Ik gebruik AVG free en Malwarebytes, Zij hebben beide iets gevonden nadat ik gescanned heb. En ze hebben het niet weer teruggevonden.

Nadat ik tehoren kreeg van AVG dat ik een virus had, heb ik mijn pc geheel laten scannen door zowel AVG als Malwarebytes.

Nu heb ik Hijackthis een logje laten maken en zou willen vragen of er mensen zijn die deze kunnen nakijken.

Alvast bedankt,

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:59:33, on 19-7-2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
D:\Games\Steam\Steam.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Users\Niek\AppData\Local\Temp\geurge.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Niek\Downloads\drivers\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.undamed-wow.com/dovote.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ewrgetuj] C:\Users\Niek\AppData\Local\Temp\geurge.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "D:\Games\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [RGSC] D:\Games\Grand Theft Auto IV\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE7491F4-0EAC-4644-B1A3-CA57E5D2746B}: NameServer = 212.54.40.25,212.54.35.25
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrssta.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASP.NET-statusservice (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SCM_Service - Unknown owner - C:\Windows\SysWOW64\WinService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

–
End of file - 11169 bytes

Hallo Niek, je hebt windows 7 64-bit en HijackThis kan nog steeds niet goed met 64-bit Windows overweg.

Dus doe het volgende: [b:69ec96d516]download DDS.scr (klick) naar je bureaublad.[/b:69ec96d516]
[list:69ec96d516][*:69ec96d516] [b:69ec96d516]Gebruikers van Windows Vista en Windows 7 starten het tool middels rechtsklik en daarbij dan kiezend voor Als Administrator uitvoeren![/b:69ec96d516]
[*:69ec96d516] Sluit eerst alle vensters om daarna dds.scr dubbelklikken - wacht tot de scan klaar is.
[*:69ec96d516] Na de scan worden twee tekstdocumnenten geopend - post de inhoud van beide logs![/list:u:69ec96d516]

DDS (Ver_10-03-17.01) - NTFSX64
Run by Niek at 17:40:04,60 on ma 19-07-2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18
Microsoft Windows 7 Professional 6.1.7600.0.1252.31.1043.18.3957.2559 [GMT 2:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\WinService.exe
D:\Games\Steam\Steam.exe
C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Program Files (x86)\Xfire\xfire64.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Xfire\xfire64.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\program files (x86)\common files\installshield\updateservice\isuspm.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\taskhost.exe
C:\Users\Niek\Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.undamed-wow.com/dovote.html
mLocal Page = c:\windows\syswow64\blank.htm
uURLSearchHooks: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files (x86)\zonealarm\tbZone.dll
mURLSearchHooks: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files (x86)\zonealarm\tbZone.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files (x86)\zonealarm\tbZone.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\wow64\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\wow64\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files (x86)\zonealarm\tbZone.dll
uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
uRun: [Steam] "d:\games\steam\Steam.exe" -silent
uRun: [ISUSPM Startup] c:\progra~2\common~1\instal~1\update~1\isuspm.exe -startup
uRun: [DAEMON Tools Lite] "c:\program files (x86)\daemon tools lite\DTLite.exe" -autorun
uRun: [RGSC] d:\games\grand theft auto iv\rockstar games social club\RGSCLauncher.exe /silent
mRun: [IMSS] "c:\program files (x86)\intel\intel(r) management engine components\imss\PIconStartup.exe"
mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe
mRun: [WinampAgent] "c:\program files (x86)\winamp\winampa.exe"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ISUSScheduler] "c:\program files (x86)\common files\installshield\updateservice\issch.exe" -start
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [PWRISOVM.EXE] c:\program files (x86)\poweriso\PWRISOVM.EXE
mRun: [ZoneAlarm Client] "c:\program files (x86)\zone labs\zonealarm\zlclient.exe"
StartupFolder: c:\users\niek\appdata\roaming\micros~1\windows\startm~1\programs\startup\xfire.lnk - c:\program files (x86)\xfire\Xfire.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files (x86)\microsoft office\office10\OSA.EXE
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files (x86)\netgear\wg111v2\WG111v2.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xporteren naar Microsoft Excel - c:\progra~2\micros~3\office10\EXCEL.EXE/3000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {DE7491F4-0EAC-4644-B1A3-CA57E5D2746B} = 212.54.40.25,212.54.35.25
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll
AppInit_DLLs: avgrssta.dll
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}
mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe -s
mRun-x64: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
AppInit_DLLs-X64: avgrssta.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\niek\appdata\roaming\mozilla\firefox\profiles\jm2wiapd.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - www.google.nl
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?PC=BRTH&FORM=BT074D&q=
FF - component: c:\program files\checkpoint\zaforcefield\wow64\trustchecker\components\TrustCheckerMozillaPlugin.dll
FF - component: c:\users\niek\appdata\roaming\mozilla\firefox\profiles\jm2wiapd.default\extensions\{9e1d7c80-43d1-11db-b0de-0800200c9a66}\components\TSHelper.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\wow64\trustchecker\bin\npFFApi.dll
FF - plugin: c:\users\niek\appdata\roaming\mozilla\firefox\profiles\jm2wiapd.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

