 . 2010-02-25 19:09 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-02-07 11:19 . 2010-02-25 17:30 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-02-07 11:19 . 2010-02-25 17:30 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2010-02-07 11:19 . 2010-02-25 19:09 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:41 . 2010-02-25 19:09 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:41 . 2010-02-25 17:30 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2010-02-07 11:56 . 2010-02-25 17:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-02-07 11:56 . 2010-02-25 19:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-02-07 11:56 . 2010-02-25 19:10 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2010-02-07 11:56 . 2010-02-25 17:32 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2010-02-07 11:56 . 2010-02-25 17:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-02-07 11:56 . 2010-02-25 19:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-02-07 11:56 . 2010-02-25 19:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-02-07 11:56 . 2010-02-25 17:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-12-14 18:02 . 2010-02-25 19:03 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
    - 2009-12-14 18:02 . 2010-02-25 17:36 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
    - 2009-12-14 18:02 . 2010-02-25 17:36 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
    + 2009-12-14 18:02 . 2010-02-25 19:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
    - 2009-12-14 18:02 . 2010-02-25 17:36 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
    + 2009-12-14 18:02 . 2010-02-25 19:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
    + 2010-02-07 11:56 . 2010-02-25 19:10 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2010-02-07 11:56 . 2010-02-25 17:36 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2010-02-07 11:56 . 2010-02-25 19:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2010-02-07 11:56 . 2010-02-25 17:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2010-02-25 17:30 . 2010-02-25 17:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2010-02-25 19:09 . 2010-02-25 19:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2010-02-25 17:30 . 2010-02-25 17:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2010-02-25 19:09 . 2010-02-25 19:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-07-14 02:05 . 2010-02-25 19:17 610094 c:\windows\System32\perfh009.dat
    - 2009-07-14 02:05 . 2010-02-25 17:35 610094 c:\windows\System32\perfh009.dat
    - 2009-07-14 02:05 . 2010-02-25 17:35 104412 c:\windows\System32\perfc009.dat
    + 2009-07-14 02:05 . 2010-02-25 19:17 104412 c:\windows\System32\perfc009.dat
    + 2009-07-14 02:03 . 2010-02-25 18:56 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
    - 2009-07-14 02:03 . 2010-02-25 17:56 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
    2010-01-08 02:17 700416 —-a-w- c:\program files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll" [2010-01-08 700416]

    [HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
    "ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2010-01-26 1724728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2006-05-05 40960]
    "Norton Ghost 14.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2009-08-03 2250088]
    "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2006-05-05 36864]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
    "SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2010-01-08 974848]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-03 450652]
    "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
    2010-02-07 13:15 1120704 —-a-w- c:\program files\BitDefender\BitDefender 2010\bdagent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper]
    2009-10-19 15:05 71152 —-a-w- c:\program files\BitDefender\BitDefender 2010\ieshow.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 10:44 31072 —-a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
    2009-11-25 19:42 95632 —-a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

    R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\System32\drivers\BdfNdisf6.sys [19-10-2009 16:04 72200]
    R1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [19-10-2009 16:04 79368]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [14-7-2009 0:52 48128]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_62dfbbc3466d0409\AEstSrv.exe [2-3-2009 18:43 81920]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [18-8-2009 2:36 176128]
    R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [8-1-2010 0:51 380928]
    R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [22-9-2009 8:22 83208]
    R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [8-7-2009 13:48 26168]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [14-12-2009 19:13 1153368]
    R2 SSPORT;SSPORT;c:\windows\System32\drivers\SSPORT.SYS [13-12-2009 23:24 5120]
    R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\System32\dllhost.exe [14-7-2009 0:43 7168]
    R3 BDFM;BDFM;c:\windows\System32\drivers\bdfm.sys [10-11-2009 17:04 153448]
    R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [29-6-2009 10:17 59904]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [1-3-2009 23:05 139776]
    R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [20-12-2007 17:13 1562096]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\System32\drivers\vwifimp.sys [14-7-2009 0:52 14336]
    S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [13-12-2009 23:05 691696]
    S3 Arrakis3;BitDefender Arrakis-server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [19-10-2009 16:06 183880]
    S3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\System32\drivers\dc3d.sys [4-11-2009 2:59 17408]
    S3 fssfltr;fssfltr;c:\windows\System32\drivers\fssfltr.sys [7-2-2010 18:47 54632]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [5-8-2009 22:48 704864]
    S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [20-7-2009 19:39 116136]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\System32\Wat\WatAdminSvc.exe [21-2-2010 21:21 1343400]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bdx REG_MULTI_SZ scan
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.bing.com/?cc=be
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    .
    - - - - ORPHANS VERWIJDERD - - - -

    URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)


    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Voltooingstijd: 2010-02-25 20:24:34
    ComboFix-quarantined-files.txt 2010-02-25 19:24
    ComboFix2.txt 2010-02-25 18:10

    Pre-Run: 434.677.506.048 bytes free
    Post-Run: 434.607.693.824 bytes free

    - - End Of File - - 5D7C342FBAB89FF474D85223040F28D5
  • Hmmm, je hebt inmiddels Google's Chromebrowser geïnstalleerd en de malware is niet verwijderd.

