Vraag & Antwoord

Beveiliging & privacy

Hijackthis

Anoniem
Abraham54
5 antwoorden
  • Nadat ik tehoren kreeg van AVG dat ik een virus had, heb ik mijn pc geheel laten scannen door zowel AVG als Malwarebytes.

    Nu heb ik Hijackthis een logje laten maken en zou willen vragen of er mensen zijn die deze kunnen nakijken.

    Alvast bedankt,

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:59:33, on 19-7-2010
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    D:\Games\Steam\Steam.exe
    C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    C:\Program Files (x86)\Winamp\winampa.exe
    C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe
    C:\Program Files (x86)\Xfire\Xfire.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    C:\Users\Niek\AppData\Local\Temp\geurge.exe
    C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Users\Niek\Downloads\drivers\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.undamed-wow.com/dovote.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll
    O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
    O3 - Toolbar: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll
    O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [ewrgetuj] C:\Users\Niek\AppData\Local\Temp\geurge.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Steam] "D:\Games\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [RGSC] D:\Games\Grand Theft Auto IV\Rockstar Games Social Club\RGSCLauncher.exe /silent
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DE7491F4-0EAC-4644-B1A3-CA57E5D2746B}: NameServer = 212.54.40.25,212.54.35.25
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
    O20 - AppInit_DLLs: avgrssta.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: ASP.NET-statusservice (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SCM_Service - Unknown owner - C:\Windows\SysWOW64\WinService.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    End of file - 11169 bytes
  • Hallo Niek, je hebt windows 7 64-bit en HijackThis kan nog steeds niet goed met 64-bit Windows overweg.

    Dus doe het volgende: [b:69ec96d516]download DDS.scr (klick) naar je bureaublad.[/b:69ec96d516]
    [list:69ec96d516][*:69ec96d516] [b:69ec96d516]Gebruikers van Windows Vista en Windows 7 starten het tool middels rechtsklik en daarbij dan kiezend voor Als Administrator uitvoeren![/b:69ec96d516]
    [*:69ec96d516] Sluit eerst alle vensters om daarna dds.scr dubbelklikken - wacht tot de scan klaar is.
    [*:69ec96d516] Na de scan worden twee tekstdocumnenten geopend - post de inhoud van beide logs![/list:u:69ec96d516]
  • DDS (Ver_10-03-17.01) - NTFSX64
    Run by Niek at 17:40:04,60 on ma 19-07-2010
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18
    Microsoft Windows 7 Professional 6.1.7600.0.1252.31.1043.18.3957.2559 [GMT 2:00]


    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
    C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
    C:\Windows\system32\lsm.exe
    C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\SysWOW64\WinService.exe
    D:\Games\Steam\Steam.exe
    C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe
    C:\Program Files (x86)\Xfire\Xfire.exe
    C:\Program Files (x86)\AVG\AVG9\avgemc.exe
    C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
    C:\Program Files (x86)\Xfire\xfire64.exe
    C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    C:\Program Files (x86)\Winamp\winampa.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Xfire\xfire64.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    c:\program files (x86)\common files\installshield\updateservice\isuspm.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Users\Niek\Downloads\dds.scr
    C:\Windows\system32\conhost.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.undamed-wow.com/dovote.html
    mLocal Page = c:\windows\syswow64\blank.htm
    uURLSearchHooks: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files (x86)\zonealarm\tbZone.dll
    mURLSearchHooks: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files (x86)\zonealarm\tbZone.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files (x86)\zonealarm\tbZone.dll
    BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\wow64\trustchecker\bin\TrustCheckerIEPlugin.dll
    BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
    TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\wow64\trustchecker\bin\TrustCheckerIEPlugin.dll
    TB: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files (x86)\zonealarm\tbZone.dll
    uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
    uRun: [Steam] "d:\games\steam\Steam.exe" -silent
    uRun: [ISUSPM Startup] c:\progra~2\common~1\instal~1\update~1\isuspm.exe -startup
    uRun: [DAEMON Tools Lite] "c:\program files (x86)\daemon tools lite\DTLite.exe" -autorun
    uRun: [RGSC] d:\games\grand theft auto iv\rockstar games social club\RGSCLauncher.exe /silent
    mRun: [IMSS] "c:\program files (x86)\intel\intel(r) management engine components\imss\PIconStartup.exe"
    mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe
    mRun: [WinampAgent] "c:\program files (x86)\winamp\winampa.exe"
    mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [ISUSScheduler] "c:\program files (x86)\common files\installshield\updateservice\issch.exe" -start
    mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
    mRun: [PWRISOVM.EXE] c:\program files (x86)\poweriso\PWRISOVM.EXE
    mRun: [ZoneAlarm Client] "c:\program files (x86)\zone labs\zonealarm\zlclient.exe"
    StartupFolder: c:\users\niek\appdata\roaming\micros~1\windows\startm~1\programs\startup\xfire.lnk - c:\program files (x86)\xfire\Xfire.exe
    StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files (x86)\microsoft office\office10\OSA.EXE
    StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files (x86)\netgear\wg111v2\WG111v2.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xporteren naar Microsoft Excel - c:\progra~2\micros~3\office10\EXCEL.EXE/3000
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: {DE7491F4-0EAC-4644-B1A3-CA57E5D2746B} = 212.54.40.25,212.54.35.25
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll
    AppInit_DLLs: avgrssta.dll
    {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}
    {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}
    mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe -s
    mRun-x64: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
    AppInit_DLLs-X64: avgrssta.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\niek\appdata\roaming\mozilla\firefox\profiles\jm2wiapd.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - www.google.nl
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?PC=BRTH&FORM=BT074D&q=
    FF - component: c:\program files\checkpoint\zaforcefield\wow64\trustchecker\components\TrustCheckerMozillaPlugin.dll
    FF - component: c:\users\niek\appdata\roaming\mozilla\firefox\profiles\jm2wiapd.default\extensions\{9e1d7c80-43d1-11db-b0de-0800200c9a66}\components\TSHelper.dll
    FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
    FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\checkpoint\zaforcefield\wow64\trustchecker\bin\npFFApi.dll
    FF - plugin: c:\users\niek\appdata\roaming\mozilla\firefox\profiles\jm2wiapd.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
    FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

