Vraag & Antwoord

18 antwoorden

Hallo,
Ik heb dit weekend iets vervelends aan de had gehad.
Via mail een besmet bestandje ontvangen die ervoor zorgde dat de activeringscode van Windows 7 is weggehaald.
Ik heb met behulp van de originele Windows 7 schijf dit weer in orde gebracht, maar ben bang dat mijn pc geïfecteerd is.

Met Bitdefender en Spybot meerdere register entries verwijderd, maar ben nog steeds wantrouwig.
Kan iemand onderstaand hijjack log bekijken?
Bedankt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:25:36, on 23-2-2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?cc=be
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_62dfbbc3466d0409\aestsrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: BitDefender Arrakis-server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop-updateservice (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_62dfbbc3466d0409\STacSV.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe

–
End of file - 10274 bytes

Anoniem 23 februari 2010 20:35

Hallo Jan, je HJT-log toont niks bijzonders, maar - dat kan schone schijn zijn.

Belangrijk: schakel eerst in kladblok via Opmaak de Automatische terugloop uit!

1) download [b:a6cd42a32f]TFC[/b:a6cd42a32f] (klick) naar je bureaublad.

• Klik/dubbelklik op [b:a6cd42a32f]TFC.exe[/b:a6cd42a32f] om het programma te starten.
• Niet schrikken - het tool sluit alle lopende programma's - ergo: verzeker je dus ervan, dat je werk al is opgeslagen!
• Vervolgens klik je op de knop [b:a6cd42a32f]Start[/b:a6cd42a32f] om de scan te starten. Deze scan kan kort of langer duren, wees geduldig en laat TFC zijn taak doen en wacht to TFC klaaar is.
• Indien TFC klaar is, dan komt de melding dat de computer opnieu opgestart wordt.
• Gebeurt het afsluiten niet automatisch, start dan zelf de computer opnieuw op.

2) Belangrijk: schakel eerst in kladblok via Opmaak de Automatische terugloop uit!

2) Download, installeer en blijf [b:a6cd42a32f]MBAM[/b:a6cd42a32f] gebruiken.
Al meteen na de installatie wil [b:a6cd42a32f]MBAM[/b:a6cd42a32f] zijn database opwaarderen – toestaan dus.
Ook bij herhaald gebruik: eerst de tab [b:a6cd42a32f]Update[/b:a6cd42a32f] aandoen!

[b:a6cd42a32f]Download MBAM[/b:a6cd42a32f] (KLIK)

Start [b:a6cd42a32f]MBAM[/b:a6cd42a32f] en kies voor [b:a6cd42a32f]Snelle Scan[/b:a6cd42a32f]

[b:a6cd42a32f]N.B.: Vista- en Windows 7 gebruik(st)ers starten MBAM middels rechtsklikken en dan kiezen voor Als Administrator uitvoeren.[/b:a6cd42a32f]

Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik dan op de knop [b:a6cd42a32f]OK[/b:a6cd42a32f] , daarna op de knop [b:a6cd42a32f]Bekijk Resultaten[/b:a6cd42a32f] om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klikken op: [b:a6cd42a32f]Verwijder geselecteerde[/b:a6cd42a32f] .
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

Het log wordt automatisch bewaard door [b:a6cd42a32f]MBAM[/b:a6cd42a32f] en dat kan je terugvinden door op de tab [b:a6cd42a32f]Logs[/b:a6cd42a32f] te klikken in [b:a6cd42a32f]MBAM[/b:a6cd42a32f] .

Indien [b:a6cd42a32f]MBAM[/b:a6cd42a32f] moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op [b:a6cd42a32f]OK[/b:a6cd42a32f] klikken!
Daarna zal [b:a6cd42a32f]MBAM[/b:a6cd42a32f] vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.

3) download [b:a6cd42a32f] naar je bureaublad.

• dds.scr dubbelklikken (Vista/Win 7 gebruikers doen dit via rechtsklik en kiezen voor Als Administrator uitvoeren)
- wacht tot de scan klaar is.
• Na de scan worden twee tekstdocumnenten geopend

Resumerend: je post de volgende keer de inhoud van de volgende logs -

1) beide DDS log

2) het log van MBAM

Anoniem 23 februari 2010 22:36

Dag Abraham54,

Bedankt voor je reactie.Hieronder vind je de drie rapportjes:

************* 1 ********** MBAM-LOG:
Malwarebytes' Anti-Malware 1.44
Database versie: 3785
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

24-2-2010 18:38:56
mbam-log-2010-02-24 (18-38-56).txt

Scan type: Snelle Scan
Objecten gescand: 109377
Verstreken tijd: 8 minute(s), 24 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 1
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

************* 2 ********** ATTACH-LOG:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7-2-2010 13:06:58
System Uptime: 24-2-2010 18:21:49 (0 hours ago)

Motherboard: Quanta | | 3063
Processor: AMD Turion™ X2 Ultra Dual-Core Mobile ZM-82 | Socket M2/S1G1 | 2200/1800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 466 GiB total, 402,905 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 298 GiB total, 108,688 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: sptd
Device ID: ROOT\LEGACY_SPTD\0000
Manufacturer:
Name: sptd
PNP Device ID: ROOT\LEGACY_SPTD\0000
Service: sptd

==== System Restore Points ===================

RP7: 10-2-2010 19:45:39 - Windows Update
RP8: 10-2-2010 20:53:34 - Windows Update
RP9: 10-2-2010 20:59:10 - Windows Update
RP10: 14-2-2010 18:54:53 - Installed Java(TM) 6 Update 18
RP11: 21-2-2010 13:20:49 - Installed FastPictureViewer (32-bit) with Codecs
RP13: 21-2-2010 19:08:20 - SPTD setup V1.62
RP14: 21-2-2010 19:19:05 - Device Driver Package Install: Elaborate Bytes AG Storage controllers
RP15: 21-2-2010 19:35:01 - Installed Adobe Photoshop Lightroom 2.6.1.
RP16: 21-2-2010 19:48:43 - Removed Adobe Photoshop Lightroom 2.6.1.
RP17: 21-2-2010 21:20:38 - Windows Update
RP18: 21-2-2010 21:26:22 - Windows Anytime Upgrade

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Advertising Center
Apple Application Support
Apple Software Update
ArcSoft PhotoStudio 5.5
BitDefender Internet Security 2010
Bonjour
CCleaner
Core FTP LE 2.1
Cropper
DVD Shrink 3.2
ENE CIR Receiver Driver
Free Mp3 Wma Converter V 1.7.3
HijackThis 2.0.2
HP 3D DriveGuard
Iomega Discovery Tool Home
IZArc 4.0 beta 1
Java Auto Updater
Java(TM) 6 Update 18
Java(TM) SE Runtime Environment 6 Update 1
JMicron Flash Media Controller Driver
LiveUpdate 3.2 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Dutch) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office Groove MUI (Dutch) 2007
Microsoft Office InfoPath MUI (Dutch) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (Dutch) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Dutch) 2007
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Word MUI (Dutch) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nero 9 Lite
Nero ControlCenter
Nero Installer
Nero Online Upgrade
Nero StartSmart
neroxml
Norton Ghost
OGA Notifier 2.0.0048.0
OLYMPUS Master 2
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
PDFCreator
pdfforge Toolbar v1.1.2
Picasa 3
PIXresizer 1.0.9
QuickTime
Realtek USB 2.0 Card Reader
Safari
Samsung ML-1510_700 Series
ScanSoft PaperPort 11
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Skype™ 4.1
SonicStage 4.3
Spector Photo Software
Spybot - Search & Destroy
TMPGEnc DVD Author 1.6
TMPGEnc Plus 2.5
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Word 2007 (KB974561)
Update for Outlook 2007 Junk Email Filter (kb977719)
Update voor Microsoft Office Excel 2007 Help (KB963678)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
Update voor Microsoft Office Word 2007 Help (KB963665)
VirtualCloneDrive
virtualStudio 1.0.38
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
Vuze
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
XMind

==== Event Viewer Messages From Past Week ========

24-2-2010 18:22:39, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
24-2-2010 18:22:14, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
24-2-2010 18:22:14, Error: atikmdag [43029] - Display is not active
24-2-2010 18:21:53, Error: sptd [4] - Driver detected an internal error in its data structures for .
21-2-2010 21:44:29, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
21-2-2010 21:12:31, Error: Service Control Manager [7034] - The Bonjour-service service terminated unexpectedly. It has done this 1 time(s).
21-2-2010 20:37:08, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
21-2-2010 20:37:07, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
21-2-2010 20:37:07, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
21-2-2010 20:37:06, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
21-2-2010 20:37:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
21-2-2010 20:36:58, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
21-2-2010 20:35:42, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: bdfsfltr bdfwfpf discache ElbyCDIO spldr sptd Wanarpv6

==== End Of File ===========================

************* 3 ********** DDS-LOG:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Jan at 18:39:59,85 on wo 24-02-2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1033.18.3070.1992 [GMT 1:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_62dfbbc3466d0409\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_62dfbbc3466d0409\aestsrv.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\dllhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\Windows\system32\dllhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\msdtc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Safari\Safari.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jan\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bing.com/?cc=be
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\pdfforge toolbar\SearchSettings.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\1.1.2\pdfforgeToolbarIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\pdfforge toolbar\SearchSettings.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\1.1.2\pdfforgeToolbarIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ccleaner] "c:\program files\ccleaner\ccleaner.exe" /AUTO
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [Norton Ghost 14.0] "c:\program files\norton ghost\agent\VProTray.exe"
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SearchSettings] c:\program files\pdfforge toolbar\SearchSettings.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\drivers\BdfNdisf6.sys [2009-10-19 72200]
R1 bdfwfpf;bdfwfpf;c:\program files\common files\bitdefender\bitdefender firewall\bdfwfpf.sys [2009-10-19 79368]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_62dfbbc3466d0409\AEstSrv.exe [2009-3-2 81920]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-1-8 380928]
R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2010\bdvedisk.sys [2009-9-22 83208]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2009-7-8 26168]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-12-14 1153368]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2009-12-13 5120]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-7-14 7168]
R3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-11-10 153448]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2009-6-29 59904]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
R3 SymSnapService;SymSnapService;c:\program files\norton ghost\shared\drivers\SymSnapService.exe [2007-12-20 1562096]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S3 Arrakis3;BitDefender Arrakis-server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-10-19 183880]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-2-7 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-7-20 116136]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-21 1343400]