    Mogelijk dat aanpassing van het script er wel voor gaat zorgen!


    Open dus opnieuw een nieuw kladblok bestand. (Start>Alle programma’s>Bureau-accessoires>Kladblok), kopieer en plak het volgende (vetgedrukte, blauwe
    tekst) in een leeg venster


    [b:f16b55b6b5]
  • Daar gaan we:
    ComboFix 10-02-25.02 - Jan 25-02-2010 20:55:03.3.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1033.18.3070.2094 [GMT 1:00]
    Gestart vanuit: c:\users\Jan\Desktop\ComboFix.exe
    gebruikte Opdracht switches :: c:\users\Jan\Desktop\CFScript.txt
    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

    FILE ::
    "c:\windows\system32\pxcpyi64.exe"
    "c:\windows\system32\pxinsi64.exe"
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\pxcpyi64.exe
    c:\windows\system32\pxinsi64.exe

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2010-01-25 to 2010-02-25 ))))))))))))))))))))))))))))))
    .

    2010-02-25 20:01 . 2010-02-25 20:01 ——– d—–w- c:\users\Jan\AppData\Local\temp
    2010-02-25 20:01 . 2010-02-25 20:01 ——– d—–w- c:\users\Public\AppData\Local\temp
    2010-02-25 20:01 . 2010-02-25 20:01 ——– d—–w- c:\users\Default\AppData\Local\temp
    2010-02-25 19:53 . 2010-02-25 19:53 ——– d—–w- C:\32788R22FWJFW
    2010-02-25 18:31 . 2010-02-25 18:31 ——– d—–w- c:\users\Jan\AppData\Local\Google
    2010-02-24 17:39 . 2010-02-24 17:39 524288 —-a-w- c:\users\Jan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Optimalisatie\dds.scr
    2010-02-24 17:25 . 2010-02-24 17:25 ——– d—–w- c:\users\Jan\AppData\Roaming\Malwarebytes
    2010-02-24 17:25 . 2010-01-07 15:07 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-02-24 17:25 . 2010-02-24 17:25 ——– d—–w- c:\programdata\Malwarebytes
    2010-02-24 17:25 . 2010-02-24 17:25 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2010-02-24 17:25 . 2010-01-07 15:07 19160 —-a-w- c:\windows\system32\drivers\mbam.sys
    2010-02-24 12:29 . 2009-12-13 09:30 641536 —-a-w- c:\windows\system32\CPFilters.dll
    2010-02-24 12:29 . 2009-12-13 09:30 465408 —-a-w- c:\windows\system32\psisdecd.dll
    2010-02-24 12:29 . 2009-12-13 09:29 417792 —-a-w- c:\windows\system32\msdri.dll
    2010-02-24 12:29 . 2010-02-02 07:45 2048 —-a-w- c:\windows\system32\tzres.dll
    2010-02-23 20:45 . 2010-02-23 20:56 ——– d—–w- c:\users\Jan\AppData\Local\Microsoft Games
    2010-02-23 20:01 . 2010-02-23 20:01 ——– d—–w- c:\program files\Trend Micro
    2010-02-22 20:24 . 2010-02-22 20:30 ——– d—–w- c:\program files\virtualStudio
    2010-02-21 20:32 . 2010-02-21 20:32 ——– d—–w- c:\users\Jan\AppData\Local\Symantec_Corporation
    2010-02-21 20:31 . 2010-02-21 20:35 ——– d—–w- C:\VProRecovery
    2010-02-21 20:21 . 2010-02-21 20:21 ——– d—–w- c:\windows\system32\Wat
    2010-02-21 19:24 . 2010-02-21 19:24 ——– d—–w- c:\users\Jan\AppData\Local\OLYMPUS
    2010-02-21 18:53 . 2010-02-21 18:53 109288 —-a-w- c:\users\Jan\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-02-21 18:36 . 2010-01-06 08:11 9200 ——w- c:\windows\system32\drivers\cdralw2k.sys
    2010-02-21 18:36 . 2010-01-06 08:11 9072 ——w- c:\windows\system32\drivers\cdr4_xp.sys
    2010-02-21 18:18 . 2010-02-21 18:18 ——– d—–w- c:\program files\Elaborate Bytes
    2010-02-21 17:07 . 2010-02-21 17:07 77824 —-a-w- c:\users\Jan\AppData\Roaming\XMind\configuration-cathy\org.eclipse.osgi\bundles\178\1\.cp\swt-xulrunner-win32-3555.dll
    2010-02-21 12:39 . 2010-02-21 12:58 ——– d—–w- c:\users\Jan\AppData\Roaming\CoreFTP
    2010-02-21 12:11 . 2010-02-21 12:11 77824 —-a-w- c:\users\Jan\AppData\Roaming\XMind\configuration-cathy\org.eclipse.osgi\bundles\178\1\.cp\swt-gdip-win32-3555.dll
    2010-02-21 12:11 . 2010-02-21 12:11 348160 —-a-w- c:\users\Jan\AppData\Roaming\XMind\configuration-cathy\org.eclipse.osgi\bundles\178\1\.cp\swt-win32-3555.dll
    2010-02-21 12:10 . 2010-02-21 12:11 ——– d—–w- c:\users\Jan\AppData\Roaming\XMind
    2010-02-21 12:09 . 2010-02-21 17:06 ——– d—–w- c:\program files\XMind
    2010-02-14 17:55 . 2010-02-14 17:55 411368 —-a-w- c:\windows\system32\deploytk.dll
    2010-02-14 09:29 . 2010-02-14 09:29 ——– d—–w- c:\programdata\SonicStage
    2010-02-10 20:00 . 2010-02-10 20:00 ——– d—–w- c:\program files\IDT
    2010-02-10 20:00 . 2009-03-02 16:57 142848 —-a-w- c:\windows\system32\aestacap.dll
    2010-02-10 20:00 . 2009-03-02 16:57 61440 —-a-w- c:\windows\system32\aestaren.dll