    —- FIREFOX POLICIES —-
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn–mgberp4a5d4ar", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn–p1ai", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn–mgbayh7gpa", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "";);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com";);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff";);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties";);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties";);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org";);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com";);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2010-7-15 25312]
    R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2010-3-27 269904]
    R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2010-3-27 35536]
    R1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2010-3-27 317520]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 59904]
    R2 avg9emc;AVG Free E-mail Scanner;c:\program files (x86)\avg\avg9\avgemc.exe [2010-7-17 921440]
    R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-7-17 308136]
    R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-10-14 33008]
    R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-10-14 823272]
    R2 SCM_Service;SCM_Service;c:\windows\syswow64\WinService.exe [2010-7-15 186848]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\intel\intel(r) management engine components\uns\UNS.exe [2010-3-27 2320920]
    R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k62x64.sys [2009-12-10 294064]
    R3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2009-9-17 56344]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-3-27 84584]
    S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe –> system32\libusbd-nt.exe [?]
    S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-10-12 50072]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service –> c:\windows\system32\GameMon.des -service [?]
    S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v2.sys [2010-7-15 450048]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
    S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-16 50176]
    S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-29 1255736]

    =============== Created Last 30 ================

    2010-07-18 21:10:32 0 d—–w- c:\program files (x86)\Conduit
    2010-07-18 21:10:31 0 d—–w- c:\program files (x86)\ZoneAlarm
    2010-07-18 21:09:39 374664 —-a-w- c:\windows\system32\drivers\netio.sys
    2010-07-18 21:09:39 1898376 —-a-w- c:\windows\system32\drivers\tcpip.sys
    2010-07-18 21:09:05 69120 —-a-w- c:\windows\syswow64\zlcomm.dll
    2010-07-18 21:09:05 103936 —-a-w- c:\windows\syswow64\zlcommdb.dll
    2010-07-18 21:09:01 43008 —-a-w- c:\windows\syswow64\vswmi.dll
    2010-07-18 21:09:00 110080 —-a-w- c:\windows\syswow64\vsxml.dll
    2010-07-18 21:08:59 0 d—–w- c:\windows\system32\ZoneLabs
    2010-07-18 20:03:53 46592 —-a-w- c:\windows\syswow64\libusb0.dll
    2010-07-18 20:03:53 19456 —-a-w- c:\windows\syswow64\libusbd-9x.exe
    2010-07-18 20:03:53 18944 —-a-w- c:\windows\syswow64\libusbd-nt.exe
    2010-07-18 20:03:53 0 d—–w- c:\program files (x86)\LibUSB-Win32-0.1.10.1
    2010-07-17 17:18:26 0 d—–w- c:\program files\common files\logishrd
    2010-07-17 15:22:09 13048 —-a-w- c:\windows\system32\avgrssta.dll