=============== Created Last 30 ================

2010-02-24 17:25:58 0 d—–w- c:\users\jan\appdata\roaming\Malwarebytes
2010-02-24 17:25:54 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-24 17:25:50 0 d—–w- c:\programdata\Malwarebytes
2010-02-24 17:25:48 19160 —-a-w- c:\windows\system32\drivers\mbam.sys
2010-02-24 17:25:48 0 d—–w- c:\program files\Malwarebytes' Anti-Malware
2010-02-23 20:01:29 0 d—–w- c:\program files\Trend Micro
2010-02-22 20:24:58 0 d—–w- c:\program files\virtualStudio
2010-02-21 20:31:11 0 d—–w- C:\VProRecovery
2010-02-21 20:21:16 0 d—–w- c:\windows\system32\Wat
2010-02-21 20:18:14 6640 —ha-w- c:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2010-02-21 20:18:14 6640 —ha-w- c:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2010-02-21 18:36:24 9200 ——w- c:\windows\system32\drivers\cdralw2k.sys
2010-02-21 18:36:24 9072 ——w- c:\windows\system32\drivers\cdr4_xp.sys
2010-02-21 18:18:37 0 d—–w- c:\program files\Elaborate Bytes
2010-02-21 12:39:15 0 d—–w- c:\users\jan\appdata\roaming\CoreFTP
2010-02-21 12:10:06 0 d—–w- c:\users\jan\appdata\roaming\XMind
2010-02-21 12:09:48 0 d—–w- c:\program files\XMind
2010-02-14 17:56:10 0 d—–w- c:\programdata\Sun
2010-02-14 17:55:43 411368 —-a-w- c:\windows\system32\deploytk.dll
2010-02-14 09:29:31 0 d—–w- c:\programdata\SonicStage
2010-02-10 20:00:31 0 d—–w- c:\program files\IDT
2010-02-10 20:00:28 61440 —-a-w- c:\windows\system32\aestaren.dll
2010-02-10 20:00:28 368640 —-a-w- c:\windows\system32\aestecap.dll
2010-02-10 20:00:28 142848 —-a-w- c:\windows\system32\aestacap.dll
2010-02-10 20:00:27 86016 —-a-w- c:\windows\system32\AESTCom.dll
2010-02-10 20:00:27 536576 —-a-w- c:\windows\system32\idtmini1.exe
2010-02-10 20:00:27 450652 —-a-w- c:\windows\sttray.exe
2010-02-10 20:00:27 3774 —-a-w- c:\windows\system32\bltinmic.ico
2010-02-10 20:00:27 3774 —-a-w- c:\windows\system32\2hps.ico
2010-02-10 20:00:27 3567616 —-a-w- c:\windows\system32\stlang.dll
2010-02-10 20:00:27 15222 —-a-w- c:\windows\system32\nbspkrs.ico
2010-02-10 20:00:27 12021852 —-a-w- c:\windows\system32\idtcpl.cpl
2010-02-10 20:00:25 0 d—–w- c:\windows\system32\SRSLabs
2010-02-07 20:12:46 0 d—–w- c:\windows\Panther
2010-02-07 19:49:58 0 d—–w- c:\program files\Application Updater
2010-02-07 19:49:57 0 d—–w- c:\program files\pdfforge Toolbar
2010-02-07 19:49:27 137000 —-a-w- c:\windows\system32\MSMAPI32.OCX
2010-02-07 19:49:24 23552 —-a-w- c:\windows\system32\MSMPIDE.DLL
2010-02-07 19:49:23 0 d—–w- c:\program files\PDFCreator
2010-02-07 19:38:08 151 —-a-w- c:\windows\system32\~.inf
2010-02-07 18:12:47 0 d—–w- c:\users\jan\appdata\roaming\ChromePlus
2010-02-07 17:47:17 0 d—–w- c:\program files\Microsoft Office Outlook Connector
2010-02-07 17:47:00 54632 —-a-w- c:\windows\system32\drivers\fssfltr.sys
2010-02-07 17:45:20 3426072 —-a-w- c:\windows\system32\d3dx9_32.dll
2010-02-07 17:45:12 0 d—–w- c:\program files\Microsoft SQL Server Compact Edition
2010-02-07 17:44:25 0 d—–w- c:\program files\Windows Live SkyDrive
2010-02-07 17:20:54 0 d—–w- c:\program files\Microsoft
2010-02-07 17:20:06 2048 —-a-w- c:\windows\system32\tzres.dll
2010-02-07 17:19:54 257024 —-a-w- c:\windows\system32\msv1_0.dll
2010-02-07 17:10:43 285696 —-a-w- c:\windows\system32\winlogon.exe
2010-02-07 17:10:43 2614272 —-a-w- c:\windows\explorer.exe
2010-02-07 17:10:28 977920 —-a-w- c:\windows\system32\wininet.dll
2010-02-07 17:10:08 108544 —-a-w- c:\windows\system32\t2embed.dll
2010-02-07 17:10:07 70656 —-a-w- c:\windows\system32\fontsub.dll
2010-02-07 17:09:49 34816 —-a-w- c:\windows\system32\msasn1.dll
2010-02-07 17:09:27 728648 —-a-w- c:\windows\system32\drivers\dxgkrnl.sys
2010-02-07 17:09:27 507568 —-a-w- c:\windows\system32\winload.exe
2010-02-07 17:09:27 442920 —-a-w- c:\windows\system32\winresume.exe
2010-02-07 17:09:27 293888 —-a-w- c:\windows\system32\atmfd.dll
2010-02-07 17:09:27 1320960 —-a-w- c:\windows\system32\CertEnroll.dll
2010-02-07 17:09:26 12625408 —-a-w- c:\windows\system32\wmploc.DLL
2010-02-07 13:11:56 385 —-a-w- c:\windows\system32\user_gensett.xml
2010-02-07 13:08:08 0 d—–w- c:\users\jan\appdata\roaming\BitDefender
2010-02-07 13:08:08 0 d—–w- c:\programdata\BitDefender
2010-02-07 13:08:08 0 d—–w- c:\program files\BitDefender
2010-02-07 13:07:05 0 d—–w- c:\program files\common files\BitDefender
2010-02-07 12:12:20 717892 —-a-w- c:\windows\system32\PerfStringBackup.INI
2010-02-07 12:09:24 0 d—–w- c:\windows\system32\wbem\Performance
2010-02-07 12:07:06 20 –sh–w- c:\users\jan\ntuser.ini
2010-02-07 11:55:43 22508 —-a-w- c:\windows\system32\emptyregdb.dat
2010-02-07 11:18:54 0 —ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-02-07 11:18:12 0 —-a-w- c:\windows\ativpsrm.bin
2010-02-07 10:05:46 1890 —-a-w- c:\windows\diagwrn.xml
2010-02-07 10:05:46 1890 —-a-w- c:\windows\diagerr.xml
2010-02-06 16:36:51 0 d—–w- c:\users\jan\appdata\roaming\CheeseSoft
2010-02-06 16:36:42 0 d—–w- c:\program files\FinalUninstaller
2010-01-31 13:15:21 0 d—–w- c:\program files\DVDSmith Movie Backup
2010-01-29 20:44:32 52 —-a-w- c:\windows\system32\ashttpstats.csv
2010-01-25 21:15:31 0 —-a-w- c:\windows\vtpwra.INI

==================== Find3M ====================

2010-02-21 18:08:46 691696 —-a-w- c:\windows\system32\drivers\sptd.sys
2010-02-15 16:58:32 153448 —-a-w- c:\windows\system32\drivers\bdfm.sys
2010-02-15 16:58:32 106464 —-a-w- c:\windows\system32\drivers\bdhv.sys
2010-01-18 23:29:31 85504 —-a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29:31 85504 —-a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29:31 365568 —-a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29:30 369152 —-a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28:33 324608 —-a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28:33 277504 —-a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28:30 320512 —-a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28:30 280064 —-a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-08 03:18:02 221184 —-a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17:36 123392 —-a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-01-06 08:11:16 129520 ——w- c:\windows\system32\pxafs.dll
2010-01-06 08:11:14 120568 ——w- c:\windows\system32\pxcpyi64.exe
2010-01-06 08:11:14 118256 ——w- c:\windows\system32\pxinsi64.exe
2009-12-19 09:02:52 12288 —-a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:02:48 1328640 —-a-w- c:\windows\system32\quartz.dll
2009-12-19 09:02:46 22016 —-a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:02:45 31744 —-a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:02:45 13312 —-a-w- c:\windows\system32\msrle32.dll
2009-12-19 09:02:40 84480 —-a-w- c:\windows\system32\mciavi32.dll
2009-12-19 09:02:39 50176 —-a-w- c:\windows\system32\iyuv_32.dll
2009-12-19 09:02:01 91648 —-a-w- c:\windows\system32\avifil32.dll
2009-12-14 19:15:14 2146304 —-a-w- c:\windows\system32\GPhotos.scr
2009-12-14 18:23:50 140200 —ha-w- c:\windows\system32\mlfcache.dat
2009-12-14 17:56:46 10752 ——w- c:\windows\system32\pxwma.dll
2009-12-08 11:40:12 3955288 —-a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 11:40:12 3899464 —-a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 11:32:02 292864 —-a-w- c:\windows\system32\apphelp.dll
2009-07-14 04:56:42 31548 —-a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 —-a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 —-a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 —-a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 –sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 —-a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 —-a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 —-a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 —-a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 –sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 –sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 18:42:13,32 ===============

Bedankt voor je reactie

Anoniem 24 februari 2010 17:50

Hallo Jan, je hoeft me nog niet te bedanken hoor - ik help je graag.

DDS-attach geeft dit aan: [b:d3f47f82b7]C: is FIXED (NTFS) - 466 GiB total, 402,905 GiB free[/b:d3f47f82b7] - dat is een enorm grote partitie als syteem-partitie!

Je hebt nu ca 65GB ervan gebruikt, zou je de partitie resizen naar zeg 120 GB, dan kan je de rest van de HD gebruiken voor al je persoonlijke data!

Maar goed - nu het volgende: [b:d3f47f82b7]Laat Combofix jouw Windows scannen[/b:d3f47f82b7] (klik).

[b:d3f47f82b7]Hoe Combofix goed te gebruiken[/b:d3f47f82b7] (klik)

[b:d3f47f82b7]Aanvulling: om Combofix te kunnen gebruiken geldt het volgende:

Anoniem 24 februari 2010 21:57

Dag Abraham54,

Hier komt het rapport:

ComboFix 10-02-24.03 - Jan 25-02-2010 18:48:21.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1033.18.3070.2121 [GMT 1:00]
Gestart vanuit: c:\users\Jan\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
* Aanwezig AV is actief

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\pdfforge Toolbar\SearchSettings.dll
c:\windows\patchw32.dll
c:\windows\pw32a.dll
c:\windows\system32\~.inf

.
(((((((((((((((((((( Bestanden Gemaakt van 2010-01-25 to 2010-02-25 ))))))))))))))))))))))))))))))
.

2010-02-25 18:02 . 2010-02-25 18:03 ——– d—–w- c:\users\Jan\AppData\Local\temp
2010-02-25 18:02 . 2010-02-25 18:02 ——– d—–w- c:\users\Default\AppData\Local\temp
2010-02-25 17:44 . 2010-02-25 17:45 ——– d—–w- C:\32788R22FWJFW
2010-02-24 17:39 . 2010-02-24 17:39 524288 —-a-w- c:\users\Jan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Optimalisatie\dds.scr
2010-02-24 17:25 . 2010-02-24 17:25 ——– d—–w- c:\users\Jan\AppData\Roaming\Malwarebytes
2010-02-24 17:25 . 2010-01-07 15:07 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-24 17:25 . 2010-02-24 17:25 ——– d—–w- c:\programdata\Malwarebytes
2010-02-24 17:25 . 2010-02-24 17:25 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
2010-02-24 17:25 . 2010-01-07 15:07 19160 —-a-w- c:\windows\system32\drivers\mbam.sys
2010-02-24 12:29 . 2009-12-13 09:30 641536 —-a-w- c:\windows\system32\CPFilters.dll
2010-02-24 12:29 . 2009-12-13 09:30 465408 —-a-w- c:\windows\system32\psisdecd.dll
2010-02-24 12:29 . 2009-12-13 09:29 417792 —-a-w- c:\windows\system32\msdri.dll
2010-02-24 12:29 . 2010-02-02 07:45 2048 —-a-w- c:\windows\system32\tzres.dll
2010-02-23 20:45 . 2010-02-23 20:56 ——– d—–w- c:\users\Jan\AppData\Local\Microsoft Games
2010-02-23 20:01 . 2010-02-23 20:01 ——– d—–w- c:\program files\Trend Micro
2010-02-22 20:24 . 2010-02-22 20:30 ——– d—–w- c:\program files\virtualStudio
2010-02-21 20:32 . 2010-02-21 20:32 ——– d—–w- c:\users\Jan\AppData\Local\Symantec_Corporation
2010-02-21 20:31 . 2010-02-21 20:35 ——– d—–w- C:\VProRecovery
2010-02-21 20:21 . 2010-02-21 20:21 ——– d—–w- c:\windows\system32\Wat
2010-02-21 19:24 . 2010-02-21 19:24 ——– d—–w- c:\users\Jan\AppData\Local\OLYMPUS
2010-02-21 18:53 . 2010-02-21 18:53 109288 —-a-w- c:\users\Jan\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-21 18:36 . 2010-01-06 08:11 9200 ——w- c:\windows\system32\drivers\cdralw2k.sys
2010-02-21 18:36 . 2010-01-06 08:11 9072 ——w- c:\windows\system32\drivers\cdr4_xp.sys
2010-02-21 18:18 . 2010-02-21 18:18 ——– d—–w- c:\program files\Elaborate Bytes
2010-02-21 17:07 . 2010-02-21 17:07 77824 —-a-w- c:\users\Jan\AppData\Roaming\XMind\configuration-cathy\org.eclipse.osgi\bundles\178\1\.cp\swt-xulrunner-win32-3555.dll
2010-02-21 12:39 . 2010-02-21 12:58 ——– d—–w- c:\users\Jan\AppData\Roaming\CoreFTP
2010-02-21 12:11 . 2010-02-21 12:11 77824 —-a-w- c:\users\Jan\AppData\Roaming\XMind\configuration-cathy\org.eclipse.osgi\bundles\178\1\.cp\swt-gdip-win32-3555.dll
2010-02-21 12:11 . 2010-02-21 12:11 348160 —-a-w- c:\users\Jan\AppData\Roaming\XMind\configuration-cathy\org.eclipse.osgi\bundles\178\1\.cp\swt-win32-3555.dll
2010-02-21 12:10 . 2010-02-21 12:11 ——– d—–w- c:\users\Jan\AppData\Roaming\XMind
2010-02-21 12:09 . 2010-02-21 17:06 ——– d—–w- c:\program files\XMind
2010-02-14 17:55 . 2010-02-14 17:55 411368 —-a-w- c:\windows\system32\deploytk.dll
2010-02-14 09:29 . 2010-02-14 09:29 ——– d—–w- c:\programdata\SonicStage
2010-02-10 20:00 . 2010-02-10 20:00 ——– d—–w- c:\program files\IDT
2010-02-10 20:00 . 2009-03-02 16:57 142848 —-a-w- c:\windows\system32\aestacap.dll
2010-02-10 20:00 . 2009-03-02 16:57 61440 —-a-w- c:\windows\system32\aestaren.dll
2010-02-10 20:00 . 2009-03-02 16:08 368640 —-a-w- c:\windows\system32\aestecap.dll
2010-02-10 20:00 . 2009-06-03 19:43 536576 —-a-w- c:\windows\system32\idtmini1.exe
2010-02-10 20:00 . 2009-06-03 19:43 450652 —-a-w- c:\windows\sttray.exe
2010-02-10 20:00 . 2009-06-03 19:43 3567616 —-a-w- c:\windows\system32\stlang.dll
2010-02-10 20:00 . 2009-03-02 16:47 86016 —-a-w- c:\windows\system32\AESTCom.dll
2010-02-10 20:00 . 2010-02-10 20:00 ——– d—–w- c:\windows\system32\SRSLabs
2010-02-10 16:08 . 2009-12-08 11:40 3955288 —-a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-07 20:12 . 2010-02-07 12:06 ——– d—–w- c:\windows\Panther
2010-02-07 19:49 . 2010-02-07 19:49 ——– d—–w- c:\program files\Application Updater
2010-02-07 19:49 . 2010-02-25 18:01 ——– d—–w- c:\program files\pdfforge Toolbar
2010-02-07 19:49 . 1998-07-05 23:00 23552 —-a-w- c:\windows\system32\MSMPIDE.DLL
2010-02-07 19:49 . 2010-02-07 19:50 ——– d—–w- c:\program files\PDFCreator
2010-02-07 18:12 . 2010-02-07 18:12 54082 —-a-w- c:\users\Jan\AppData\Roaming\ChromePlus\ChromePlus_uninstall.exe
2010-02-07 18:12 . 2010-02-10 19:13 ——– d—–w- c:\users\Jan\AppData\Roaming\ChromePlus
2010-02-07 17:53 . 2010-02-07 17:53 ——– d—–w- c:\program files\Common Files\Adobe
2010-02-07 17:47 . 2010-02-07 17:47 ——– d—–w- c:\program files\Microsoft Office Outlook Connector
2010-02-07 17:47 . 2009-08-05 21:48 54632 —-a-w- c:\windows\system32\drivers\fssfltr.sys
2010-02-07 17:46 . 2010-02-07 17:46 ——– d—–w- c:\program files\Microsoft Sync Framework
2010-02-07 17:45 . 2006-11-29 12:06 3426072 —-a-w- c:\windows\system32\d3dx9_32.dll
2010-02-07 17:45 . 2010-02-07 17:45 ——– d—–w- c:\program files\Microsoft SQL Server Compact Edition
2010-02-07 17:44 . 2010-02-07 17:44 ——– d—–w- c:\program files\Windows Live SkyDrive
2010-02-07 17:44 . 2010-02-07 17:46 ——– d—–w- c:\program files\Windows Live
2010-02-07 17:21 . 2010-02-07 17:55 ——– d—–w- c:\program files\Microsoft Silverlight
2010-02-07 17:20 . 2010-02-07 17:44 ——– d—–w- c:\program files\Microsoft
2010-02-07 17:19 . 2009-09-10 05:52 257024 —-a-w- c:\windows\system32\msv1_0.dll
2010-02-07 17:10 . 2009-10-31 05:45 2614272 —-a-w- c:\windows\explorer.exe
2010-02-07 17:10 . 2009-10-28 06:17 285696 —-a-w- c:\windows\system32\winlogon.exe
2010-02-07 17:10 . 2009-12-19 09:02 977920 —-a-w- c:\windows\system32\wininet.dll
2010-02-07 17:10 . 2009-10-19 14:10 108544 —-a-w- c:\windows\system32\t2embed.dll
2010-02-07 17:10 . 2009-10-19 14:10 70656 —-a-w- c:\windows\system32\fontsub.dll
2010-02-07 17:09 . 2009-08-29 06:57 34816 —-a-w- c:\windows\system32\msasn1.dll
2010-02-07 17:09 . 2009-10-02 04:06 728648 —-a-w- c:\windows\system32\drivers\dxgkrnl.sys
2010-02-07 17:09 . 2009-09-03 07:04 1320960 —-a-w- c:\windows\system32\CertEnroll.dll
2010-02-07 17:09 . 2009-08-19 07:20 442920 —-a-w- c:\windows\system32\winresume.exe
2010-02-07 17:09 . 2009-08-19 07:20 507568 —-a-w- c:\windows\system32\winload.exe
2010-02-07 17:09 . 2009-07-30 04:44 293888 —-a-w- c:\windows\system32\atmfd.dll
2010-02-07 17:09 . 2009-08-29 06:54 12625408 —-a-w- c:\windows\system32\wmploc.DLL
2010-02-07 15:30 . 2010-02-07 15:30 704320 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-02-07 13:08 . 2010-02-07 13:11 ——– d—–w- c:\programdata\BitDefender
2010-02-07 13:08 . 2010-02-07 13:08 ——– d—–w- c:\users\Jan\AppData\Roaming\BitDefender
2010-02-07 13:08 . 2010-02-07 13:08 ——– d—–w- c:\program files\BitDefender
2010-02-07 13:07 . 2010-02-07 13:08 ——– d—–w- c:\program files\Common Files\BitDefender
2010-02-07 12:09 . 2010-02-25 17:35 ——– d—–w- c:\windows\system32\wbem\Performance
2010-02-07 11:55 . 2010-02-07 11:55 22508 —-a-w- c:\windows\system32\emptyregdb.dat
2010-02-07 11:46 . 2010-02-07 11:46 ——– d—–w- c:\users\Default\AppData\Local\Microsoft Help
2010-02-07 11:18 . 2010-02-07 11:18 0 —-a-w- c:\windows\ativpsrm.bin
2010-02-06 16:36 . 2010-02-07 11:43 ——– d—–w- c:\users\Jan\AppData\Roaming\CheeseSoft
2010-02-06 16:36 . 2010-02-07 11:25 ——– d—–w- c:\program files\FinalUninstaller
2010-01-31 13:15 . 2010-02-07 11:25 ——– d—–w- c:\program files\DVDSmith Movie Backup
2010-01-31 13:08 . 2010-02-07 11:32 ——– d—–w- c:\windows\Sun