    2010-02-10 20:00 . 2009-03-02 16:08 368640 —-a-w- c:\windows\system32\aestecap.dll
    2010-02-10 20:00 . 2009-06-03 19:43 536576 —-a-w- c:\windows\system32\idtmini1.exe
    2010-02-10 20:00 . 2009-06-03 19:43 450652 —-a-w- c:\windows\sttray.exe
    2010-02-10 20:00 . 2009-06-03 19:43 3567616 —-a-w- c:\windows\system32\stlang.dll
    2010-02-10 20:00 . 2009-03-02 16:47 86016 —-a-w- c:\windows\system32\AESTCom.dll
    2010-02-10 20:00 . 2010-02-10 20:00 ——– d—–w- c:\windows\system32\SRSLabs
    2010-02-10 16:08 . 2009-12-08 11:40 3955288 —-a-w- c:\windows\system32
    tkrnlpa.exe
    2010-02-07 20:12 . 2010-02-07 12:06 ——– d—–w- c:\windows\Panther
    2010-02-07 19:49 . 2010-02-07 19:49 ——– d—–w- c:\program files\Application Updater
    2010-02-07 19:49 . 2010-02-25 18:01 ——– d—–w- c:\program files\pdfforge Toolbar
    2010-02-07 19:49 . 1998-07-05 23:00 23552 —-a-w- c:\windows\system32\MSMPIDE.DLL
    2010-02-07 19:49 . 2010-02-07 19:50 ——– d—–w- c:\program files\PDFCreator
    2010-02-07 18:12 . 2010-02-07 18:12 54082 —-a-w- c:\users\Jan\AppData\Roaming\ChromePlus\ChromePlus_uninstall.exe
    2010-02-07 18:12 . 2010-02-10 19:13 ——– d—–w- c:\users\Jan\AppData\Roaming\ChromePlus
    2010-02-07 17:53 . 2010-02-07 17:53 ——– d—–w- c:\program files\Common Files\Adobe
    2010-02-07 17:47 . 2010-02-07 17:47 ——– d—–w- c:\program files\Microsoft Office Outlook Connector
    2010-02-07 17:47 . 2009-08-05 21:48 54632 —-a-w- c:\windows\system32\drivers\fssfltr.sys
    2010-02-07 17:46 . 2010-02-07 17:46 ——– d—–w- c:\program files\Microsoft Sync Framework
    2010-02-07 17:45 . 2006-11-29 12:06 3426072 —-a-w- c:\windows\system32\d3dx9_32.dll
    2010-02-07 17:45 . 2010-02-07 17:45 ——– d—–w- c:\program files\Microsoft SQL Server Compact Edition
    2010-02-07 17:44 . 2010-02-07 17:44 ——– d—–w- c:\program files\Windows Live SkyDrive
    2010-02-07 17:44 . 2010-02-07 17:46 ——– d—–w- c:\program files\Windows Live
    2010-02-07 17:21 . 2010-02-07 17:55 ——– d—–w- c:\program files\Microsoft Silverlight
    2010-02-07 17:20 . 2010-02-07 17:44 ——– d—–w- c:\program files\Microsoft
    2010-02-07 17:19 . 2009-09-10 05:52 257024 —-a-w- c:\windows\system32\msv1_0.dll
    2010-02-07 17:10 . 2009-10-31 05:45 2614272 —-a-w- c:\windows\explorer.exe
    2010-02-07 17:10 . 2009-10-28 06:17 285696 —-a-w- c:\windows\system32\winlogon.exe
    2010-02-07 17:10 . 2009-12-19 09:02 977920 —-a-w- c:\windows\system32\wininet.dll
    2010-02-07 17:10 . 2009-10-19 14:10 108544 —-a-w- c:\windows\system32\t2embed.dll
    2010-02-07 17:10 . 2009-10-19 14:10 70656 —-a-w- c:\windows\system32\fontsub.dll
    2010-02-07 17:09 . 2009-08-29 06:57 34816 —-a-w- c:\windows\system32\msasn1.dll
    2010-02-07 17:09 . 2009-10-02 04:06 728648 —-a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2010-02-07 17:09 . 2009-09-03 07:04 1320960 —-a-w- c:\windows\system32\CertEnroll.dll
    2010-02-07 17:09 . 2009-08-19 07:20 442920 —-a-w- c:\windows\system32\winresume.exe
    2010-02-07 17:09 . 2009-08-19 07:20 507568 —-a-w- c:\windows\system32\winload.exe
    2010-02-07 17:09 . 2009-07-30 04:44 293888 —-a-w- c:\windows\system32\atmfd.dll
    2010-02-07 17:09 . 2009-08-29 06:54 12625408 —-a-w- c:\windows\system32\wmploc.DLL
    2010-02-07 15:30 . 2010-02-07 15:30 704320 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2010-02-07 13:08 . 2010-02-07 13:11 ——– d—–w- c:\programdata\BitDefender
    2010-02-07 13:08 . 2010-02-07 13:08 ——– d—–w- c:\users\Jan\AppData\Roaming\BitDefender
    2010-02-07 13:08 . 2010-02-07 13:08 ——– d—–w- c:\program files\BitDefender
    2010-02-07 13:07 . 2010-02-07 13:08 ——– d—–w- c:\program files\Common Files\BitDefender
    2010-02-07 12:09 . 2010-02-25 19:17 ——– d—–w- c:\windows\system32\wbem\Performance
    2010-02-07 11:55 . 2010-02-07 11:55 22508 —-a-w- c:\windows\system32\emptyregdb.dat
    2010-02-07 11:46 . 2010-02-07 11:46 ——– d—–w- c:\users\Default\AppData\Local\Microsoft Help
    2010-02-07 11:18 . 2010-02-07 11:18 0 —-a-w- c:\windows\ativpsrm.bin
    2010-02-06 16:36 . 2010-02-07 11:43 ——– d—–w- c:\users\Jan\AppData\Roaming\CheeseSoft
    2010-02-06 16:36 . 2010-02-07 11:25 ——– d—–w- c:\program files\FinalUninstaller
    2010-01-31 13:15 . 2010-02-07 11:25 ——– d—–w- c:\program files\DVDSmith Movie Backup
    2010-01-31 13:08 . 2010-02-07 11:32 ——– d—–w- c:\windows\Sun

