Ga naar inhoud

Virus. Help?


Aanbevolen berichten

Mijn pc gaat behoorlijk traag en ik denk dat ik een virus heb.

Hier is mijn HJT logje :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:41:28, on 3-6-2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18226)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Launch Manager\QtZgAcer.EXE

C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe

C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe

C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe

C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Users\Nicholas\AppData\Local\Temp\RtkBtMnt.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe

O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"

O4 - HKLM\..\Run: [bkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show

O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"

O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"

O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll

O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll

O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe

O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe

--

End of file - 7634 bytes

Mvg,

CK

Alvast bedankt!

Link naar reactie
Delen op andere sites

Geen negatieve aanduidingen in dit log.

Download Combofix naar je Bureaublad.

Lees hier meer over correct gebruik van Combofix.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!


  • Dubbelklik op Combofix.exe om het te starten.
    Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
    Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
    Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
    Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
    Klik na afloop terug op Ja om het scannen op malware te starten.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.

Link naar reactie
Delen op andere sites

ComboFix 09-06-01.03 - Nicholas 03-06-2009 16:13.9 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.3070.1901 [GMT 2:00]

Gestart vanuit: c:\users\Nicholas\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf

c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf

c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-05-03 to 2009-06-03 ))))))))))))))))))))))))))))))

.

2009-06-03 14:18 . 2009-06-03 14:18 -------- d-----w- c:\users\Nicholas\AppData\Local\temp

2009-06-02 17:31 . 2009-06-02 17:31 -------- d-----w- c:\windows\.jagex_cache_32

2009-06-02 15:13 . 2009-06-02 15:13 -------- d-----w- c:\program files\Trend Micro

2009-05-31 23:43 . 2009-05-31 23:43 -------- d-----w- c:\users\Nicholas\Option

2009-05-31 17:15 . 2009-05-31 17:15 -------- d-----w- c:\users\Nicholas\AppData\Roaming\skypePM

2009-05-31 17:12 . 2009-05-31 19:16 -------- d-----w- c:\programdata\Skype

2009-05-23 19:58 . 2009-06-03 13:38 -------- d-----w- c:\users\Nicholas\AppData\Local\WarRockDF

2009-05-23 19:30 . 2009-05-23 19:30 -------- d-----w- c:\program files\GamersFirst

2009-05-23 15:21 . 2009-05-23 15:21 -------- d-----w- c:\program files\CCleaner

2009-05-16 07:44 . 2009-06-02 17:32 34 ----a-w- c:\users\Nicholas\jagex_runescape_preferences.dat

2009-05-15 20:25 . 2009-05-15 20:25 -------- d-----w- C:\_OTMoveIt

2009-05-15 19:06 . 2009-05-15 19:06 -------- d-----w- c:\users\Nicholas\AppData\Roaming\Malwarebytes

2009-05-10 12:14 . 2009-05-10 20:21 -------- d-----w- c:\users\Nicholas\AppData\Local\PMB Files

2009-05-10 12:14 . 2009-05-10 12:14 -------- d-----w- c:\programdata\PMB Files

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-31 17:15 . 2009-05-31 17:15 48 ---ha-w- c:\programdata\ezsidmv.dat

2009-05-21 21:10 . 2009-01-08 05:44 71280 ----a-w- c:\users\Nicholas\AppData\Local\GDIPFONTCACHEV1.DAT

2009-05-21 18:44 . 2008-11-03 08:57 -------- d-----w- c:\programdata\Microsoft Help

2009-05-21 18:43 . 2008-11-03 08:59 -------- d-----w- c:\program files\Microsoft Works

2009-05-14 14:27 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-05-03 10:51 . 2009-05-03 10:39 421888 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe

2009-05-02 07:12 . 2009-01-07 19:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-05-02 07:12 . 2009-01-07 19:28 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-05-02 07:12 . 2009-01-07 19:28 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-05-02 07:12 . 2009-02-01 19:50 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-04-26 07:59 . 2009-04-26 07:59 -------- d-----w- c:\programdata\Malwarebytes

2009-04-19 07:38 . 2009-01-08 05:43 1356 ----a-w- c:\users\Nicholas\AppData\Local\d3d9caps.dat

2009-04-16 16:15 . 2008-11-03 08:11 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-04-15 20:42 . 2009-04-15 20:42 552 ----a-w- c:\users\Nicholas\AppData\Local\d3d8caps.dat

2009-04-13 16:27 . 2009-04-13 16:27 98304 ----a-w- c:\programdata\NexonUS\NGM\nxgameus.dll

2009-04-13 16:27 . 2009-04-13 16:27 520192 ----a-w- c:\programdata\NexonUS\NGM\NGMDll.dll