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-25 17:55 . 2009-12-14 18:04 ——– d—–w- c:\users\Jan\AppData\Roaming\Skype
2010-02-25 17:32 . 2009-12-14 18:10 ——– d—–w- c:\users\Jan\AppData\Roaming\skypePM
2010-02-23 17:24 . 2009-12-14 18:13 ——– d—–w- c:\programdata\Spybot - Search & Destroy
2010-02-21 20:13 . 2009-12-13 19:43 ——– d—–w- c:\program files\Bonjour
2010-02-21 18:49 . 2009-12-13 20:17 ——– d—–w- c:\program files\Common Files\PX Storage Engine
2010-02-21 18:08 . 2009-12-13 22:05 691696 —-a-w- c:\windows\system32\drivers\sptd.sys
2010-02-21 18:00 . 2009-12-14 18:24 ——– d—–w- c:\users\Jan\AppData\Roaming\Azureus
2010-02-20 10:28 . 2009-12-16 18:22 ——– d—–w- c:\users\Jan\AppData\Roaming\Canon
2010-02-17 14:39 . 2009-12-14 18:07 ——– d—–w- c:\program files\Spector Photo Software
2010-02-15 16:58 . 2009-11-10 16:04 153448 —-a-w- c:\windows\system32\drivers\bdfm.sys
2010-02-15 16:58 . 2009-11-10 16:03 106464 —-a-w- c:\windows\system32\drivers\bdhv.sys
2010-02-14 17:56 . 2009-12-13 19:52 ——– d—–w- c:\program files\Common Files\Java
2010-02-14 17:55 . 2009-12-13 19:52 ——– d—–w- c:\program files\Java
2010-02-14 09:29 . 2009-12-14 18:30 ——– d—–w- c:\users\Jan\AppData\Roaming\Sony Corporation
2010-02-10 18:47 . 2009-12-13 19:11 ——– d—–w- c:\programdata\Microsoft Help
2010-02-07 17:54 . 2009-12-13 19:01 132 —-a-w- c:\windows\system32\rezumatenoi.dat
2010-02-07 15:30 . 2009-07-14 04:52 ——– d—–w- c:\program files\Windows Sidebar
2010-02-07 15:30 . 2009-07-14 02:37 ——– d—–w- c:\program files\Windows Mail
2010-02-07 15:30 . 2009-07-14 07:49 ——– d—–w- c:\program files\Windows Journal
2010-02-07 15:30 . 2009-07-14 04:52 ——– d—–w- c:\program files\Windows Photo Viewer
2010-02-07 15:30 . 2009-07-14 04:52 ——– d—–w- c:\program files\Windows Defender
2010-02-07 11:43 . 2010-01-02 15:02 ——– d—–w- c:\users\Jan\AppData\Roaming\vlc
2010-02-07 11:43 . 2009-12-13 22:21 ——– d—–w- c:\users\Jan\AppData\Roaming\Zeon
2010-02-07 11:43 . 2009-12-13 20:32 ——– d—–w- c:\users\Jan\AppData\Roaming\Symantec
2010-02-07 11:43 . 2009-12-14 18:10 ——– d—–w- c:\users\Jan\AppData\Roaming\SPB
2010-02-07 11:43 . 2009-12-24 15:42 ——– d—–w- c:\users\Jan\AppData\Roaming\Nero
2010-02-07 11:43 . 2009-12-13 22:20 ——– d—–w- c:\users\Jan\AppData\Roaming\ScanSoft
2010-02-07 11:43 . 2009-12-13 23:00 ——– d—–w- c:\users\Jan\AppData\Roaming\Cropper
2010-02-07 11:43 . 2009-12-13 22:03 ——– d—–w- c:\users\Jan\AppData\Roaming\DAEMON Tools Lite
2010-02-07 11:43 . 2009-12-14 06:46 ——– d—–w- c:\users\Jan\AppData\Roaming\ArcSoft
2010-02-07 11:42 . 2009-12-13 19:44 ——– d—–w- c:\users\Jan\AppData\Roaming\Apple Computer
2010-02-07 11:31 . 2009-12-13 20:00 ——– d—–w- c:\programdata\Symantec
2010-02-07 11:31 . 2009-12-14 18:35 ——– d—–w- c:\programdata\Sony Corporation
2010-02-07 11:31 . 2009-12-14 18:04 ——– d—–w- c:\programdata\Skype
2010-02-07 11:31 . 2009-12-13 22:18 ——– d—–w- c:\programdata\ScanSoft
2010-02-07 11:31 . 2010-01-21 04:33 ——– d—–w- c:\programdata\Office Genuine Advantage
2010-02-07 11:31 . 2009-12-14 17:28 ——– d—–w- c:\programdata\Nero
2010-02-07 11:30 . 2009-12-14 17:24 ——– d—–w- c:\programdata\DVD Shrink
2010-02-07 11:30 . 2009-12-13 22:19 ——– d—–w- c:\programdata\InstallShield
2010-02-07 11:30 . 2009-12-13 22:03 ——– d—–w- c:\programdata\DAEMON Tools Lite
2010-02-07 11:30 . 2009-12-14 18:24 ——– d—–w- c:\programdata\Azureus
2010-02-07 11:30 . 2009-12-13 22:01 ——– d–h–w- c:\programdata\CanonBJ
2010-02-07 11:30 . 2009-12-13 19:43 ——– d—–w- c:\programdata\Apple Computer
2010-02-07 11:30 . 2009-12-13 19:42 ——– d—–w- c:\programdata\Apple
2010-02-07 11:30 . 2009-12-14 18:22 ——– d—–w- c:\program files\Vuze
2010-02-07 11:30 . 2009-12-27 19:48 ——– d—–w- c:\program files\Symantec
2010-02-07 11:30 . 2009-12-14 18:13 ——– d—–w- c:\program files\Spybot - Search & Destroy
2010-02-07 11:29 . 2009-12-14 18:32 ——– d—–w- c:\program files\Sony
2010-02-07 11:29 . 2009-12-14 18:04 ——– d—–r- c:\program files\Skype
2010-02-07 11:28 . 2009-12-13 22:17 ——– d—–w- c:\program files\ScanSoft
2010-02-07 11:28 . 2009-12-13 22:24 ——– d—–w- c:\program files\SAMSUNG
2010-02-07 11:28 . 2009-12-13 19:43 ——– d—–w- c:\program files\Safari
2010-02-07 11:28 . 2009-12-24 13:07 ——– d—–w- c:\program files\Realtek
2010-02-07 11:28 . 2009-12-18 18:42 ——– d—–w- c:\program files\QuickTime
2010-02-07 11:28 . 2009-12-13 20:27 ——– d—–w- c:\program files\PIXresizer
2010-02-07 11:28 . 2009-12-14 17:56 ——– d—–w- c:\program files\Pegasys Inc
2010-02-07 11:27 . 2009-12-27 19:46 ——– d—–w- c:\program files\Norton Ghost
2010-02-07 11:27 . 2009-12-14 06:50 ——– d—–w- c:\program files\OLYMPUS
2010-02-07 11:27 . 2009-12-14 17:28 ——– d—–w- c:\program files\Nero
2010-02-07 11:27 . 2009-12-13 19:17 ——– d—–w- c:\program files\Microsoft Works
2010-02-07 11:27 . 2009-12-13 19:16 ——– d—–w- c:\program files\Microsoft.NET
2010-02-07 11:27 . 2009-07-14 04:52 ——– d—–w- c:\program files\MSBuild
2010-02-07 11:27 . 2009-12-13 19:13 ——– d—–w- c:\program files\Microsoft Visual Studio 8
2010-02-07 11:26 . 2009-12-24 13:08 ——– d—–w- c:\program files\JMicron
2010-02-07 11:24 . 2009-12-13 19:42 ——– d—–w- c:\program files\Common Files\Apple
2010-02-07 11:24 . 2009-12-13 20:22 ——– d—–w- c:\program files\CCleaner
2010-02-07 11:23 . 2009-12-14 06:45 ——– d—–w- c:\program files\ArcSoft
2010-02-07 11:23 . 2009-12-13 19:42 ——– d—–w- c:\program files\Apple Software Update
2010-02-07 11:18 . 2010-02-07 11:18 0 —ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-02-06 16:45 . 2009-12-13 22:45 ——– d—–w- c:\users\Jan\AppData\Roaming\hpqLog
2010-01-22 07:57 . 2010-01-22 07:57 90112 —-a-w- c:\users\Jan\AppData\Roaming\ChromePlus\1.3.6.0\Installer\ChromePlusUpgrade.exe
2010-01-22 06:33 . 2010-01-22 06:33 49152 —-a-w- c:\users\Jan\AppData\Roaming\ChromePlus\1.3.6.0\IETab.dll
2010-01-22 06:12 . 2010-01-22 06:12 529408 —-a-w- c:\users\Jan\AppData\Roaming\ChromePlus\old_chrome.exe
2010-01-22 06:12 . 2010-01-22 06:12 15650816 —-a-w- c:\users\Jan\AppData\Roaming\ChromePlus\1.3.6.0\chrome.dll
2010-01-22 04:37 . 2010-01-22 04:37 150016 —-a-w- c:\users\Jan\AppData\Roaming\ChromePlus\1.3.6.0\locales\it.dll
2010-01-18 23:29 . 2010-02-10 16:08 85504 —-a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-10 16:08 85504 —-a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-10 16:08 365568 —-a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-10 16:08 369152 —-a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-10 16:08 324608 —-a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-10 16:08 277504 —-a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-10 16:08 320512 —-a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-10 16:08 280064 —-a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-08 03:18 . 2010-02-10 16:08 221184 —-a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17 . 2010-02-10 16:08 123392 —-a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-01-06 11:11 . 2010-01-06 11:11 98304 —-a-w- c:\users\Jan\AppData\Roaming\ChromePlus\1.3.6.0\IEHost.exe
2010-01-06 08:11 . 2009-12-14 18:38 129520 ——w- c:\windows\system32\pxafs.dll
2010-01-06 08:11 . 2009-12-14 17:56 120568 ——w- c:\windows\system32\pxcpyi64.exe
2010-01-06 08:11 . 2009-12-14 17:56 118256 ——w- c:\windows\system32\pxinsi64.exe
2010-01-02 14:40 . 2010-01-02 14:40 48648 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-01-02 14:39 . 2010-01-02 14:39 923456 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-31 15:45 . 2009-12-31 15:45 61440 —-a-r- c:\users\Jan\AppData\Roaming\Microsoft\Installer\{088348F9-1E7B-4269-A6A2-621FEC00DBB7}\Uninstall_Iomega_N_088348F91E7B4269A6A2621FEC00DBB7.exe
2009-12-31 15:45 . 2009-12-31 15:45 61440 —-a-r- c:\users\Jan\AppData\Roaming\Microsoft\Installer\{088348F9-1E7B-4269-A6A2-621FEC00DBB7}\IOM_SHORTCUT_DESKT_088348F91E7B4269A6A2621FEC00DBB7_1.exe
2009-12-31 15:45 . 2009-12-31 15:45 61440 —-a-r- c:\users\Jan\AppData\Roaming\Microsoft\Installer\{088348F9-1E7B-4269-A6A2-621FEC00DBB7}\IOM_SHORTCUT_DESKT_088348F91E7B4269A6A2621FEC00DBB7.exe
2009-12-31 15:45 . 2009-12-31 15:45 61440 —-a-r- c:\users\Jan\AppData\Roaming\Microsoft\Installer\{088348F9-1E7B-4269-A6A2-621FEC00DBB7}\ARPPRODUCTICON.exe
2009-12-19 09:02 . 2010-02-10 16:08 12288 —-a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:02 . 2010-02-10 16:08 1328640 —-a-w- c:\windows\system32\quartz.dll
2009-12-19 09:02 . 2010-02-10 16:08 22016 —-a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:02 . 2010-02-10 16:08 31744 —-a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:02 . 2010-02-10 16:08 13312 —-a-w- c:\windows\system32\msrle32.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 –sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 –sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2010-01-08 02:17 700416 —-a-w- c:\program files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll" [2010-01-08 700416]