—- FIREFOX POLICIES —-
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn–mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn–p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn–mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "";
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com";
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff";
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties";
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties";
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org";
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com";
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2010-7-15 25312]
R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2010-3-27 269904]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2010-3-27 35536]
R1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2010-3-27 317520]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 59904]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files (x86)\avg\avg9\avgemc.exe [2010-7-17 921440]
R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-7-17 308136]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-10-14 33008]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-10-14 823272]
R2 SCM_Service;SCM_Service;c:\windows\syswow64\WinService.exe [2010-7-15 186848]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\intel\intel(r) management engine components\uns\UNS.exe [2010-3-27 2320920]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k62x64.sys [2009-12-10 294064]
R3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2009-9-17 56344]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-3-27 84584]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe –> system32\libusbd-nt.exe [?]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-10-12 50072]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service –> c:\windows\system32\GameMon.des -service [?]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v2.sys [2010-7-15 450048]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-16 50176]
S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-29 1255736]

=============== Created Last 30 ================

2010-07-18 21:10:32 0 d—–w- c:\program files (x86)\Conduit
2010-07-18 21:10:31 0 d—–w- c:\program files (x86)\ZoneAlarm
2010-07-18 21:09:39 374664 —-a-w- c:\windows\system32\drivers\netio.sys
2010-07-18 21:09:39 1898376 —-a-w- c:\windows\system32\drivers\tcpip.sys
2010-07-18 21:09:05 69120 —-a-w- c:\windows\syswow64\zlcomm.dll
2010-07-18 21:09:05 103936 —-a-w- c:\windows\syswow64\zlcommdb.dll
2010-07-18 21:09:01 43008 —-a-w- c:\windows\syswow64\vswmi.dll
2010-07-18 21:09:00 110080 —-a-w- c:\windows\syswow64\vsxml.dll
2010-07-18 21:08:59 0 d—–w- c:\windows\system32\ZoneLabs
2010-07-18 20:03:53 46592 —-a-w- c:\windows\syswow64\libusb0.dll
2010-07-18 20:03:53 19456 —-a-w- c:\windows\syswow64\libusbd-9x.exe
2010-07-18 20:03:53 18944 —-a-w- c:\windows\syswow64\libusbd-nt.exe
2010-07-18 20:03:53 0 d—–w- c:\program files (x86)\LibUSB-Win32-0.1.10.1
2010-07-17 17:18:26 0 d—–w- c:\program files\common files\logishrd
2010-07-17 15:22:09 13048 —-a-w- c:\windows\system32\avgrssta.dll
2010-07-16 22:40:06 0 d—–w- c:\programdata\Codemasters