    2010-07-16 22:40:06 0 d—–w- c:\programdata\Codemasters
    2010-07-16 22:24:50 805400 —-a-r- c:\windows\syswow64\tmp73FE.tmp
    2010-07-16 21:27:46 805400 —-a-r- c:\windows\syswow64\tmp73FD.tmp
    2010-07-15 11:18:48 450048 —-a-w- c:\windows\system32\drivers\wg111v2.sys
    2010-07-15 11:18:48 290816 ——w- c:\windows\syswow64\SCMLib.dll
    2010-07-15 11:18:48 25312 —-a-w- c:\windows\system32\drivers\SCMNdisP.sys
    2010-07-15 11:18:48 186848 —-a-w- c:\windows\syswow64\WinService.exe
    2010-07-15 11:18:48 0 d—–w- c:\program files (x86)\NETGEAR
    2010-07-14 23:40:04 0 d-sh–w- c:\programdata\SecuROM
    2010-07-14 19:27:47 91568 —-a-w- c:\windows\system32\drivers\scdemu.sys
    2010-07-14 19:27:47 0 d—–w- c:\program files (x86)\PowerISO
    2010-07-14 19:01:14 65536 –sha-w- c:\users\niek\ntuser.dat{3edf6a87-8f79-11df-99fa-00270e048c8c}.TM.blf
    2010-07-14 19:01:14 524288 –sha-w- c:\users\niek\ntuser.dat{3edf6a87-8f79-11df-99fa-00270e048c8c}.TMContainer00000000000000000002.regtrans-ms
    2010-07-14 19:01:14 524288 –sha-w- c:\users\niek\ntuser.dat{3edf6a87-8f79-11df-99fa-00270e048c8c}.TMContainer00000000000000000001.regtrans-ms
    2010-07-14 18:43:01 144384 —-a-w- c:\windows\system32\cdd.dll
    2010-07-14 18:42:18 0 d—–w- c:\program files (x86)\DAEMON Tools Lite
    2010-07-11 22:54:57 0 d—–w- C:\Programme
    2010-07-09 19:04:40 41872 —-a-w- c:\windows\syswow64\xfcodec.dll
    2010-07-09 19:04:40 27536 —-a-w- c:\windows\system32\xfcodec64.dll
    2010-07-09 12:30:53 6616 —-a-w- c:\windows\syswow64\ealregsnapshot1.reg
    2010-07-06 21:51:00 0 d—–w- c:\windows\syswow64\logs
    2010-07-06 21:50:23 0 d—–w- c:\windows\syswow64\saves
    2010-07-04 18:07:17 0 d—–w- c:\users\niek\appdata\roaming\Touchstone
    2010-07-04 17:08:05 0 d—–w- c:\users\niek\appdata\roaming\My Battle for Middle-earth™ II Files
    2010-06-28 22:17:22 0 d—–w- c:\windows\syswow64\Wat
    2010-06-28 22:17:22 0 d—–w- c:\windows\system32\Wat
    2010-06-28 17:22:58 69344 —-a-w- c:\users\niek\appdata\roaming\GDIPFONTCACHEV1.DAT
    2010-06-24 06:39:22 99176 —-a-w- c:\windows\syswow64\PresentationHostProxy.dll
    2010-06-24 06:39:22 49472 —-a-w- c:\windows\syswow64\netfxperf.dll
    2010-06-24 06:39:22 48960 —-a-w- c:\windows\system32\netfxperf.dll
    2010-06-24 06:39:22 444752 —-a-w- c:\windows\system32\mscoree.dll
    2010-06-24 06:39:22 320352 —-a-w- c:\windows\system32\PresentationHost.exe
    2010-06-24 06:39:22 297808 —-a-w- c:\windows\syswow64\mscoree.dll
    2010-06-24 06:39:22 295264 —-a-w- c:\windows\syswow64\PresentationHost.exe
    2010-06-24 06:39:22 1942856 —-a-w- c:\windows\system32\dfshim.dll
    2010-06-24 06:39:22 1130824 —-a-w- c:\windows\syswow64\dfshim.dll
    2010-06-24 06:39:22 109912 —-a-w- c:\windows\system32\PresentationHostProxy.dll
    2010-06-23 21:38:23 1736608 —-a-w- c:\windows\system32\ntdll.dll
    2010-06-23 21:38:22 1289528 —-a-w- c:\windows\syswow64\ntdll.dll
    2010-06-23 21:31:45 961024 —-a-w- c:\windows\system32\CPFilters.dll
    2010-06-23 21:31:45 641536 —-a-w- c:\windows\syswow64\CPFilters.dll
    2010-06-23 21:31:45 552960 —-a-w- c:\windows\system32\msdri.dll
    2010-06-23 21:31:45 258560 —-a-w- c:\windows\system32\mpg2splt.ax
    2010-06-23 21:31:45 199680 —-a-w- c:\windows\syswow64\mpg2splt.ax
    2010-06-23 21:31:44 288256 —-a-w- c:\windows\system32\MSNP.ax
    2010-06-23 21:31:44 204288 —-a-w- c:\windows\syswow64\MSNP.ax
    2010-06-20 20:26:52 86016 —-a-w- c:\windows\unvise32.exe