[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2010-01-26 1724728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2006-05-05 40960]
"Norton Ghost 14.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2009-08-03 2250088]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2006-05-05 36864]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-02-07 1120704]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2010-01-08 974848]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-03 450652]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 —-a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2009-11-25 19:42 95632 —-a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\System32\drivers\BdfNdisf6.sys [19-10-2009 16:04 72200]
R1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [19-10-2009 16:04 79368]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [14-7-2009 0:52 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_62dfbbc3466d0409\AEstSrv.exe [2-3-2009 18:43 81920]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [18-8-2009 2:36 176128]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [8-1-2010 0:51 380928]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [22-9-2009 8:22 83208]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [8-7-2009 13:48 26168]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [14-12-2009 19:13 1153368]
R2 SSPORT;SSPORT;c:\windows\System32\drivers\SSPORT.SYS [13-12-2009 23:24 5120]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\System32\dllhost.exe [14-7-2009 0:43 7168]
R3 BDFM;BDFM;c:\windows\System32\drivers\bdfm.sys [10-11-2009 17:04 153448]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [29-6-2009 10:17 59904]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [1-3-2009 23:05 139776]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [20-12-2007 17:13 1562096]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\System32\drivers\vwifimp.sys [14-7-2009 0:52 14336]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [13-12-2009 23:05 691696]
S3 Arrakis3;BitDefender Arrakis-server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [19-10-2009 16:06 183880]
S3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\System32\drivers\dc3d.sys [4-11-2009 2:59 17408]
S3 fssfltr;fssfltr;c:\windows\System32\drivers\fssfltr.sys [7-2-2010 18:47 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [5-8-2009 22:48 704864]
S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [20-7-2009 19:39 116136]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\System32\Wat\WatAdminSvc.exe [21-2-2010 21:21 1343400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.bing.com/?cc=be
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS VERWIJDERD - - - -

URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\program files\pdfforge Toolbar\SearchSettings.dll
BHO-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\program files\pdfforge Toolbar\SearchSettings.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.
——————— VERGRENDELDE REGISTER SLEUTELS ———————

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2010-02-25 19:10:39
ComboFix-quarantined-files.txt 2010-02-25 18:10

Pre-Run: 434.936.815.616 bytes free
Post-Run: 434.601.553.920 bytes free

- - End Of File - - C745DBCC493783FD897A6E3C6A3B9D4F

Anoniem 25 februari 2010 18:16

Hallo Jan, doe het volgende:

Open een nieuw kladblok bestand. (Start>Alle programma’s>Bureau-accessoires>Kladblok), kopieer en plak het volgende (vetgedrukte, blauwe
tekst) in een leeg venster

[b:1f0b478c21]

Anoniem 25 februari 2010 18:59

Dag Abraham54,
Ik heb wat moeilijkheden gehad om bitdefender uit te schakelen. Ik hoop dat ik het goed heb gedaan.
Hier is het logje:

ComboFix 10-02-24.03 - Jan 25-02-2010 20:13:29.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1033.18.3070.2243 [GMT 1:00]
Gestart vanuit: c:\users\Jan\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Jan\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

(((((((((((((((((((( Bestanden Gemaakt van 2010-01-25 to 2010-02-25 ))))))))))))))))))))))))))))))
.

2010-02-25 19:21 . 2010-02-25 19:21 ——– d—–w- c:\users\Public\AppData\Local\temp
2010-02-25 19:21 . 2010-02-25 19:21 ——– d—–w- c:\users\Default\AppData\Local\temp
2010-02-25 19:11 . 2010-02-25 19:11 ——– d—–w- C:\32788R22FWJFW
2010-02-25 18:31 . 2010-02-25 18:31 ——– d—–w- c:\users\Jan\AppData\Local\Google
2010-02-25 18:10 . 2010-02-25 19:21 ——– d—–w- c:\users\Jan\AppData\Local\temp
2010-02-24 17:39 . 2010-02-24 17:39 524288 —-a-w- c:\users\Jan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Optimalisatie\dds.scr
2010-02-24 17:25 . 2010-02-24 17:25 ——– d—–w- c:\users\Jan\AppData\Roaming\Malwarebytes
2010-02-24 17:25 . 2010-01-07 15:07 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-24 17:25 . 2010-02-24 17:25 ——– d—–w- c:\programdata\Malwarebytes
2010-02-24 17:25 . 2010-02-24 17:25 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
2010-02-24 17:25 . 2010-01-07 15:07 19160 —-a-w- c:\windows\system32\drivers\mbam.sys
2010-02-24 12:29 . 2009-12-13 09:30 641536 —-a-w- c:\windows\system32\CPFilters.dll
2010-02-24 12:29 . 2009-12-13 09:30 465408 —-a-w- c:\windows\system32\psisdecd.dll
2010-02-24 12:29 . 2009-12-13 09:29 417792 —-a-w- c:\windows\system32\msdri.dll
2010-02-24 12:29 . 2010-02-02 07:45 2048 —-a-w- c:\windows\system32\tzres.dll
2010-02-23 20:45 . 2010-02-23 20:56 ——– d—–w- c:\users\Jan\AppData\Local\Microsoft Games
2010-02-23 20:01 . 2010-02-23 20:01 ——– d—–w- c:\program files\Trend Micro
2010-02-22 20:24 . 2010-02-22 20:30 ——– d—–w- c:\program files\virtualStudio
2010-02-21 20:32 . 2010-02-21 20:32 ——– d—–w- c:\users\Jan\AppData\Local\Symantec_Corporation
2010-02-21 20:31 . 2010-02-21 20:35 ——– d—–w- C:\VProRecovery
2010-02-21 20:21 . 2010-02-21 20:21 ——– d—–w- c:\windows\system32\Wat
2010-02-21 19:24 . 2010-02-21 19:24 ——– d—–w- c:\users\Jan\AppData\Local\OLYMPUS
2010-02-21 18:53 . 2010-02-21 18:53 109288 —-a-w- c:\users\Jan\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-21 18:36 . 2010-01-06 08:11 9200 ——w- c:\windows\system32\drivers\cdralw2k.sys
2010-02-21 18:36 . 2010-01-06 08:11 9072 ——w- c:\windows\system32\drivers\cdr4_xp.sys
2010-02-21 18:18 . 2010-02-21 18:18 ——– d—–w- c:\program files\Elaborate Bytes
2010-02-21 17:07 . 2010-02-21 17:07 77824 —-a-w- c:\users\Jan\AppData\Roaming\XMind\configuration-cathy\org.eclipse.osgi\bundles\178\1\.cp\swt-xulrunner-win32-3555.dll
2010-02-21 12:39 . 2010-02-21 12:58 ——– d—–w- c:\users\Jan\AppData\Roaming\CoreFTP
2010-02-21 12:11 . 2010-02-21 12:11 77824 —-a-w- c:\users\Jan\AppData\Roaming\XMind\configuration-cathy\org.eclipse.osgi\bundles\178\1\.cp\swt-gdip-win32-3555.dll
2010-02-21 12:11 . 2010-02-21 12:11 348160 —-a-w- c:\users\Jan\AppData\Roaming\XMind\configuration-cathy\org.eclipse.osgi\bundles\178\1\.cp\swt-win32-3555.dll
2010-02-21 12:10 . 2010-02-21 12:11 ——– d—–w- c:\users\Jan\AppData\Roaming\XMind
2010-02-21 12:09 . 2010-02-21 17:06 ——– d—–w- c:\program files\XMind
2010-02-14 17:55 . 2010-02-14 17:55 411368 —-a-w- c:\windows\system32\deploytk.dll
2010-02-14 09:29 . 2010-02-14 09:29 ——– d—–w- c:\programdata\SonicStage
2010-02-10 20:00 . 2010-02-10 20:00 ——– d—–w- c:\program files\IDT
2010-02-10 20:00 . 2009-03-02 16:57 142848 —-a-w- c:\windows\system32\aestacap.dll
2010-02-10 20:00 . 2009-03-02 16:57 61440 —-a-w- c:\windows\system32\aestaren.dll
2010-02-10 20:00 . 2009-03-02 16:08 368640 —-a-w- c:\windows\system32\aestecap.dll
2010-02-10 20:00 . 2009-06-03 19:43 536576 —-a-w- c:\windows\system32\idtmini1.exe
2010-02-10 20:00 . 2009-06-03 19:43 450652 —-a-w- c:\windows\sttray.exe
2010-02-10 20:00 . 2009-06-03 19:43 3567616 —-a-w- c:\windows\system32\stlang.dll
2010-02-10 20:00 . 2009-03-02 16:47 86016 —-a-w- c:\windows\system32\AESTCom.dll
2010-02-10 20:00 . 2010-02-10 20:00 ——– d—–w- c:\windows\system32\SRSLabs
2010-02-10 16:08 . 2009-12-08 11:40 3955288 —-a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-07 20:12 . 2010-02-07 12:06 ——– d—–w- c:\windows\Panther
2010-02-07 19:49 . 2010-02-07 19:49 ——– d—–w- c:\program files\Application Updater
2010-02-07 19:49 . 2010-02-25 18:01 ——– d—–w- c:\program files\pdfforge Toolbar
2010-02-07 19:49 . 1998-07-05 23:00 23552 —-a-w- c:\windows\system32\MSMPIDE.DLL
2010-02-07 19:49 . 2010-02-07 19:50 ——– d—–w- c:\program files\PDFCreator
2010-02-07 18:12 . 2010-02-07 18:12 54082 —-a-w- c:\users\Jan\AppData\Roaming\ChromePlus\ChromePlus_uninstall.exe
2010-02-07 18:12 . 2010-02-10 19:13 ——– d—–w- c:\users\Jan\AppData\Roaming\ChromePlus
2010-02-07 17:53 . 2010-02-07 17:53 ——– d—–w- c:\program files\Common Files\Adobe
2010-02-07 17:47 . 2010-02-07 17:47 ——– d—–w- c:\program files\Microsoft Office Outlook Connector
2010-02-07 17:47 . 2009-08-05 21:48 54632 —-a-w- c:\windows\system32\drivers\fssfltr.sys
2010-02-07 17:46 . 2010-02-07 17:46 ——– d—–w- c:\program files\Microsoft Sync Framework
2010-02-07 17:45 . 2006-11-29 12:06 3426072 —-a-w- c:\windows\system32\d3dx9_32.dll
2010-02-07 17:45 . 2010-02-07 17:45 ——– d—–w- c:\program files\Microsoft SQL Server Compact Edition
2010-02-07 17:44 . 2010-02-07 17:44 ——– d—–w- c:\program files\Windows Live SkyDrive
2010-02-07 17:44 . 2010-02-07 17:46 ——– d—–w- c:\program files\Windows Live
2010-02-07 17:21 . 2010-02-07 17:55 ——– d—–w- c:\program files\Microsoft Silverlight
2010-02-07 17:20 . 2010-02-07 17:44 ——– d—–w- c:\program files\Microsoft
2010-02-07 17:19 . 2009-09-10 05:52 257024 —-a-w- c:\windows\system32\msv1_0.dll
2010-02-07 17:10 . 2009-10-31 05:45 2614272 —-a-w- c:\windows\explorer.exe
2010-02-07 17:10 . 2009-10-28 06:17 285696 —-a-w- c:\windows\system32\winlogon.exe
2010-02-07 17:10 . 2009-12-19 09:02 977920 —-a-w- c:\windows\system32\wininet.dll
2010-02-07 17:10 . 2009-10-19 14:10 108544 —-a-w- c:\windows\system32\t2embed.dll
2010-02-07 17:10 . 2009-10-19 14:10 70656 —-a-w- c:\windows\system32\fontsub.dll
2010-02-07 17:09 . 2009-08-29 06:57 34816 —-a-w- c:\windows\system32\msasn1.dll
2010-02-07 17:09 . 2009-10-02 04:06 728648 —-a-w- c:\windows\system32\drivers\dxgkrnl.sys
2010-02-07 17:09 . 2009-09-03 07:04 1320960 —-a-w- c:\windows\system32\CertEnroll.dll
2010-02-07 17:09 . 2009-08-19 07:20 442920 —-a-w- c:\windows\system32\winresume.exe
2010-02-07 17:09 . 2009-08-19 07:20 507568 —-a-w- c:\windows\system32\winload.exe
2010-02-07 17:09 . 2009-07-30 04:44 293888 —-a-w- c:\windows\system32\atmfd.dll
2010-02-07 17:09 . 2009-08-29 06:54 12625408 —-a-w- c:\windows\system32\wmploc.DLL
2010-02-07 15:30 . 2010-02-07 15:30 704320 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-02-07 13:08 . 2010-02-07 13:11 ——– d—–w- c:\programdata\BitDefender
2010-02-07 13:08 . 2010-02-07 13:08 ——– d—–w- c:\users\Jan\AppData\Roaming\BitDefender
2010-02-07 13:08 . 2010-02-07 13:08 ——– d—–w- c:\program files\BitDefender
2010-02-07 13:07 . 2010-02-07 13:08 ——– d—–w- c:\program files\Common Files\BitDefender
2010-02-07 12:09 . 2010-02-25 19:17 ——– d—–w- c:\windows\system32\wbem\Performance
2010-02-07 11:55 . 2010-02-07 11:55 22508 —-a-w- c:\windows\system32\emptyregdb.dat
2010-02-07 11:46 . 2010-02-07 11:46 ——– d—–w- c:\users\Default\AppData\Local\Microsoft Help
2010-02-07 11:18 . 2010-02-07 11:18 0 —-a-w- c:\windows\ativpsrm.bin
2010-02-06 16:36 . 2010-02-07 11:43 ——– d—–w- c:\users\Jan\AppData\Roaming\CheeseSoft
2010-02-06 16:36 . 2010-02-07 11:25 ——– d—–w- c:\program files\FinalUninstaller
2010-01-31 13:15 . 2010-02-07 11:25 ——– d—–w- c:\program files\DVDSmith Movie Backup
2010-01-31 13:08 . 2010-02-07 11:32 ——– d—–w- c:\windows\Sun