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-02-25 19:25 . 2009-12-14 18:04 ——– d—–w- c:\users\Jan\AppData\Roaming\Skype
    2010-02-25 19:10 . 2009-12-14 18:10 ——– d—–w- c:\users\Jan\AppData\Roaming\skypePM
    2010-02-23 17:24 . 2009-12-14 18:13 ——– d—–w- c:\programdata\Spybot - Search & Destroy
    2010-02-21 20:13 . 2009-12-13 19:43 ——– d—–w- c:\program files\Bonjour
    2010-02-21 18:49 . 2009-12-13 20:17 ——– d—–w- c:\program files\Common Files\PX Storage Engine
    2010-02-21 18:08 . 2009-12-13 22:05 691696 —-a-w- c:\windows\system32\drivers\sptd.sys
    2010-02-21 18:00 . 2009-12-14 18:24 ——– d—–w- c:\users\Jan\AppData\Roaming\Azureus
    2010-02-20 10:28 . 2009-12-16 18:22 ——– d—–w- c:\users\Jan\AppData\Roaming\Canon
    2010-02-17 14:39 . 2009-12-14 18:07 ——– d—–w- c:\program files\Spector Photo Software
    2010-02-15 16:58 . 2009-11-10 16:04 153448 —-a-w- c:\windows\system32\drivers\bdfm.sys
    2010-02-15 16:58 . 2009-11-10 16:03 106464 —-a-w- c:\windows\system32\drivers\bdhv.sys
    2010-02-14 17:56 . 2009-12-13 19:52 ——– d—–w- c:\program files\Common Files\Java
    2010-02-14 17:55 . 2009-12-13 19:52 ——– d—–w- c:\program files\Java
    2010-02-14 09:29 . 2009-12-14 18:30 ——– d—–w- c:\users\Jan\AppData\Roaming\Sony Corporation
    2010-02-10 18:47 . 2009-12-13 19:11 ——– d—–w- c:\programdata\Microsoft Help
    2010-02-07 17:54 . 2009-12-13 19:01 132 —-a-w- c:\windows\system32\rezumatenoi.dat
    2010-02-07 15:30 . 2009-07-14 04:52 ——– d—–w- c:\program files\Windows Sidebar
    2010-02-07 15:30 . 2009-07-14 02:37 ——– d—–w- c:\program files\Windows Mail
    2010-02-07 15:30 . 2009-07-14 07:49 ——– d—–w- c:\program files\Windows Journal
    2010-02-07 15:30 . 2009-07-14 04:52 ——– d—–w- c:\program files\Windows Photo Viewer
    2010-02-07 15:30 . 2009-07-14 04:52 ——– d—–w- c:\program files\Windows Defender
    2010-02-07 11:43 . 2010-01-02 15:02 ——– d—–w- c:\users\Jan\AppData\Roaming\vlc
    2010-02-07 11:43 . 2009-12-13 22:21 ——– d—–w- c:\users\Jan\AppData\Roaming\Zeon
    2010-02-07 11:43 . 2009-12-13 20:32 ——– d—–w- c:\users\Jan\AppData\Roaming\Symantec
    2010-02-07 11:43 . 2009-12-14 18:10 ——– d—–w- c:\users\Jan\AppData\Roaming\SPB
    2010-02-07 11:43 . 2009-12-24 15:42 ——– d—–w- c:\users\Jan\AppData\Roaming\Nero
    2010-02-07 11:43 . 2009-12-13 22:20 ——– d—–w- c:\users\Jan\AppData\Roaming\ScanSoft
    2010-02-07 11:43 . 2009-12-13 23:00 ——– d—–w- c:\users\Jan\AppData\Roaming\Cropper
    2010-02-07 11:43 . 2009-12-13 22:03 ——– d—–w- c:\users\Jan\AppData\Roaming\DAEMON Tools Lite
    2010-02-07 11:43 . 2009-12-14 06:46 ——– d—–w- c:\users\Jan\AppData\Roaming\ArcSoft
    2010-02-07 11:42 . 2009-12-13 19:44 ——– d—–w- c:\users\Jan\AppData\Roaming\Apple Computer
    2010-02-07 11:31 . 2009-12-13 20:00 ——– d—–w- c:\programdata\Symantec
    2010-02-07 11:31 . 2009-12-14 18:35 ——– d—–w- c:\programdata\Sony Corporation
    2010-02-07 11:31 . 2009-12-14 18:04 ——– d—–w- c:\programdata\Skype
    2010-02-07 11:31 . 2009-12-13 22:18 ——– d—–w- c:\programdata\ScanSoft
    2010-02-07 11:31 . 2010-01-21 04:33 ——– d—–w- c:\programdata\Office Genuine Advantage
    2010-02-07 11:31 . 2009-12-14 17:28 ——– d—–w- c:\programdata\Nero
    2010-02-07 11:30 . 2009-12-14 17:24 ——– d—–w- c:\programdata\DVD Shrink
    2010-02-07 11:30 . 2009-12-13 22:19 ——– d—–w- c:\programdata\InstallShield
    2010-02-07 11:30 . 2009-12-13 22:03 ——– d—–w- c:\programdata\DAEMON Tools Lite
    2010-02-07 11:30 . 2009-12-14 18:24 ——– d—–w- c:\programdata\Azureus
    2010-02-07 11:30 . 2009-12-13 22:01 ——– d–h–w- c:\programdata\CanonBJ
    2010-02-07 11:30 . 2009-12-13 19:43 ——– d—–w- c:\programdata\Apple Computer
    2010-02-07 11:30 . 2009-12-13 19:42 ——– d—–w- c:\programdata\Apple
    2010-02-07 11:30 . 2009-12-14 18:22 ——– d—–w- c:\program files\Vuze
    2010-02-07 11:30 . 2009-12-27 19:48 ——– d—–w- c:\program files\Symantec
    2010-02-07 11:30 . 2009-12-14 18:13 ——– d—–w- c:\program files\Spybot - Search & Destroy
    2010-02-07 11:29 . 2009-12-14 18:32 ——– d—–w- c:\program files\Sony
    2010-02-07 11:29 . 2009-12-14 18:04 ——– d—–r- c:\program files\Skype