2009-04-13 16:27 . 2009-04-13 16:27 335872 ----a-w- c:\programdata\NexonUS\NGM\NGMResource.dll

2009-04-13 16:27 . 2009-04-13 16:27 258352 ----a-w- c:\programdata\NexonUS\NGM\unicows.dll

2009-04-13 16:27 . 2009-04-13 16:27 167936 ----a-w- c:\programdata\NexonUS\NGM\NGM.exe

2009-04-13 16:27 . 2009-04-13 16:27 -------- d-----w- c:\programdata\NexonUS

2009-04-13 15:55 . 2009-04-13 15:55 365296 ----a-w- c:\programdata\Nexon\NGM\NGMResource.dll

2009-04-13 15:55 . 2009-04-13 15:55 525032 ----a-w- c:\programdata\Nexon\NGM\NGMDll.dll

2009-04-13 15:55 . 2009-04-13 15:55 -------- d-----w- c:\programdata\Nexon

2009-04-13 15:07 . 2008-11-03 08:54 -------- d-----w- c:\program files\Common Files\Adobe

2009-04-13 14:28 . 2009-04-13 14:23 -------- d-----w- c:\programdata\FLEXnet

2009-04-13 13:56 . 2009-04-13 13:39 -------- d-----w- c:\users\Nicholas\AppData\Roaming\Download Manager

2009-04-06 23:36 . 2009-04-06 23:36 -------- d-----w- c:\users\Nicholas\AppData\Roaming\aAvgApi

2009-03-17 03:38 . 2009-04-16 08:59 13824 ----a-w- c:\windows\system32\apilogen.dll

2009-03-17 03:38 . 2009-04-16 08:59 24064 ----a-w- c:\windows\system32\amxread.dll

2009-03-11 11:33 . 2009-03-11 11:33 921928 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2009-03-09 04:19 . 2009-01-13 17:19 410984 ----a-w- c:\windows\system32\deploytk.dll

.

((((((((((((((((((((((((((((( SnapShot_2009-06-02_15.53.39 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-06-03 10:15 . 2009-04-11 06:28 51712 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wrpint.dll

+ 2009-06-03 10:15 . 2009-04-11 06:28 83968 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wmiutils.dll

+ 2009-06-03 10:15 . 2009-04-11 06:28 30208 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wbemprox.dll

+ 2009-06-03 10:15 . 2009-04-11 06:28 35328 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\mspatcha.dll

+ 2009-06-03 10:15 . 2009-04-11 06:28 22016 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\CbsMsg.dll

+ 2008-01-21 02:24 . 2008-01-21 02:24 64512 c:\windows\System32\wextract.exe

+ 2008-01-21 01:58 . 2009-06-03 12:51 61316 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 13:05 . 2009-06-03 12:51 79400 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2006-11-02 13:05 . 2009-06-02 14:37 79400 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-01-08 05:45 . 2009-06-03 12:51 14274 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4247899568-971592803-1225083435-1000_UserData.bin

- 2009-01-08 05:45 . 2009-06-02 14:37 14274 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4247899568-971592803-1225083435-1000_UserData.bin

+ 2008-01-21 02:23 . 2008-01-21 02:23 45056 c:\windows\System32\pngfilt.dll

+ 2006-11-02 07:33 . 2006-11-02 07:33 48128 c:\windows\System32\mshtmler.dll

- 2009-06-02 14:30 . 2009-03-08 11:31 48128 c:\windows\System32\mshtmler.dll

+ 2008-01-21 02:23 . 2008-01-21 02:23 45568 c:\windows\System32\mshta.exe

- 2009-06-02 14:30 . 2009-03-08 11:31 45568 c:\windows\System32\mshta.exe

+ 2008-01-21 02:24 . 2008-01-21 02:24 12800 c:\windows\System32\msfeedssync.exe

+ 2008-01-21 02:24 . 2008-01-21 02:24 52224 c:\windows\System32\msfeedsbs.dll

+ 2008-11-03 07:48 . 2008-02-22 05:01 64512 c:\windows\System32\migration\WininetPlugin.dll

- 2009-06-02 14:30 . 2009-03-08 11:33 64512 c:\windows\System32\migration\WininetPlugin.dll

+ 2009-06-03 12:17 . 2009-06-03 12:17 84661 c:\windows\System32\Macromed\Flash\uninstall_plugin.exe