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-25 19:13 . 2009-12-14 18:04 ——– d—–w- c:\users\Jan\AppData\Roaming\Skype
2010-02-25 19:10 . 2009-12-14 18:10 ——– d—–w- c:\users\Jan\AppData\Roaming\skypePM
2010-02-23 17:24 . 2009-12-14 18:13 ——– d—–w- c:\programdata\Spybot - Search & Destroy
2010-02-21 20:13 . 2009-12-13 19:43 ——– d—–w- c:\program files\Bonjour
2010-02-21 18:49 . 2009-12-13 20:17 ——– d—–w- c:\program files\Common Files\PX Storage Engine
2010-02-21 18:08 . 2009-12-13 22:05 691696 —-a-w- c:\windows\system32\drivers\sptd.sys
2010-02-21 18:00 . 2009-12-14 18:24 ——– d—–w- c:\users\Jan\AppData\Roaming\Azureus
2010-02-20 10:28 . 2009-12-16 18:22 ——– d—–w- c:\users\Jan\AppData\Roaming\Canon
2010-02-17 14:39 . 2009-12-14 18:07 ——– d—–w- c:\program files\Spector Photo Software
2010-02-15 16:58 . 2009-11-10 16:04 153448 —-a-w- c:\windows\system32\drivers\bdfm.sys
2010-02-15 16:58 . 2009-11-10 16:03 106464 —-a-w- c:\windows\system32\drivers\bdhv.sys
2010-02-14 17:56 . 2009-12-13 19:52 ——– d—–w- c:\program files\Common Files\Java
2010-02-14 17:55 . 2009-12-13 19:52 ——– d—–w- c:\program files\Java
2010-02-14 09:29 . 2009-12-14 18:30 ——– d—–w- c:\users\Jan\AppData\Roaming\Sony Corporation
2010-02-10 18:47 . 2009-12-13 19:11 ——– d—–w- c:\programdata\Microsoft Help
2010-02-07 17:54 . 2009-12-13 19:01 132 —-a-w- c:\windows\system32\rezumatenoi.dat
2010-02-07 15:30 . 2009-07-14 04:52 ——– d—–w- c:\program files\Windows Sidebar
2010-02-07 15:30 . 2009-07-14 02:37 ——– d—–w- c:\program files\Windows Mail
2010-02-07 15:30 . 2009-07-14 07:49 ——– d—–w- c:\program files\Windows Journal
2010-02-07 15:30 . 2009-07-14 04:52 ——– d—–w- c:\program files\Windows Photo Viewer
2010-02-07 15:30 . 2009-07-14 04:52 ——– d—–w- c:\program files\Windows Defender
2010-02-07 11:43 . 2010-01-02 15:02 ——– d—–w- c:\users\Jan\AppData\Roaming\vlc
2010-02-07 11:43 . 2009-12-13 22:21 ——– d—–w- c:\users\Jan\AppData\Roaming\Zeon
2010-02-07 11:43 . 2009-12-13 20:32 ——– d—–w- c:\users\Jan\AppData\Roaming\Symantec
2010-02-07 11:43 . 2009-12-14 18:10 ——– d—–w- c:\users\Jan\AppData\Roaming\SPB
2010-02-07 11:43 . 2009-12-24 15:42 ——– d—–w- c:\users\Jan\AppData\Roaming\Nero
2010-02-07 11:43 . 2009-12-13 22:20 ——– d—–w- c:\users\Jan\AppData\Roaming\ScanSoft
2010-02-07 11:43 . 2009-12-13 23:00 ——– d—–w- c:\users\Jan\AppData\Roaming\Cropper
2010-02-07 11:43 . 2009-12-13 22:03 ——– d—–w- c:\users\Jan\AppData\Roaming\DAEMON Tools Lite
2010-02-07 11:43 . 2009-12-14 06:46 ——– d—–w- c:\users\Jan\AppData\Roaming\ArcSoft
2010-02-07 11:42 . 2009-12-13 19:44 ——– d—–w- c:\users\Jan\AppData\Roaming\Apple Computer
2010-02-07 11:31 . 2009-12-13 20:00 ——– d—–w- c:\programdata\Symantec
2010-02-07 11:31 . 2009-12-14 18:35 ——– d—–w- c:\programdata\Sony Corporation
2010-02-07 11:31 . 2009-12-14 18:04 ——– d—–w- c:\programdata\Skype
2010-02-07 11:31 . 2009-12-13 22:18 ——– d—–w- c:\programdata\ScanSoft
2010-02-07 11:31 . 2010-01-21 04:33 ——– d—–w- c:\programdata\Office Genuine Advantage
2010-02-07 11:31 . 2009-12-14 17:28 ——– d—–w- c:\programdata\Nero
2010-02-07 11:30 . 2009-12-14 17:24 ——– d—–w- c:\programdata\DVD Shrink
2010-02-07 11:30 . 2009-12-13 22:19 ——– d—–w- c:\programdata\InstallShield
2010-02-07 11:30 . 2009-12-13 22:03 ——– d—–w- c:\programdata\DAEMON Tools Lite
2010-02-07 11:30 . 2009-12-14 18:24 ——– d—–w- c:\programdata\Azureus
2010-02-07 11:30 . 2009-12-13 22:01 ——– d–h–w- c:\programdata\CanonBJ
2010-02-07 11:30 . 2009-12-13 19:43 ——– d—–w- c:\programdata\Apple Computer
2010-02-07 11:30 . 2009-12-13 19:42 ——– d—–w- c:\programdata\Apple
2010-02-07 11:30 . 2009-12-14 18:22 ——– d—–w- c:\program files\Vuze
2010-02-07 11:30 . 2009-12-27 19:48 ——– d—–w- c:\program files\Symantec
2010-02-07 11:30 . 2009-12-14 18:13 ——– d—–w- c:\program files\Spybot - Search & Destroy
2010-02-07 11:29 . 2009-12-14 18:32 ——– d—–w- c:\program files\Sony
2010-02-07 11:29 . 2009-12-14 18:04 ——– d—–r- c:\program files\Skype
2010-02-07 11:28 . 2009-12-13 22:17 ——– d—–w- c:\program files\ScanSoft
2010-02-07 11:28 . 2009-12-13 22:24 ——– d—–w- c:\program files\SAMSUNG
2010-02-07 11:28 . 2009-12-13 19:43 ——– d—–w- c:\program files\Safari
2010-02-07 11:28 . 2009-12-24 13:07 ——– d—–w- c:\program files\Realtek
2010-02-07 11:28 . 2009-12-18 18:42 ——– d—–w- c:\program files\QuickTime
2010-02-07 11:28 . 2009-12-13 20:27 ——– d—–w- c:\program files\PIXresizer
2010-02-07 11:28 . 2009-12-14 17:56 ——– d—–w- c:\program files\Pegasys Inc
2010-02-07 11:27 . 2009-12-27 19:46 ——– d—–w- c:\program files\Norton Ghost
2010-02-07 11:27 . 2009-12-14 06:50 ——– d—–w- c:\program files\OLYMPUS
2010-02-07 11:27 . 2009-12-14 17:28 ——– d—–w- c:\program files\Nero
2010-02-07 11:27 . 2009-12-13 19:17 ——– d—–w- c:\program files\Microsoft Works
2010-02-07 11:27 . 2009-12-13 19:16 ——– d—–w- c:\program files\Microsoft.NET
2010-02-07 11:27 . 2009-07-14 04:52 ——– d—–w- c:\program files\MSBuild
2010-02-07 11:27 . 2009-12-13 19:13 ——– d—–w- c:\program files\Microsoft Visual Studio 8
2010-02-07 11:26 . 2009-12-24 13:08 ——– d—–w- c:\program files\JMicron
2010-02-07 11:24 . 2009-12-13 19:42 ——– d—–w- c:\program files\Common Files\Apple
2010-02-07 11:24 . 2009-12-13 20:22 ——– d—–w- c:\program files\CCleaner
2010-02-07 11:23 . 2009-12-14 06:45 ——– d—–w- c:\program files\ArcSoft
2010-02-07 11:23 . 2009-12-13 19:42 ——– d—–w- c:\program files\Apple Software Update
2010-02-07 11:18 . 2010-02-07 11:18 0 —ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-02-06 16:45 . 2009-12-13 22:45 ——– d—–w- c:\users\Jan\AppData\Roaming\hpqLog
2010-01-22 07:57 . 2010-01-22 07:57 90112 —-a-w- c:\users\Jan\AppData\Roaming\ChromePlus\1.3.6.0\Installer\ChromePlusUpgrade.exe
2010-01-22 06:33 . 2010-01-22 06:33 49152 —-a-w- c:\users\Jan\AppData\Roaming\ChromePlus\1.3.6.0\IETab.dll
2010-01-22 06:12 . 2010-01-22 06:12 529408 —-a-w- c:\users\Jan\AppData\Roaming\ChromePlus\old_chrome.exe
2010-01-22 06:12 . 2010-01-22 06:12 15650816 —-a-w- c:\users\Jan\AppData\Roaming\ChromePlus\1.3.6.0\chrome.dll
2010-01-22 04:37 . 2010-01-22 04:37 150016 —-a-w- c:\users\Jan\AppData\Roaming\ChromePlus\1.3.6.0\locales\it.dll
2010-01-18 23:29 . 2010-02-10 16:08 85504 —-a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-10 16:08 85504 —-a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-10 16:08 365568 —-a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-10 16:08 369152 —-a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-10 16:08 324608 —-a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-10 16:08 277504 —-a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-10 16:08 320512 —-a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-10 16:08 280064 —-a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-08 03:18 . 2010-02-10 16:08 221184 —-a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17 . 2010-02-10 16:08 123392 —-a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-01-06 11:11 . 2010-01-06 11:11 98304 —-a-w- c:\users\Jan\AppData\Roaming\ChromePlus\1.3.6.0\IEHost.exe
2010-01-06 08:11 . 2009-12-14 18:38 129520 ——w- c:\windows\system32\pxafs.dll
2010-01-06 08:11 . 2009-12-14 17:56 120568 ——w- c:\windows\system32\pxcpyi64.exe
2010-01-06 08:11 . 2009-12-14 17:56 118256 ——w- c:\windows\system32\pxinsi64.exe
2010-01-02 14:40 . 2010-01-02 14:40 48648 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-01-02 14:39 . 2010-01-02 14:39 923456 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-31 15:45 . 2009-12-31 15:45 61440 —-a-r- c:\users\Jan\AppData\Roaming\Microsoft\Installer\{088348F9-1E7B-4269-A6A2-621FEC00DBB7}\Uninstall_Iomega_N_088348F91E7B4269A6A2621FEC00DBB7.exe
2009-12-31 15:45 . 2009-12-31 15:45 61440 —-a-r- c:\users\Jan\AppData\Roaming\Microsoft\Installer\{088348F9-1E7B-4269-A6A2-621FEC00DBB7}\IOM_SHORTCUT_DESKT_088348F91E7B4269A6A2621FEC00DBB7_1.exe
2009-12-31 15:45 . 2009-12-31 15:45 61440 —-a-r- c:\users\Jan\AppData\Roaming\Microsoft\Installer\{088348F9-1E7B-4269-A6A2-621FEC00DBB7}\IOM_SHORTCUT_DESKT_088348F91E7B4269A6A2621FEC00DBB7.exe
2009-12-31 15:45 . 2009-12-31 15:45 61440 —-a-r- c:\users\Jan\AppData\Roaming\Microsoft\Installer\{088348F9-1E7B-4269-A6A2-621FEC00DBB7}\ARPPRODUCTICON.exe
2009-12-19 09:02 . 2010-02-10 16:08 12288 —-a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:02 . 2010-02-10 16:08 1328640 —-a-w- c:\windows\system32\quartz.dll
2009-12-19 09:02 . 2010-02-10 16:08 22016 —-a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:02 . 2010-02-10 16:08 31744 —-a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:02 . 2010-02-10 16:08 13312 —-a-w- c:\windows\system32\msrle32.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 –sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 –sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-02-25_18.03.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-07 11:19 . 2010-02-25 19:09 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-07 11:19 . 2010-02-25 17:30 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-07 11:19 . 2010-02-25 17:30 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-07 11:19 . 2010-02-25 19:09 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2010-02-25 19:09 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2010-02-25 17:30 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-07 11:56 . 2010-02-25 17:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-07 11:56 . 2010-02-25 19:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-07 11:56 . 2010-02-25 19:10 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-07 11:56 . 2010-02-25 17:32 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-07 11:56 . 2010-02-25 17:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-07 11:56 . 2010-02-25 19:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-07 11:56 . 2010-02-25 19:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-07 11:56 . 2010-02-25 17:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-14 18:02 . 2010-02-25 19:03 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-14 18:02 . 2010-02-25 17:36 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-14 18:02 . 2010-02-25 17:36 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2009-12-14 18:02 . 2010-02-25 19:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2009-12-14 18:02 . 2010-02-25 17:36 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2009-12-14 18:02 . 2010-02-25 19:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2010-02-07 11:56 . 2010-02-25 19:10 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-07 11:56 . 2010-02-25 17:36 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-07 11:56 . 2010-02-25 19:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-07 11:56 . 2010-02-25 17:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-25 17:30 . 2010-02-25 17:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-02-25 19:09 . 2010-02-25 19:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-02-25 17:30 . 2010-02-25 17:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-02-25 19:09 . 2010-02-25 19:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:05 . 2010-02-25 19:17 610094 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-02-25 17:35 610094 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-02-25 17:35 104412 c:\windows\System32\perfc009.dat
+ 2009-07-14 02:05 . 2010-02-25 19:17 104412 c:\windows\System32\perfc009.dat
+ 2009-07-14 02:03 . 2010-02-25 18:56 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:03 . 2010-02-25 17:56 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2010-01-08 02:17 700416 —-a-w- c:\program files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll" [2010-01-08 700416]