    ==================== Find3M ====================

    2010-07-18 21:12:18 420801 —-a-w- c:\windows\system32\drivers\vsconfig.xml
    2010-07-17 15:22:10 317520 —-a-w- c:\windows\system32\drivers\avgtdia.sys
    2010-07-17 15:22:05 269904 —-a-w- c:\windows\system32\drivers\avgldx64.sys
    2010-07-16 22:24:50 466456 —-a-w- c:\windows\system32\wrap_oal.dll
    2010-07-16 22:24:50 444952 —-a-w- c:\windows\syswow64\wrap_oal.dll
    2010-07-16 22:24:50 121880 —-a-w- c:\windows\system32\OpenAL32.dll
    2010-07-16 22:24:50 109080 —-a-w- c:\windows\syswow64\OpenAL32.dll
    2010-07-15 16:16:09 202448 —-a-w- c:\windows\syswow64\PnkBstrB.exe
    2010-07-14 13:11:51 701592 —-a-w- c:\windows\system32\perfh013.dat
    2010-07-14 13:11:51 134946 —-a-w- c:\windows\system32\perfc013.dat
    2010-06-23 11:51:22 1238528 —-a-w- c:\windows\syswow64\zpeng25.dll
    2010-06-23 11:51:18 713728 —-a-w- c:\windows\syswow64\vsutil.dll
    2010-06-23 11:51:18 58368 —-a-w- c:\windows\syswow64\vsregexp.dll
    2010-06-23 11:51:18 302592 —-a-w- c:\windows\syswow64\vspubapi.dll
    2010-06-23 11:51:18 228864 —-a-w- c:\windows\syswow64\vsinit.dll
    2010-06-23 11:51:18 112128 —-a-w- c:\windows\syswow64\vsdata.dll
    2010-06-23 11:51:18 108032 —-a-w- c:\windows\syswow64\vsmonapi.dll
    2010-06-02 16:50:22 35536 —-a-w- c:\windows\system32\drivers\avgmfx64.sys
    2010-06-02 02:55:30 77656 —-a-w- c:\windows\system32\XAPOFX1_5.dll
    2010-06-02 02:55:30 74072 —-a-w- c:\windows\syswow64\XAPOFX1_5.dll
    2010-06-02 02:55:30 527192 —-a-w- c:\windows\syswow64\XAudio2_7.dll
    2010-06-02 02:55:30 518488 —-a-w- c:\windows\system32\XAudio2_7.dll
    2010-06-02 02:55:30 239960 —-a-w- c:\windows\syswow64\xactengine3_7.dll
    2010-06-02 02:55:30 176984 —-a-w- c:\windows\system32\xactengine3_7.dll
    2010-05-27 07:24:13 34304 —-a-w- c:\windows\syswow64\atmlib.dll
    2010-05-27 06:34:09 46080 —-a-w- c:\windows\system32\atmlib.dll
    2010-05-27 04:11:32 366080 —-a-w- c:\windows\system32\atmfd.dll
    2010-05-27 03:49:37 293888 —-a-w- c:\windows\syswow64\atmfd.dll
    2010-05-26 09:41:02 511328 —-a-w- c:\windows\system32\d3dx10_43.dll
    2010-05-26 09:41:02 470880 —-a-w- c:\windows\syswow64\d3dx10_43.dll
    2010-05-26 09:41:02 276832 —-a-w- c:\windows\system32\d3dx11_43.dll
    2010-05-26 09:41:02 2526056 —-a-w- c:\windows\system32\D3DCompiler_43.dll
    2010-05-26 09:41:02 248672 —-a-w- c:\windows\syswow64\d3dx11_43.dll
    2010-05-26 09:41:02 2106216 —-a-w- c:\windows\syswow64\D3DCompiler_43.dll
    2010-05-26 09:41:02 1998168 —-a-w- c:\windows\syswow64\D3DX9_43.dll
    2010-05-26 09:41:02 1907552 —-a-w- c:\windows\system32\d3dcsx_43.dll
    2010-05-26 09:41:02 1868128 —-a-w- c:\windows\syswow64\d3dcsx_43.dll
    2010-05-26 09:41:00 2401112 —-a-w- c:\windows\system32\D3DX9_43.dll
    2010-05-21 05:52:30 1192960 —-a-w- c:\windows\system32\wininet.dll