    2010-02-07 11:28 . 2009-12-13 22:17 ——– d—–w- c:\program files\ScanSoft
    2010-02-07 11:28 . 2009-12-13 22:24 ——– d—–w- c:\program files\SAMSUNG
    2010-02-07 11:28 . 2009-12-13 19:43 ——– d—–w- c:\program files\Safari
    2010-02-07 11:28 . 2009-12-24 13:07 ——– d—–w- c:\program files\Realtek
    2010-02-07 11:28 . 2009-12-18 18:42 ——– d—–w- c:\program files\QuickTime
    2010-02-07 11:28 . 2009-12-13 20:27 ——– d—–w- c:\program files\PIXresizer
    2010-02-07 11:28 . 2009-12-14 17:56 ——– d—–w- c:\program files\Pegasys Inc
    2010-02-07 11:27 . 2009-12-27 19:46 ——– d—–w- c:\program files\Norton Ghost
    2010-02-07 11:27 . 2009-12-14 06:50 ——– d—–w- c:\program files\OLYMPUS
    2010-02-07 11:27 . 2009-12-14 17:28 ——– d—–w- c:\program files\Nero
    2010-02-07 11:27 . 2009-12-13 19:17 ——– d—–w- c:\program files\Microsoft Works
    2010-02-07 11:27 . 2009-12-13 19:16 ——– d—–w- c:\program files\Microsoft.NET
    2010-02-07 11:27 . 2009-07-14 04:52 ——– d—–w- c:\program files\MSBuild
    2010-02-07 11:27 . 2009-12-13 19:13 ——– d—–w- c:\program files\Microsoft Visual Studio 8
    2010-02-07 11:26 . 2009-12-24 13:08 ——– d—–w- c:\program files\JMicron
    2010-02-07 11:24 . 2009-12-13 19:42 ——– d—–w- c:\program files\Common Files\Apple
    2010-02-07 11:24 . 2009-12-13 20:22 ——– d—–w- c:\program files\CCleaner
    2010-02-07 11:23 . 2009-12-14 06:45 ——– d—–w- c:\program files\ArcSoft
    2010-02-07 11:23 . 2009-12-13 19:42 ——– d—–w- c:\program files\Apple Software Update
    2010-02-07 11:18 . 2010-02-07 11:18 0 —ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
    2010-02-06 16:45 . 2009-12-13 22:45 ——– d—–w- c:\users\Jan\AppData\Roaming\hpqLog
    2010-01-22 07:57 . 2010-01-22 07:57 90112 —-a-w- c:\users\Jan\AppData\Roaming\ChromePlus\1.3.6.0\Installer\ChromePlusUpgrade.exe
    2010-01-22 06:33 . 2010-01-22 06:33 49152 —-a-w- c:\users\Jan\AppData\Roaming\ChromePlus\1.3.6.0\IETab.dll
    2010-01-22 06:12 . 2010-01-22 06:12 529408 —-a-w- c:\users\Jan\AppData\Roaming\ChromePlus\old_chrome.exe
    2010-01-22 06:12 . 2010-01-22 06:12 15650816 —-a-w- c:\users\Jan\AppData\Roaming\ChromePlus\1.3.6.0\chrome.dll
    2010-01-22 04:37 . 2010-01-22 04:37 150016 —-a-w- c:\users\Jan\AppData\Roaming\ChromePlus\1.3.6.0\locales\it.dll
    2010-01-18 23:29 . 2010-02-10 16:08 85504 —-a-w- c:\windows\system32\secproc_ssp_isv.dll
    2010-01-18 23:29 . 2010-02-10 16:08 85504 —-a-w- c:\windows\system32\secproc_ssp.dll
    2010-01-18 23:29 . 2010-02-10 16:08 365568 —-a-w- c:\windows\system32\secproc_isv.dll
    2010-01-18 23:29 . 2010-02-10 16:08 369152 —-a-w- c:\windows\system32\secproc.dll
    2010-01-18 23:28 . 2010-02-10 16:08 324608 —-a-w- c:\windows\system32\RMActivate_isv.exe
    2010-01-18 23:28 . 2010-02-10 16:08 277504 —-a-w- c:\windows\system32\RMActivate_ssp_isv.exe
    2010-01-18 23:28 . 2010-02-10 16:08 320512 —-a-w- c:\windows\system32\RMActivate.exe
    2010-01-18 23:28 . 2010-02-10 16:08 280064 —-a-w- c:\windows\system32\RMActivate_ssp.exe
    2010-01-08 03:18 . 2010-02-10 16:08 221184 —-a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2010-01-08 03:17 . 2010-02-10 16:08 123392 —-a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-01-06 11:11 . 2010-01-06 11:11 98304 —-a-w- c:\users\Jan\AppData\Roaming\ChromePlus\1.3.6.0\IEHost.exe
    2010-01-06 08:11 . 2009-12-14 18:38 129520 ——w- c:\windows\system32\pxafs.dll
    2010-01-02 14:40 . 2010-01-02 14:40 48648 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
    2010-01-02 14:39 . 2010-01-02 14:39 923456 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2009-12-31 15:45 . 2009-12-31 15:45 61440 —-a-r- c:\users\Jan\AppData\Roaming\Microsoft\Installer\{088348F9-1E7B-4269-A6A2-621FEC00DBB7}\Uninstall_Iomega_N_088348F91E7B4269A6A2621FEC00DBB7.exe
    2009-12-31 15:45 . 2009-12-31 15:45 61440 —-a-r- c:\users\Jan\AppData\Roaming\Microsoft\Installer\{088348F9-1E7B-4269-A6A2-621FEC00DBB7}\IOM_SHORTCUT_DESKT_088348F91E7B4269A6A2621FEC00DBB7_1.exe
    2009-12-31 15:45 . 2009-12-31 15:45 61440 —-a-r- c:\users\Jan\AppData\Roaming\Microsoft\Installer\{088348F9-1E7B-4269-A6A2-621FEC00DBB7}\IOM_SHORTCUT_DESKT_088348F91E7B4269A6A2621FEC00DBB7.exe