[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2010-01-26 1724728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2006-05-05 40960]
"Norton Ghost 14.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2009-08-03 2250088]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2006-05-05 36864]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2010-01-08 974848]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-03 450652]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
2010-02-07 13:15 1120704 —-a-w- c:\program files\BitDefender\BitDefender 2010\bdagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper]
2009-10-19 15:05 71152 —-a-w- c:\program files\BitDefender\BitDefender 2010\ieshow.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 —-a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2009-11-25 19:42 95632 —-a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\System32\drivers\BdfNdisf6.sys [19-10-2009 16:04 72200]
R1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [19-10-2009 16:04 79368]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [14-7-2009 0:52 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_62dfbbc3466d0409\AEstSrv.exe [2-3-2009 18:43 81920]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [18-8-2009 2:36 176128]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [8-1-2010 0:51 380928]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [22-9-2009 8:22 83208]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [8-7-2009 13:48 26168]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [14-12-2009 19:13 1153368]
R2 SSPORT;SSPORT;c:\windows\System32\drivers\SSPORT.SYS [13-12-2009 23:24 5120]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\System32\dllhost.exe [14-7-2009 0:43 7168]
R3 BDFM;BDFM;c:\windows\System32\drivers\bdfm.sys [10-11-2009 17:04 153448]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [29-6-2009 10:17 59904]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [1-3-2009 23:05 139776]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [20-12-2007 17:13 1562096]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\System32\drivers\vwifimp.sys [14-7-2009 0:52 14336]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [13-12-2009 23:05 691696]
S3 Arrakis3;BitDefender Arrakis-server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [19-10-2009 16:06 183880]
S3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\System32\drivers\dc3d.sys [4-11-2009 2:59 17408]
S3 fssfltr;fssfltr;c:\windows\System32\drivers\fssfltr.sys [7-2-2010 18:47 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [5-8-2009 22:48 704864]
S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [20-7-2009 19:39 116136]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\System32\Wat\WatAdminSvc.exe [21-2-2010 21:21 1343400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.bing.com/?cc=be
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS VERWIJDERD - - - -

URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)

.
——————— VERGRENDELDE REGISTER SLEUTELS ———————

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2010-02-25 20:24:34
ComboFix-quarantined-files.txt 2010-02-25 19:24
ComboFix2.txt 2010-02-25 18:10

Pre-Run: 434.677.506.048 bytes free
Post-Run: 434.607.693.824 bytes free

- - End Of File - - 5D7C342FBAB89FF474D85223040F28D5

Anoniem 25 februari 2010 19:27

Hmmm, je hebt inmiddels Google's Chromebrowser geïnstalleerd en de malware is niet verwijderd.

Mogelijk dat aanpassing van het script er wel voor gaat zorgen!

Open dus opnieuw een nieuw kladblok bestand. (Start>Alle programma’s>Bureau-accessoires>Kladblok), kopieer en plak het volgende (vetgedrukte, blauwe
tekst) in een leeg venster

[b:f16b55b6b5]

Anoniem 25 februari 2010 19:49

Daar gaan we:
ComboFix 10-02-25.02 - Jan 25-02-2010 20:55:03.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1033.18.3070.2094 [GMT 1:00]
Gestart vanuit: c:\users\Jan\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Jan\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

FILE ::
"c:\windows\system32\pxcpyi64.exe"
"c:\windows\system32\pxinsi64.exe"
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\pxcpyi64.exe
c:\windows\system32\pxinsi64.exe

.
(((((((((((((((((((( Bestanden Gemaakt van 2010-01-25 to 2010-02-25 ))))))))))))))))))))))))))))))
.