    2010-05-21 05:18:06 977920 —-a-w- c:\windows\syswow64\wininet.dll
    2010-05-21 05:14:50 48128 —-a-w- c:\windows\syswow64\jsproxy.dll
    2010-05-06 12:42:05 1225216 —-a-w- c:\windows\syswow64\urlmon.dll
    2010-05-06 12:41:55 606208 —-a-w- c:\windows\syswow64\mstime.dll
    2010-05-06 12:41:53 64512 —-a-w- c:\windows\syswow64\msfeedsbs.dll
    2010-05-06 12:41:53 5970944 —-a-w- c:\windows\syswow64\mshtml.dll
    2010-05-06 12:41:49 381440 —-a-w- c:\windows\syswow64\iedkcs32.dll
    2010-05-06 12:41:49 10984448 —-a-w- c:\windows\syswow64\ieframe.dll
    2010-05-01 15:07:05 3122176 —-a-w- c:\windows\system32\win32k.sys
    2010-04-27 12:45:56 72856 —-a-w- c:\windows\syswow64\xliveinstallhost.exe
    2010-04-27 12:45:56 187544 —-a-w- c:\windows\syswow64\xliveinstall.dll
    2010-04-23 07:13:36 2048 —-a-w- c:\windows\syswow64\tzres.dll
    2010-04-23 07:11:58 2048 —-a-w- c:\windows\system32\tzres.dll
    2009-07-14 09:16:01 43068 —-a-w- c:\windows\inf\perflib\0413\perfd.dat
    2009-07-14 09:16:01 43068 —-a-w- c:\windows\inf\perflib\0413\perfc.dat
    2009-07-14 09:16:01 341322 —-a-w- c:\windows\inf\perflib\0413\perfi.dat
    2009-07-14 09:16:01 341322 —-a-w- c:\windows\inf\perflib\0413\perfh.dat
    2009-07-14 04:54:24 174 –sha-w- c:\program files\desktop.ini
    2009-07-14 04:54:24 174 –sha-w- c:\program files (x86)\desktop.ini
    2009-07-14 01:00:34 291294 —-a-w- c:\windows\inf\perflib\0000\perfi.dat
    2009-07-14 01:00:34 291294 —-a-w- c:\windows\inf\perflib\0000\perfh.dat
    2009-07-14 01:00:32 31548 —-a-w- c:\windows\inf\perflib\0000\perfd.dat
    2009-07-14 01:00:32 31548 —-a-w- c:\windows\inf\perflib\0000\perfc.dat
    2009-06-10 20:44:08 9633792 –sha-r- c:\windows\fonts\StaticCache.dat
    2010-03-29 07:27:25 16384 –sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
    2010-03-29 07:27:25 32768 –sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
    2010-03-29 07:27:25 16384 –sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
    2010-03-29 07:27:25 245760 –sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
    2010-03-29 08:42:52 245760 –sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
    2009-07-14 01:39:53 398848 –sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
    2009-07-14 01:14:45 396800 –sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

    ============= FINISH: 17:40:23,18 ===============

    Hiero het logfiletje
  • Hoi Niek, ga naar http://security.symantec.com/sscv6/WelcomePage.asp en klik op de downloadknop om de Norton scanner down te loaden.
    Na download ervan opstarten, installeren en updaten!

    Daarna een volledige systeemscan laten doen.
    Klik op export scanresult en post daarvan de inhoud!
  • Ik gebruik AVG free en Malwarebytes, Zij hebben beide iets gevonden nadat ik gescanned heb. En ze hebben het niet weer teruggevonden.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.