    2009-12-31 15:45 . 2009-12-31 15:45 61440 —-a-r- c:\users\Jan\AppData\Roaming\Microsoft\Installer\{088348F9-1E7B-4269-A6A2-621FEC00DBB7}\ARPPRODUCTICON.exe
    2009-12-19 09:02 . 2010-02-10 16:08 12288 —-a-w- c:\windows\system32\tsbyuv.dll
    2009-12-19 09:02 . 2010-02-10 16:08 1328640 —-a-w- c:\windows\system32\quartz.dll
    2009-12-19 09:02 . 2010-02-10 16:08 22016 —-a-w- c:\windows\system32\msyuv.dll
    2009-12-19 09:02 . 2010-02-10 16:08 31744 —-a-w- c:\windows\system32\msvidc32.dll
    2009-12-19 09:02 . 2010-02-10 16:08 13312 —-a-w- c:\windows\system32\msrle32.dll
    2009-12-19 09:02 . 2010-02-10 16:08 84480 —-a-w- c:\windows\system32\mciavi32.dll
    2009-12-19 09:02 . 2010-02-10 16:08 50176 —-a-w- c:\windows\system32\iyuv_32.dll
    2009-06-10 21:26 . 2009-07-14 02:04 9633792 –sha-r- c:\windows\Fonts\StaticCache.dat
    2009-07-14 01:14 . 2009-07-13 23:42 396800 –sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-02-25_18.03.36 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-02-07 11:19 . 2010-02-25 19:09 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-02-07 11:19 . 2010-02-25 17:30 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-02-07 11:19 . 2010-02-25 17:30 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2010-02-07 11:19 . 2010-02-25 19:09 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:41 . 2010-02-25 19:09 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:41 . 2010-02-25 17:30 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2010-02-07 11:56 . 2010-02-25 17:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-02-07 11:56 . 2010-02-25 19:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-02-07 11:56 . 2010-02-25 19:10 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2010-02-07 11:56 . 2010-02-25 17:32 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2010-02-07 11:56 . 2010-02-25 17:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-02-07 11:56 . 2010-02-25 19:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-02-07 11:56 . 2010-02-25 19:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-02-07 11:56 . 2010-02-25 17:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-12-14 18:02 . 2010-02-25 19:03 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
    - 2009-12-14 18:02 . 2010-02-25 17:36 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
    - 2009-12-14 18:02 . 2010-02-25 17:36 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
    + 2009-12-14 18:02 . 2010-02-25 19:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
    - 2009-12-14 18:02 . 2010-02-25 17:36 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
    + 2009-12-14 18:02 . 2010-02-25 19:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
    + 2010-02-07 11:56 . 2010-02-25 19:10 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2010-02-07 11:56 . 2010-02-25 17:36 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2010-02-07 11:56 . 2010-02-25 19:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2010-02-07 11:56 . 2010-02-25 17:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2010-02-25 17:30 . 2010-02-25 17:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2010-02-25 19:09 . 2010-02-25 19:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2010-02-25 17:30 . 2010-02-25 17:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2010-02-25 19:09 . 2010-02-25 19:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-07-14 02:05 . 2010-02-25 19:17 610094 c:\windows\System32\perfh009.dat
    - 2009-07-14 02:05 . 2010-02-25 17:35 610094 c:\windows\System32\perfh009.dat
    - 2009-07-14 02:05 . 2010-02-25 17:35 104412 c:\windows\System32\perfc009.dat
    + 2009-07-14 02:05 . 2010-02-25 19:17 104412 c:\windows\System32\perfc009.dat
    + 2009-07-14 02:03 . 2010-02-25 19:50 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
    - 2009-07-14 02:03 . 2010-02-25 17:56 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
    2010-01-08 02:17 700416 —-a-w- c:\program files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll" [2010-01-08 700416]