2010-02-25 20:01 . 2010-02-25 20:01 ——– d—–w- c:\users\Jan\AppData\Local\temp
2010-02-25 20:01 . 2010-02-25 20:01 ——– d—–w- c:\users\Public\AppData\Local\temp
2010-02-25 20:01 . 2010-02-25 20:01 ——– d—–w- c:\users\Default\AppData\Local\temp
2010-02-25 19:53 . 2010-02-25 19:53 ——– d—–w- C:\32788R22FWJFW
2010-02-25 18:31 . 2010-02-25 18:31 ——– d—–w- c:\users\Jan\AppData\Local\Google
2010-02-24 17:39 . 2010-02-24 17:39 524288 —-a-w- c:\users\Jan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Optimalisatie\dds.scr
2010-02-24 17:25 . 2010-02-24 17:25 ——– d—–w- c:\users\Jan\AppData\Roaming\Malwarebytes
2010-02-24 17:25 . 2010-01-07 15:07 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-24 17:25 . 2010-02-24 17:25 ——– d—–w- c:\programdata\Malwarebytes
2010-02-24 17:25 . 2010-02-24 17:25 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
2010-02-24 17:25 . 2010-01-07 15:07 19160 —-a-w- c:\windows\system32\drivers\mbam.sys
2010-02-24 12:29 . 2009-12-13 09:30 641536 —-a-w- c:\windows\system32\CPFilters.dll
2010-02-24 12:29 . 2009-12-13 09:30 465408 —-a-w- c:\windows\system32\psisdecd.dll
2010-02-24 12:29 . 2009-12-13 09:29 417792 —-a-w- c:\windows\system32\msdri.dll
2010-02-24 12:29 . 2010-02-02 07:45 2048 —-a-w- c:\windows\system32\tzres.dll
2010-02-23 20:45 . 2010-02-23 20:56 ——– d—–w- c:\users\Jan\AppData\Local\Microsoft Games
2010-02-23 20:01 . 2010-02-23 20:01 ——– d—–w- c:\program files\Trend Micro
2010-02-22 20:24 . 2010-02-22 20:30 ——– d—–w- c:\program files\virtualStudio
2010-02-21 20:32 . 2010-02-21 20:32 ——– d—–w- c:\users\Jan\AppData\Local\Symantec_Corporation
2010-02-21 20:31 . 2010-02-21 20:35 ——– d—–w- C:\VProRecovery
2010-02-21 20:21 . 2010-02-21 20:21 ——– d—–w- c:\windows\system32\Wat
2010-02-21 19:24 . 2010-02-21 19:24 ——– d—–w- c:\users\Jan\AppData\Local\OLYMPUS
2010-02-21 18:53 . 2010-02-21 18:53 109288 —-a-w- c:\users\Jan\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-21 18:36 . 2010-01-06 08:11 9200 ——w- c:\windows\system32\drivers\cdralw2k.sys
2010-02-21 18:36 . 2010-01-06 08:11 9072 ——w- c:\windows\system32\drivers\cdr4_xp.sys
2010-02-21 18:18 . 2010-02-21 18:18 ——– d—–w- c:\program files\Elaborate Bytes
2010-02-21 17:07 . 2010-02-21 17:07 77824 —-a-w- c:\users\Jan\AppData\Roaming\XMind\configuration-cathy\org.eclipse.osgi\bundles\178\1\.cp\swt-xulrunner-win32-3555.dll
2010-02-21 12:39 . 2010-02-21 12:58 ——– d—–w- c:\users\Jan\AppData\Roaming\CoreFTP
2010-02-21 12:11 . 2010-02-21 12:11 77824 —-a-w- c:\users\Jan\AppData\Roaming\XMind\configuration-cathy\org.eclipse.osgi\bundles\178\1\.cp\swt-gdip-win32-3555.dll
2010-02-21 12:11 . 2010-02-21 12:11 348160 —-a-w- c:\users\Jan\AppData\Roaming\XMind\configuration-cathy\org.eclipse.osgi\bundles\178\1\.cp\swt-win32-3555.dll
2010-02-21 12:10 . 2010-02-21 12:11 ——– d—–w- c:\users\Jan\AppData\Roaming\XMind
2010-02-21 12:09 . 2010-02-21 17:06 ——– d—–w- c:\program files\XMind
2010-02-14 17:55 . 2010-02-14 17:55 411368 —-a-w- c:\windows\system32\deploytk.dll
2010-02-14 09:29 . 2010-02-14 09:29 ——– d—–w- c:\programdata\SonicStage
2010-02-10 20:00 . 2010-02-10 20:00 ——– d—–w- c:\program files\IDT
2010-02-10 20:00 . 2009-03-02 16:57 142848 —-a-w- c:\windows\system32\aestacap.dll
2010-02-10 20:00 . 2009-03-02 16:57 61440 —-a-w- c:\windows\system32\aestaren.dll
2010-02-10 20:00 . 2009-03-02 16:08 368640 —-a-w- c:\windows\system32\aestecap.dll
2010-02-10 20:00 . 2009-06-03 19:43 536576 —-a-w- c:\windows\system32\idtmini1.exe
2010-02-10 20:00 . 2009-06-03 19:43 450652 —-a-w- c:\windows\sttray.exe
2010-02-10 20:00 . 2009-06-03 19:43 3567616 —-a-w- c:\windows\system32\stlang.dll
2010-02-10 20:00 . 2009-03-02 16:47 86016 —-a-w- c:\windows\system32\AESTCom.dll
2010-02-10 20:00 . 2010-02-10 20:00 ——– d—–w- c:\windows\system32\SRSLabs
2010-02-10 16:08 . 2009-12-08 11:40 3955288 —-a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-07 20:12 . 2010-02-07 12:06 ——– d—–w- c:\windows\Panther
2010-02-07 19:49 . 2010-02-07 19:49 ——– d—–w- c:\program files\Application Updater
2010-02-07 19:49 . 2010-02-25 18:01 ——– d—–w- c:\program files\pdfforge Toolbar
2010-02-07 19:49 . 1998-07-05 23:00 23552 —-a-w- c:\windows\system32\MSMPIDE.DLL
2010-02-07 19:49 . 2010-02-07 19:50 ——– d—–w- c:\program files\PDFCreator
2010-02-07 18:12 . 2010-02-07 18:12 54082 —-a-w- c:\users\Jan\AppData\Roaming\ChromePlus\ChromePlus_uninstall.exe
2010-02-07 18:12 . 2010-02-10 19:13 ——– d—–w- c:\users\Jan\AppData\Roaming\ChromePlus
2010-02-07 17:53 . 2010-02-07 17:53 ——– d—–w- c:\program files\Common Files\Adobe
2010-02-07 17:47 . 2010-02-07 17:47 ——– d—–w- c:\program files\Microsoft Office Outlook Connector
2010-02-07 17:47 . 2009-08-05 21:48 54632 —-a-w- c:\windows\system32\drivers\fssfltr.sys
2010-02-07 17:46 . 2010-02-07 17:46 ——– d—–w- c:\program files\Microsoft Sync Framework
2010-02-07 17:45 . 2006-11-29 12:06 3426072 —-a-w- c:\windows\system32\d3dx9_32.dll
2010-02-07 17:45 . 2010-02-07 17:45 ——– d—–w- c:\program files\Microsoft SQL Server Compact Edition
2010-02-07 17:44 . 2010-02-07 17:44 ——– d—–w- c:\program files\Windows Live SkyDrive
2010-02-07 17:44 . 2010-02-07 17:46 ——– d—–w- c:\program files\Windows Live
2010-02-07 17:21 . 2010-02-07 17:55 ——– d—–w- c:\program files\Microsoft Silverlight
2010-02-07 17:20 . 2010-02-07 17:44 ——– d—–w- c:\program files\Microsoft
2010-02-07 17:19 . 2009-09-10 05:52 257024 —-a-w- c:\windows\system32\msv1_0.dll
2010-02-07 17:10 . 2009-10-31 05:45 2614272 —-a-w- c:\windows\explorer.exe
2010-02-07 17:10 . 2009-10-28 06:17 285696 —-a-w- c:\windows\system32\winlogon.exe
2010-02-07 17:10 . 2009-12-19 09:02 977920 —-a-w- c:\windows\system32\wininet.dll
2010-02-07 17:10 . 2009-10-19 14:10 108544 —-a-w- c:\windows\system32\t2embed.dll
2010-02-07 17:10 . 2009-10-19 14:10 70656 —-a-w- c:\windows\system32\fontsub.dll
2010-02-07 17:09 . 2009-08-29 06:57 34816 —-a-w- c:\windows\system32\msasn1.dll
2010-02-07 17:09 . 2009-10-02 04:06 728648 —-a-w- c:\windows\system32\drivers\dxgkrnl.sys
2010-02-07 17:09 . 2009-09-03 07:04 1320960 —-a-w- c:\windows\system32\CertEnroll.dll
2010-02-07 17:09 . 2009-08-19 07:20 442920 —-a-w- c:\windows\system32\winresume.exe
2010-02-07 17:09 . 2009-08-19 07:20 507568 —-a-w- c:\windows\system32\winload.exe
2010-02-07 17:09 . 2009-07-30 04:44 293888 —-a-w- c:\windows\system32\atmfd.dll
2010-02-07 17:09 . 2009-08-29 06:54 12625408 —-a-w- c:\windows\system32\wmploc.DLL
2010-02-07 15:30 . 2010-02-07 15:30 704320 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-02-07 13:08 . 2010-02-07 13:11 ——– d—–w- c:\programdata\BitDefender
2010-02-07 13:08 . 2010-02-07 13:08 ——– d—–w- c:\users\Jan\AppData\Roaming\BitDefender
2010-02-07 13:08 . 2010-02-07 13:08 ——– d—–w- c:\program files\BitDefender
2010-02-07 13:07 . 2010-02-07 13:08 ——– d—–w- c:\program files\Common Files\BitDefender
2010-02-07 12:09 . 2010-02-25 19:17 ——– d—–w- c:\windows\system32\wbem\Performance
2010-02-07 11:55 . 2010-02-07 11:55 22508 —-a-w- c:\windows\system32\emptyregdb.dat
2010-02-07 11:46 . 2010-02-07 11:46 ——– d—–w- c:\users\Default\AppData\Local\Microsoft Help
2010-02-07 11:18 . 2010-02-07 11:18 0 —-a-w- c:\windows\ativpsrm.bin
2010-02-06 16:36 . 2010-02-07 11:43 ——– d—–w- c:\users\Jan\AppData\Roaming\CheeseSoft
2010-02-06 16:36 . 2010-02-07 11:25 ——– d—–w- c:\program files\FinalUninstaller
2010-01-31 13:15 . 2010-02-07 11:25 ——– d—–w- c:\program files\DVDSmith Movie Backup
2010-01-31 13:08 . 2010-02-07 11:32 ——– d—–w- c:\windows\Sun

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-25 19:25 . 2009-12-14 18:04 ——– d—–w- c:\users\Jan\AppData\Roaming\Skype
2010-02-25 19:10 . 2009-12-14 18:10 ——– d—–w- c:\users\Jan\AppData\Roaming\skypePM
2010-02-23 17:24 . 2009-12-14 18:13 ——– d—–w- c:\programdata\Spybot - Search & Destroy
2010-02-21 20:13 . 2009-12-13 19:43 ——– d—–w- c:\program files\Bonjour
2010-02-21 18:49 . 2009-12-13 20:17 ——– d—–w- c:\program files\Common Files\PX Storage Engine
2010-02-21 18:08 . 2009-12-13 22:05 691696 —-a-w- c:\windows\system32\drivers\sptd.sys
2010-02-21 18:00 . 2009-12-14 18:24 ——– d—–w- c:\users\Jan\AppData\Roaming\Azureus
2010-02-20 10:28 . 2009-12-16 18:22 ——– d—–w- c:\users\Jan\AppData\Roaming\Canon
2010-02-17 14:39 . 2009-12-14 18:07 ——– d—–w- c:\program files\Spector Photo Software
2010-02-15 16:58 . 2009-11-10 16:04 153448 —-a-w- c:\windows\system32\drivers\bdfm.sys
2010-02-15 16:58 . 2009-11-10 16:03 106464 —-a-w- c:\windows\system32\drivers\bdhv.sys
2010-02-14 17:56 . 2009-12-13 19:52 ——– d—–w- c:\program files\Common Files\Java
2010-02-14 17:55 . 2009-12-13 19:52 ——– d—–w- c:\program files\Java
2010-02-14 09:29 . 2009-12-14 18:30 ——– d—–w- c:\users\Jan\AppData\Roaming\Sony Corporation
2010-02-10 18:47 . 2009-12-13 19:11 ——– d—–w- c:\programdata\Microsoft Help
2010-02-07 17:54 . 2009-12-13 19:01 132 —-a-w- c:\windows\system32\rezumatenoi.dat
2010-02-07 15:30 . 2009-07-14 04:52 ——– d—–w- c:\program files\Windows Sidebar
2010-02-07 15:30 . 2009-07-14 02:37 ——– d—–w- c:\program files\Windows Mail
2010-02-07 15:30 . 2009-07-14 07:49 ——– d—–w- c:\program files\Windows Journal
2010-02-07 15:30 . 2009-07-14 04:52 ——– d—–w- c:\program files\Windows Photo Viewer
2010-02-07 15:30 . 2009-07-14 04:52 ——– d—–w- c:\program files\Windows Defender
2010-02-07 11:43 . 2010-01-02 15:02 ——– d—–w- c:\users\Jan\AppData\Roaming\vlc
2010-02-07 11:43 . 2009-12-13 22:21 ——– d—–w- c:\users\Jan\AppData\Roaming\Zeon
2010-02-07 11:43 . 2009-12-13 20:32 ——– d—–w- c:\users\Jan\AppData\Roaming\Symantec
2010-02-07 11:43 . 2009-12-14 18:10 ——– d—–w- c:\users\Jan\AppData\Roaming\SPB
2010-02-07 11:43 . 2009-12-24 15:42 ——– d—–w- c:\users\Jan\AppData\Roaming\Nero
2010-02-07 11:43 . 2009-12-13 22:20 ——– d—–w- c:\users\Jan\AppData\Roaming\ScanSoft
2010-02-07 11:43 . 2009-12-13 23:00 ——– d—–w- c:\users\Jan\AppData\Roaming\Cropper
2010-02-07 11:43 . 2009-12-13 22:03 ——– d—–w- c:\users\Jan\AppData\Roaming\DAEMON Tools Lite
2010-02-07 11:43 . 2009-12-14 06:46 ——– d—–w- c:\users\Jan\AppData\Roaming\ArcSoft
2010-02-07 11:42 . 2009-12-13 19:44 ——– d—–w- c:\users\Jan\AppData\Roaming\Apple Computer
2010-02-07 11:31 . 2009-12-13 20:00 ——– d—–w- c:\programdata\Symantec
2010-02-07 11:31 . 2009-12-14 18:35 ——– d—–w- c:\programdata\Sony Corporation
2010-02-07 11:31 . 2009-12-14 18:04 ——– d—–w- c:\programdata\Skype
2010-02-07 11:31 . 2009-12-13 22:18 ——– d—–w- c:\programdata\ScanSoft
2010-02-07 11:31 . 2010-01-21 04:33 ——– d—–w- c:\programdata\Office Genuine Advantage
2010-02-07 11:31 . 2009-12-14 17:28 ——– d—–w- c:\programdata\Nero
2010-02-07 11:30 . 2009-12-14 17:24 ——– d—–w- c:\programdata\DVD Shrink
2010-02-07 11:30 . 2009-12-13 22:19 ——– d—–w- c:\programdata\InstallShield
2010-02-07 11:30 . 2009-12-13 22:03 ——– d—–w- c:\programdata\DAEMON Tools Lite
2010-02-07 11:30 . 2009-12-14 18:24 ——– d—–w- c:\programdata\Azureus
2010-02-07 11:30 . 2009-12-13 22:01 ——– d–h–w- c:\programdata\CanonBJ
2010-02-07 11:30 . 2009-12-13 19:43 ——– d—–w- c:\programdata\Apple Computer
2010-02-07 11:30 . 2009-12-13 19:42 ——– d—–w- c:\programdata\Apple
2010-02-07 11:30 . 2009-12-14 18:22 ——– d—–w- c:\program files\Vuze
2010-02-07 11:30 . 2009-12-27 19:48 ——– d—–w- c:\program files\Symantec
2010-02-07 11:30 . 2009-12-14 18:13 ——– d—–w- c:\program files\Spybot - Search & Destroy
2010-02-07 11:29 . 2009-12-14 18:32 ——– d—–w- c:\program files\Sony
2010-02-07 11:29 . 2009-12-14 18:04 ——– d—–r- c:\program files\Skype
2010-02-07 11:28 . 2009-12-13 22:17 ——– d—–w- c:\program files\ScanSoft
2010-02-07 11:28 . 2009-12-13 22:24 ——– d—–w- c:\program files\SAMSUNG
2010-02-07 11:28 . 2009-12-13 19:43 ——– d—–w- c:\program files\Safari
2010-02-07 11:28 . 2009-12-24 13:07 ——– d—–w- c:\program files\Realtek
2010-02-07 11:28 . 2009-12-18 18:42 ——– d—–w- c:\program files\QuickTime
2010-02-07 11:28 . 2009-12-13 20:27 ——– d—–w- c:\program files\PIXresizer
2010-02-07 11:28 . 2009-12-14 17:56 ——– d—–w- c:\program files\Pegasys Inc
2010-02-07 11:27 . 2009-12-27 19:46 ——– d—–w- c:\program files\Norton Ghost
2010-02-07 11:27 . 2009-12-14 06:50 ——– d—–w- c:\program files\OLYMPUS
2010-02-07 11:27 . 2009-12-14 17:28 ——– d—–w- c:\program files\Nero
2010-02-07 11:27 . 2009-12-13 19:17 ——– d—–w- c:\program files\Microsoft Works
2010-02-07 11:27 . 2009-12-13 19:16 ——– d—–w- c:\program files\Microsoft.NET
2010-02-07 11:27 . 2009-07-14 04:52 ——– d—–w- c:\program files\MSBuild
2010-02-07 11:27 . 2009-12-13 19:13 ——– d—–w- c:\program files\Microsoft Visual Studio 8
2010-02-07 11:26 . 2009-12-24 13:08 ——– d—–w- c:\program files\JMicron
2010-02-07 11:24 . 2009-12-13 19:42 ——– d—–w- c:\program files\Common Files\Apple
2010-02-07 11:24 . 2009-12-13 20:22 ——– d—–w- c:\program files\CCleaner
2010-02-07 11:23 . 2009-12-14 06:45 ——– d—–w- c:\program files\ArcSoft
2010-02-07 11:23 . 2009-12-13 19:42 ——– d—–w- c:\program files\Apple Software Update
2010-02-07 11:18 . 2010-02-07 11:18 0 —ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-02-06 16:45 . 2009-12-13 22:45 ——– d—–w- c:\users\Jan\AppData\Roaming\hpqLog
2010-01-22 07:57 . 2010-01-22 07:57 90112 —-a-w- c:\users\Jan\AppData\Roaming\ChromePlus\1.3.6.0\Installer\ChromePlusUpgrade.exe
2010-01-22 06:33 . 2010-01-22 06:33 49152 —-a-w- c:\users\Jan\AppData\Roaming\ChromePlus\1.3.6.0\IETab.dll
2010-01-22 06:12 . 2010-01-22 06:12 529408 —-a-w- c:\users\Jan\AppData\Roaming\ChromePlus\old_chrome.exe
2010-01-22 06:12 . 2010-01-22 06:12 15650816 —-a-w- c:\users\Jan\AppData\Roaming\ChromePlus\1.3.6.0\chrome.dll
2010-01-22 04:37 . 2010-01-22 04:37 150016 —-a-w- c:\users\Jan\AppData\Roaming\ChromePlus\1.3.6.0\locales\it.dll
2010-01-18 23:29 . 2010-02-10 16:08 85504 —-a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-10 16:08 85504 —-a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-10 16:08 365568 —-a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-10 16:08 369152 —-a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-10 16:08 324608 —-a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-10 16:08 277504 —-a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-10 16:08 320512 —-a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-10 16:08 280064 —-a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-08 03:18 . 2010-02-10 16:08 221184 —-a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17 . 2010-02-10 16:08 123392 —-a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-01-06 11:11 . 2010-01-06 11:11 98304 —-a-w- c:\users\Jan\AppData\Roaming\ChromePlus\1.3.6.0\IEHost.exe
2010-01-06 08:11 . 2009-12-14 18:38 129520 ——w- c:\windows\system32\pxafs.dll
2010-01-02 14:40 . 2010-01-02 14:40 48648 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-01-02 14:39 . 2010-01-02 14:39 923456 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-31 15:45 . 2009-12-31 15:45 61440 —-a-r- c:\users\Jan\AppData\Roaming\Microsoft\Installer\{088348F9-1E7B-4269-A6A2-621FEC00DBB7}\Uninstall_Iomega_N_088348F91E7B4269A6A2621FEC00DBB7.exe
2009-12-31 15:45 . 2009-12-31 15:45 61440 —-a-r- c:\users\Jan\AppData\Roaming\Microsoft\Installer\{088348F9-1E7B-4269-A6A2-621FEC00DBB7}\IOM_SHORTCUT_DESKT_088348F91E7B4269A6A2621FEC00DBB7_1.exe
2009-12-31 15:45 . 2009-12-31 15:45 61440 —-a-r- c:\users\Jan\AppData\Roaming\Microsoft\Installer\{088348F9-1E7B-4269-A6A2-621FEC00DBB7}\IOM_SHORTCUT_DESKT_088348F91E7B4269A6A2621FEC00DBB7.exe
2009-12-31 15:45 . 2009-12-31 15:45 61440 —-a-r- c:\users\Jan\AppData\Roaming\Microsoft\Installer\{088348F9-1E7B-4269-A6A2-621FEC00DBB7}\ARPPRODUCTICON.exe
2009-12-19 09:02 . 2010-02-10 16:08 12288 —-a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:02 . 2010-02-10 16:08 1328640 —-a-w- c:\windows\system32\quartz.dll
2009-12-19 09:02 . 2010-02-10 16:08 22016 —-a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:02 . 2010-02-10 16:08 31744 —-a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:02 . 2010-02-10 16:08 13312 —-a-w- c:\windows\system32\msrle32.dll
2009-12-19 09:02 . 2010-02-10 16:08 84480 —-a-w- c:\windows\system32\mciavi32.dll
2009-12-19 09:02 . 2010-02-10 16:08 50176 —-a-w- c:\windows\system32\iyuv_32.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 –sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 –sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-02-25_18.03.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-07 11:19 . 2010-02-25 19:09 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-07 11:19 . 2010-02-25 17:30 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-07 11:19 . 2010-02-25 17:30 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-07 11:19 . 2010-02-25 19:09 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2010-02-25 19:09 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2010-02-25 17:30 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-07 11:56 . 2010-02-25 17:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-07 11:56 . 2010-02-25 19:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-07 11:56 . 2010-02-25 19:10 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-07 11:56 . 2010-02-25 17:32 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-07 11:56 . 2010-02-25 17:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-07 11:56 . 2010-02-25 19:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-07 11:56 . 2010-02-25 19:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-07 11:56 . 2010-02-25 17:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-14 18:02 . 2010-02-25 19:03 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-14 18:02 . 2010-02-25 17:36 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-14 18:02 . 2010-02-25 17:36 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2009-12-14 18:02 . 2010-02-25 19:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2009-12-14 18:02 . 2010-02-25 17:36 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2009-12-14 18:02 . 2010-02-25 19:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2010-02-07 11:56 . 2010-02-25 19:10 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-07 11:56 . 2010-02-25 17:36 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-07 11:56 . 2010-02-25 19:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-07 11:56 . 2010-02-25 17:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-25 17:30 . 2010-02-25 17:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-02-25 19:09 . 2010-02-25 19:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-02-25 17:30 . 2010-02-25 17:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-02-25 19:09 . 2010-02-25 19:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:05 . 2010-02-25 19:17 610094 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-02-25 17:35 610094 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-02-25 17:35 104412 c:\windows\System32\perfc009.dat
+ 2009-07-14 02:05 . 2010-02-25 19:17 104412 c:\windows\System32\perfc009.dat
+ 2009-07-14 02:03 . 2010-02-25 19:50 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:03 . 2010-02-25 17:56 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2010-01-08 02:17 700416 —-a-w- c:\program files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll" [2010-01-08 700416]