2010-07-16 22:24:50 805400 —-a-r- c:\windows\syswow64\tmp73FE.tmp
2010-07-16 21:27:46 805400 —-a-r- c:\windows\syswow64\tmp73FD.tmp
2010-07-15 11:18:48 450048 —-a-w- c:\windows\system32\drivers\wg111v2.sys
2010-07-15 11:18:48 290816 ——w- c:\windows\syswow64\SCMLib.dll
2010-07-15 11:18:48 25312 —-a-w- c:\windows\system32\drivers\SCMNdisP.sys
2010-07-15 11:18:48 186848 —-a-w- c:\windows\syswow64\WinService.exe
2010-07-15 11:18:48 0 d—–w- c:\program files (x86)\NETGEAR
2010-07-14 23:40:04 0 d-sh–w- c:\programdata\SecuROM
2010-07-14 19:27:47 91568 —-a-w- c:\windows\system32\drivers\scdemu.sys
2010-07-14 19:27:47 0 d—–w- c:\program files (x86)\PowerISO
2010-07-14 19:01:14 65536 –sha-w- c:\users\niek\ntuser.dat{3edf6a87-8f79-11df-99fa-00270e048c8c}.TM.blf
2010-07-14 19:01:14 524288 –sha-w- c:\users\niek\ntuser.dat{3edf6a87-8f79-11df-99fa-00270e048c8c}.TMContainer00000000000000000002.regtrans-ms
2010-07-14 19:01:14 524288 –sha-w- c:\users\niek\ntuser.dat{3edf6a87-8f79-11df-99fa-00270e048c8c}.TMContainer00000000000000000001.regtrans-ms
2010-07-14 18:43:01 144384 —-a-w- c:\windows\system32\cdd.dll
2010-07-14 18:42:18 0 d—–w- c:\program files (x86)\DAEMON Tools Lite
2010-07-11 22:54:57 0 d—–w- C:\Programme
2010-07-09 19:04:40 41872 —-a-w- c:\windows\syswow64\xfcodec.dll
2010-07-09 19:04:40 27536 —-a-w- c:\windows\system32\xfcodec64.dll
2010-07-09 12:30:53 6616 —-a-w- c:\windows\syswow64\ealregsnapshot1.reg
2010-07-06 21:51:00 0 d—–w- c:\windows\syswow64\logs
2010-07-06 21:50:23 0 d—–w- c:\windows\syswow64\saves
2010-07-04 18:07:17 0 d—–w- c:\users\niek\appdata\roaming\Touchstone
2010-07-04 17:08:05 0 d—–w- c:\users\niek\appdata\roaming\My Battle for Middle-earth™ II Files
2010-06-28 22:17:22 0 d—–w- c:\windows\syswow64\Wat
2010-06-28 22:17:22 0 d—–w- c:\windows\system32\Wat
2010-06-28 17:22:58 69344 —-a-w- c:\users\niek\appdata\roaming\GDIPFONTCACHEV1.DAT
2010-06-24 06:39:22 99176 —-a-w- c:\windows\syswow64\PresentationHostProxy.dll
2010-06-24 06:39:22 49472 —-a-w- c:\windows\syswow64\netfxperf.dll
2010-06-24 06:39:22 48960 —-a-w- c:\windows\system32\netfxperf.dll
2010-06-24 06:39:22 444752 —-a-w- c:\windows\system32\mscoree.dll
2010-06-24 06:39:22 320352 —-a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 06:39:22 297808 —-a-w- c:\windows\syswow64\mscoree.dll
2010-06-24 06:39:22 295264 —-a-w- c:\windows\syswow64\PresentationHost.exe
2010-06-24 06:39:22 1942856 —-a-w- c:\windows\system32\dfshim.dll
2010-06-24 06:39:22 1130824 —-a-w- c:\windows\syswow64\dfshim.dll
2010-06-24 06:39:22 109912 —-a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 21:38:23 1736608 —-a-w- c:\windows\system32\ntdll.dll
2010-06-23 21:38:22 1289528 —-a-w- c:\windows\syswow64\ntdll.dll
2010-06-23 21:31:45 961024 —-a-w- c:\windows\system32\CPFilters.dll
2010-06-23 21:31:45 641536 —-a-w- c:\windows\syswow64\CPFilters.dll
2010-06-23 21:31:45 552960 —-a-w- c:\windows\system32\msdri.dll
2010-06-23 21:31:45 258560 —-a-w- c:\windows\system32\mpg2splt.ax
2010-06-23 21:31:45 199680 —-a-w- c:\windows\syswow64\mpg2splt.ax
2010-06-23 21:31:44 288256 —-a-w- c:\windows\system32\MSNP.ax
2010-06-23 21:31:44 204288 —-a-w- c:\windows\syswow64\MSNP.ax
2010-06-20 20:26:52 86016 —-a-w- c:\windows\unvise32.exe