    [HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
    "ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2010-01-26 1724728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2006-05-05 40960]
    "Norton Ghost 14.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2009-08-03 2250088]
    "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2006-05-05 36864]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
    "SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2010-01-08 974848]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-03 450652]
    "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
    "BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-02-07 1120704]
    "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 10:44 31072 —-a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
    2009-11-25 19:42 95632 —-a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

    R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\System32\drivers\BdfNdisf6.sys [19-10-2009 16:04 72200]
    R1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [19-10-2009 16:04 79368]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [14-7-2009 0:52 48128]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_62dfbbc3466d0409\AEstSrv.exe [2-3-2009 18:43 81920]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [18-8-2009 2:36 176128]
    R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [8-1-2010 0:51 380928]
    R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [22-9-2009 8:22 83208]
    R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [8-7-2009 13:48 26168]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [14-12-2009 19:13 1153368]
    R2 SSPORT;SSPORT;c:\windows\System32\drivers\SSPORT.SYS [13-12-2009 23:24 5120]
    R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\System32\dllhost.exe [14-7-2009 0:43 7168]
    R3 BDFM;BDFM;c:\windows\System32\drivers\bdfm.sys [10-11-2009 17:04 153448]
    R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [29-6-2009 10:17 59904]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [1-3-2009 23:05 139776]
    R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [20-12-2007 17:13 1562096]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\System32\drivers\vwifimp.sys [14-7-2009 0:52 14336]
    S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [13-12-2009 23:05 691696]
    S3 Arrakis3;BitDefender Arrakis-server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [19-10-2009 16:06 183880]
    S3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\System32\drivers\dc3d.sys [4-11-2009 2:59 17408]
    S3 fssfltr;fssfltr;c:\windows\System32\drivers\fssfltr.sys [7-2-2010 18:47 54632]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [5-8-2009 22:48 704864]
    S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [20-7-2009 19:39 116136]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\System32\Wat\WatAdminSvc.exe [21-2-2010 21:21 1343400]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bdx REG_MULTI_SZ scan
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.bing.com/?cc=be
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    .
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Voltooingstijd: 2010-02-25 21:04:16
    ComboFix-quarantined-files.txt 2010-02-25 20:04
    ComboFix2.txt 2010-02-25 19:24
    ComboFix3.txt 2010-02-25 18:10