[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2010-01-26 1724728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2006-05-05 40960]
"Norton Ghost 14.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2009-08-03 2250088]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2006-05-05 36864]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2010-01-08 974848]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-03 450652]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-02-07 1120704]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 —-a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2009-11-25 19:42 95632 —-a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\System32\drivers\BdfNdisf6.sys [19-10-2009 16:04 72200]
R1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [19-10-2009 16:04 79368]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [14-7-2009 0:52 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_62dfbbc3466d0409\AEstSrv.exe [2-3-2009 18:43 81920]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [18-8-2009 2:36 176128]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [8-1-2010 0:51 380928]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [22-9-2009 8:22 83208]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [8-7-2009 13:48 26168]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [14-12-2009 19:13 1153368]
R2 SSPORT;SSPORT;c:\windows\System32\drivers\SSPORT.SYS [13-12-2009 23:24 5120]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\System32\dllhost.exe [14-7-2009 0:43 7168]
R3 BDFM;BDFM;c:\windows\System32\drivers\bdfm.sys [10-11-2009 17:04 153448]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [29-6-2009 10:17 59904]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\System32\drivers\Rt86win7.sys [1-3-2009 23:05 139776]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [20-12-2007 17:13 1562096]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\System32\drivers\vwifimp.sys [14-7-2009 0:52 14336]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [13-12-2009 23:05 691696]
S3 Arrakis3;BitDefender Arrakis-server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [19-10-2009 16:06 183880]
S3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\System32\drivers\dc3d.sys [4-11-2009 2:59 17408]
S3 fssfltr;fssfltr;c:\windows\System32\drivers\fssfltr.sys [7-2-2010 18:47 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [5-8-2009 22:48 704864]
S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [20-7-2009 19:39 116136]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\System32\Wat\WatAdminSvc.exe [21-2-2010 21:21 1343400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.bing.com/?cc=be
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2010-02-25 21:04:16
ComboFix-quarantined-files.txt 2010-02-25 20:04
ComboFix2.txt 2010-02-25 19:24
ComboFix3.txt 2010-02-25 18:10

Pre-Run: 434.664.796.160 bytes free
Post-Run: 434.595.524.608 bytes free

- - End Of File - - C52E5BE84B6D1A5644C52D5741DD8AFC

Anoniem 25 februari 2010 20:06

Hallo Jan - dit keer gelukt!

Ik wil dat nu het volgende doet:

Download [b:5ab0c899e3] naar je bureaublad.

• Verwijder eerst de internetverbinding en sluit ook alle openstaande vensters.
• Deaktiveer vervolgens tijdelijk alle aktiveve beveiligingsprogramma's, zodat deze niet kunnen interferreren met GMER
• Klik/dubbelklik (Vista/Win 7 gebruikers doen dit via rechtsklik en kiezen voor Als Administrator uitvoeren) op het gedownloade GMER-bestand,
dat een toevallig gekozen naam heeft (bijv. n7gmo46c.exe) en indien gvraagd, toestaan dat de gmer.sys driver geladen mag worden.

• Bij opstarten zal GMER openen met de Rootkit/Malware tab en zal een korte automatische scan uitvoeren - doe dan geen andere taken met de computer gedurende de scan!
• Indien je nu een waarschuwing krijgt over rootkit activity en gevraagd wordt een volledige scan te doen -
dan klik je vervolgens op NO.
• Klik nu op de Scan knop. Wanneer je nu een rootkit waarschuwing ziet, dan klik je op OK.
• Klik vervolgens op de COPY knop en plak het resultaat in je volgende post.
• Sluit GMER af en reaktiveer nu alle gedeaktiveerde beveiligingen.
• Indien je een probleem ondervindt om GMER te gebruiken, probeer dit dan in Veilge Modus te doen.

Anoniem 25 februari 2010 20:11

Was even schrikken, ik kreeg een 'blue screen", maar na opstarten in safe mode heb ik een scan kunnen uitvoeren.
Hier komt de log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-25 21:33:10
Windows 6.1.7600
Running: ei2nt8yt.exe; Driver: C:\Users\Jan\AppData\Local\Temp\uwldypow.sys

—- System - GMER 1.0.15 —-

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82235AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82235104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 822353F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8221E2D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8221D898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 822351DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82235958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 822356F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82235F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 822361A8

—- Kernel code sections - GMER 1.0.15 —-

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 822955C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 822BA052 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, …] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

—- User IAT/EAT - GMER 1.0.15 —-

IAT C:\Windows\Explorer.EXE[1560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [744E2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [744C5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [744C56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [744E250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [744D8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [744D4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [744D50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [744D51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [744D66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [744D82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [744D8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [744D907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [744DE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1560] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [744D4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

—- Devices - GMER 1.0.15 —-

AttachedDevice \FileSystem\Ntfs \Ntfs symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)

Device \Driver\ACPI_HAL \Device\0000004f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

—- EOF - GMER 1.0.15 —-

Anoniem 25 februari 2010 20:38

Awel Jan, dat log van GMER ziet er goed uit.
GMER heeft dus geen rootkits gevonden, die niet in jouw Windows horen.
Dat is dus een geruststelling.

Start MBAM opnieuw, eerst de tb updaten aandoen en dan weer een snelle scan laten doen.

Post de inhoud van het log.

Anoniem 25 februari 2010 20:46

Hier is het logje, ik moet zeggen dat de laatste regels mij goede hoop geven:

Malwarebytes' Anti-Malware 1.44
Database versie: 3785
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

25-2-2010 21:55:50
mbam-log-2010-02-25 (21-55-50).txt

Scan type: Snelle Scan
Objecten gescand: 110805
Verstreken tijd: 6 minute(s), 30 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Anoniem 25 februari 2010 20:58

Hallo Jan en hoe doet jouw windows 7 het weer.

Anoniem 25 februari 2010 22:14

Hallo Abraham54,
Perfect..
Bedankt

Anoniem 26 februari 2010 04:25

Fijn, dat ik je met jouw samen je probleem snel heb kunnen oplossen.

Dan mag je nu wat opruimwerkzaamheden gaan doen:

Combofix mag je nu verwijderen: ga naar

Anoniem 26 februari 2010 07:21

En dan nog deze "finishing touch", wat een service
Bedankt!

Anoniem 26 februari 2010 18:57

Graag gedaan hoor, ik wens je weer veel plezier met je PC.

Anoniem 26 februari 2010 19:49

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.

Vraag & Antwoord

Hiallo,jack this na verwijdering activeringscode windows 7

Beantwoord deze vraag

Gerelateerde vragen

Registreren

We hebben je een e-mail gestuurd!

Oops… er ging wat mis.

Hoera, je account is nu geactiveerd!

Dit token is niet meer valide.

Wachtwoord vergeten?

Je aanvraag is verstuurd

Wachtwoord herstellen

Wachtwoord herstellen

Dit token is niet meer valide.

Bedankt!

Je vraag is geplaatst!

Je antwoord is geplaatst!

Bevestigingsmail verstuurd!