==================== Find3M ====================

2010-07-18 21:12:18 420801 —-a-w- c:\windows\system32\drivers\vsconfig.xml
2010-07-17 15:22:10 317520 —-a-w- c:\windows\system32\drivers\avgtdia.sys
2010-07-17 15:22:05 269904 —-a-w- c:\windows\system32\drivers\avgldx64.sys
2010-07-16 22:24:50 466456 —-a-w- c:\windows\system32\wrap_oal.dll
2010-07-16 22:24:50 444952 —-a-w- c:\windows\syswow64\wrap_oal.dll
2010-07-16 22:24:50 121880 —-a-w- c:\windows\system32\OpenAL32.dll
2010-07-16 22:24:50 109080 —-a-w- c:\windows\syswow64\OpenAL32.dll
2010-07-15 16:16:09 202448 —-a-w- c:\windows\syswow64\PnkBstrB.exe
2010-07-14 13:11:51 701592 —-a-w- c:\windows\system32\perfh013.dat
2010-07-14 13:11:51 134946 —-a-w- c:\windows\system32\perfc013.dat
2010-06-23 11:51:22 1238528 —-a-w- c:\windows\syswow64\zpeng25.dll
2010-06-23 11:51:18 713728 —-a-w- c:\windows\syswow64\vsutil.dll
2010-06-23 11:51:18 58368 —-a-w- c:\windows\syswow64\vsregexp.dll
2010-06-23 11:51:18 302592 —-a-w- c:\windows\syswow64\vspubapi.dll
2010-06-23 11:51:18 228864 —-a-w- c:\windows\syswow64\vsinit.dll
2010-06-23 11:51:18 112128 —-a-w- c:\windows\syswow64\vsdata.dll
2010-06-23 11:51:18 108032 —-a-w- c:\windows\syswow64\vsmonapi.dll
2010-06-02 16:50:22 35536 —-a-w- c:\windows\system32\drivers\avgmfx64.sys
2010-06-02 02:55:30 77656 —-a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 02:55:30 74072 —-a-w- c:\windows\syswow64\XAPOFX1_5.dll
2010-06-02 02:55:30 527192 —-a-w- c:\windows\syswow64\XAudio2_7.dll
2010-06-02 02:55:30 518488 —-a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 02:55:30 239960 —-a-w- c:\windows\syswow64\xactengine3_7.dll
2010-06-02 02:55:30 176984 —-a-w- c:\windows\system32\xactengine3_7.dll
2010-05-27 07:24:13 34304 —-a-w- c:\windows\syswow64\atmlib.dll
2010-05-27 06:34:09 46080 —-a-w- c:\windows\system32\atmlib.dll
2010-05-27 04:11:32 366080 —-a-w- c:\windows\system32\atmfd.dll
2010-05-27 03:49:37 293888 —-a-w- c:\windows\syswow64\atmfd.dll
2010-05-26 09:41:02 511328 —-a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 09:41:02 470880 —-a-w- c:\windows\syswow64\d3dx10_43.dll
2010-05-26 09:41:02 276832 —-a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 09:41:02 2526056 —-a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 09:41:02 248672 —-a-w- c:\windows\syswow64\d3dx11_43.dll
2010-05-26 09:41:02 2106216 —-a-w- c:\windows\syswow64\D3DCompiler_43.dll
2010-05-26 09:41:02 1998168 —-a-w- c:\windows\syswow64\D3DX9_43.dll
2010-05-26 09:41:02 1907552 —-a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-26 09:41:02 1868128 —-a-w- c:\windows\syswow64\d3dcsx_43.dll
2010-05-26 09:41:00 2401112 —-a-w- c:\windows\system32\D3DX9_43.dll
2010-05-21 05:52:30 1192960 —-a-w- c:\windows\system32\wininet.dll
2010-05-21 05:18:06 977920 —-a-w- c:\windows\syswow64\wininet.dll
2010-05-21 05:14:50 48128 —-a-w- c:\windows\syswow64\jsproxy.dll
2010-05-06 12:42:05 1225216 —-a-w- c:\windows\syswow64\urlmon.dll
2010-05-06 12:41:55 606208 —-a-w- c:\windows\syswow64\mstime.dll
2010-05-06 12:41:53 64512 —-a-w- c:\windows\syswow64\msfeedsbs.dll
2010-05-06 12:41:53 5970944 —-a-w- c:\windows\syswow64\mshtml.dll
2010-05-06 12:41:49 381440 —-a-w- c:\windows\syswow64\iedkcs32.dll
2010-05-06 12:41:49 10984448 —-a-w- c:\windows\syswow64\ieframe.dll
2010-05-01 15:07:05 3122176 —-a-w- c:\windows\system32\win32k.sys
2010-04-27 12:45:56 72856 —-a-w- c:\windows\syswow64\xliveinstallhost.exe
2010-04-27 12:45:56 187544 —-a-w- c:\windows\syswow64\xliveinstall.dll
2010-04-23 07:13:36 2048 —-a-w- c:\windows\syswow64\tzres.dll
2010-04-23 07:11:58 2048 —-a-w- c:\windows\system32\tzres.dll
2009-07-14 09:16:01 43068 —-a-w- c:\windows\inf\perflib\0413\perfd.dat
2009-07-14 09:16:01 43068 —-a-w- c:\windows\inf\perflib\0413\perfc.dat
2009-07-14 09:16:01 341322 —-a-w- c:\windows\inf\perflib\0413\perfi.dat
2009-07-14 09:16:01 341322 —-a-w- c:\windows\inf\perflib\0413\perfh.dat
2009-07-14 04:54:24 174 –sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 –sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 —-a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 —-a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 —-a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 —-a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 –sha-r- c:\windows\fonts\StaticCache.dat
2010-03-29 07:27:25 16384 –sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2010-03-29 07:27:25 32768 –sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2010-03-29 07:27:25 16384 –sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2010-03-29 07:27:25 245760 –sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-03-29 08:42:52 245760 –sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53 398848 –sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 –sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 17:40:23,18 ===============

Hiero het logfiletje

Hoi Niek, ga naar http://security.symantec.com/sscv6/WelcomePage.asp en klik op de downloadknop om de Norton scanner down te loaden.
Na download ervan opstarten, installeren en updaten!

Daarna een volledige systeemscan laten doen.
Klik op export scanresult en post daarvan de inhoud!