    Pre-Run: 434.664.796.160 bytes free
    Post-Run: 434.595.524.608 bytes free

    - - End Of File - - C52E5BE84B6D1A5644C52D5741DD8AFC
  • Hallo Jan - dit keer gelukt!

    Ik wil dat nu het volgende doet:

    Download [b:5ab0c899e3] naar je bureaublad.

    • Verwijder eerst de internetverbinding en sluit ook alle openstaande vensters.
    • Deaktiveer vervolgens tijdelijk alle aktiveve beveiligingsprogramma's, zodat deze niet kunnen interferreren met GMER
    • Klik/dubbelklik (Vista/Win 7 gebruikers doen dit via rechtsklik en kiezen voor Als Administrator uitvoeren) op het gedownloade GMER-bestand,
    dat een toevallig gekozen naam heeft (bijv. n7gmo46c.exe) en indien gvraagd, toestaan dat de gmer.sys driver geladen mag worden.

    • Bij opstarten zal GMER openen met de Rootkit/Malware tab en zal een korte automatische scan uitvoeren - doe dan geen andere taken met de computer gedurende de scan!
    • Indien je nu een waarschuwing krijgt over rootkit activity en gevraagd wordt een volledige scan te doen -
    dan klik je vervolgens op NO.
    • Klik nu op de Scan knop. Wanneer je nu een rootkit waarschuwing ziet, dan klik je op OK.
    • Klik vervolgens op de COPY knop en plak het resultaat in je volgende post.
    • Sluit GMER af en reaktiveer nu alle gedeaktiveerde beveiligingen.
    • Indien je een probleem ondervindt om GMER te gebruiken, probeer dit dan in Veilge Modus te doen.
  • Was even schrikken, ik kreeg een 'blue screen", maar na opstarten in safe mode heb ik een scan kunnen uitvoeren.
    Hier komt de log:

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-02-25 21:33:10
    Windows 6.1.7600
    Running: ei2nt8yt.exe; Driver: C:\Users\Jan\AppData\Local\Temp\uwldypow.sys


    —- System - GMER 1.0.15 —-

    INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82235AF8
    INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82235104
    INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 822353F4
    INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8221E2D8
    INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8221D898
    INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 822351DC
    INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82235958
    INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 822356F8
    INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82235F2C
    INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 822361A8

    —- Kernel code sections - GMER 1.0.15 —-

    .text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 822955C9 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 822BA052 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, …] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

    —- User IAT/EAT - GMER 1.0.15 —-

    IAT C:\Windows\Explorer.EXE[1560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [744E2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [744C5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [744C56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [744E250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [744D8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [744D4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [744D50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [744D51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [744D66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [744D82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [744D8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [744D907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [744DE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [744D4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    —- Devices - GMER 1.0.15 —-

    AttachedDevice \FileSystem\Ntfs \Ntfs symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)

    Device \Driver\ACPI_HAL \Device\0000004f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

    —- EOF - GMER 1.0.15 —-
  • Awel Jan, dat log van GMER ziet er goed uit.
    GMER heeft dus geen rootkits gevonden, die niet in jouw Windows horen.
    Dat is dus een geruststelling.

    Start MBAM opnieuw, eerst de tb updaten aandoen en dan weer een snelle scan laten doen.

    Post de inhoud van het log.
  • Hier is het logje, ik moet zeggen dat de laatste regels mij goede hoop geven:

    Malwarebytes' Anti-Malware 1.44
    Database versie: 3785
    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    25-2-2010 21:55:50
    mbam-log-2010-02-25 (21-55-50).txt

    Scan type: Snelle Scan
    Objecten gescand: 110805
    Verstreken tijd: 6 minute(s), 30 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)
  • Hallo Jan en hoe doet jouw windows 7 het weer.
  • Hallo Abraham54,
    Perfect.. :D
    Bedankt
  • Fijn, dat ik je met jouw samen je probleem snel heb kunnen oplossen.

    Dan mag je nu wat opruimwerkzaamheden gaan doen:


    Combofix mag je nu verwijderen: ga naar
  • En dan nog deze "finishing touch", wat een service
    Bedankt! :D
  • Graag gedaan hoor, ik wens je weer veel plezier met je PC.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.