+ 2008-01-21 02:24 . 2008-01-21 02:24 41984 c:\windows\System32\licmgr10.dll

+ 2009-04-16 08:59 . 2009-03-03 04:37 28160 c:\windows\System32\jsproxy.dll

+ 2008-01-21 02:24 . 2008-01-21 02:24 93696 c:\windows\System32\inseng.dll

+ 2008-01-21 02:24 . 2008-01-21 02:24 36352 c:\windows\System32\imgutil.dll

+ 2009-04-16 08:59 . 2009-03-03 02:28 26624 c:\windows\System32\ieUnatt.exe

+ 2008-01-21 02:24 . 2008-01-21 02:24 69120 c:\windows\System32\iesetup.dll

+ 2008-01-21 02:24 . 2008-01-21 02:24 44544 c:\windows\System32\iernonce.dll

+ 2009-04-16 08:59 . 2009-03-03 04:37 78336 c:\windows\System32\ieencode.dll

+ 2008-01-21 02:24 . 2008-01-21 02:24 70656 c:\windows\System32\ie4uinit.exe

+ 2008-01-21 02:24 . 2008-01-21 02:24 63488 c:\windows\System32\icardie.dll

+ 2008-01-21 02:24 . 2008-01-21 02:24 17408 c:\windows\System32\corpol.dll

+ 2009-01-08 05:42 . 2009-06-03 12:49 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-01-08 05:42 . 2009-06-02 15:28 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-01-08 05:42 . 2009-06-02 15:28 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-01-08 05:42 . 2009-06-03 12:49 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-01-08 05:42 . 2009-06-03 12:49 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-01-08 05:42 . 2009-06-02 15:28 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-06-02 14:30 . 2009-03-08 11:32 72704 c:\windows\System32\admparse.dll

+ 2008-01-21 02:23 . 2008-01-21 02:23 72704 c:\windows\System32\admparse.dll

- 2009-02-10 17:10 . 2009-06-02 10:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-02-10 17:10 . 2009-06-02 17:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-02-10 17:10 . 2009-06-02 17:39 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-02-10 17:10 . 2009-06-02 10:34 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-02-10 17:10 . 2009-06-02 17:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-02-10 17:10 . 2009-06-02 10:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-06-02 17:32 . 2009-06-02 17:32 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll

+ 2009-06-02 17:32 . 2009-06-02 17:32 77824 c:\windows\.jagex_cache_32\runescape\jaggl.dll

- 2009-02-07 00:03 . 2009-05-25 19:50 2670 c:\windows\System32\WDI\ERCQueuedResolutions.dat

+ 2009-02-07 00:03 . 2009-06-02 15:58 2670 c:\windows\System32\WDI\ERCQueuedResolutions.dat

+ 2009-06-03 12:47 . 2009-06-03 12:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2009-06-03 12:47 . 2009-06-03 12:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-06-02 14:34 . 2009-06-02 14:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-06-03 10:15 . 2009-04-11 06:28 182784 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\xmllite.dll

+ 2009-06-03 10:15 . 2009-04-11 06:28 218624 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wdscore.dll

+ 2009-06-03 10:15 . 2009-04-11 06:28 744448 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wbemcore.dll

+ 2009-06-03 10:15 . 2009-04-11 06:28 357888 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wbemcomn.dll

+ 2009-06-03 10:15 . 2009-04-11 06:28 116736 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\smipi.dll

+ 2009-06-03 10:15 . 2009-04-11 06:28 139264 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\SmiInstaller.dll

+ 2009-06-03 10:15 . 2009-04-11 06:28 705536 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\smiengine.dll

+ 2009-06-03 10:15 . 2009-04-11 06:28 126464 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\rescinst.dll

+ 2009-06-03 10:15 . 2009-04-11 06:28 265728 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\repdrvfs.dll

+ 2009-06-03 10:15 . 2009-04-11 06:27 119296 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\poqexec.exe

+ 2009-06-03 10:15 . 2009-04-11 06:27 130560 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\PkgMgr.exe

+ 2009-06-03 10:15 . 2009-04-11 06:28 146432 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\OEMHelpIns.dll

+ 2009-06-03 10:15 . 2009-04-11 06:28 305152 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\msdelta.dll

+ 2009-06-03 10:15 . 2009-04-11 06:28 102400 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\mofinstall.dll

+ 2009-06-03 10:15 . 2009-04-11 06:28 189440 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\mofd.dll

+ 2009-06-03 10:15 . 2009-04-11 06:28 222720 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\locdrv.dll

+ 2009-06-03 10:15 . 2009-04-11 06:28 100352 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\helpcins.dll

+ 2009-06-03 10:15 . 2009-04-11 06:28 614912 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\fastprox.dll

+ 2009-06-03 10:15 . 2009-04-11 06:28 265728 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\esscli.dll

+ 2009-06-03 10:15 . 2009-04-11 06:28 247808 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\drvstore.dll

+ 2009-06-03 10:15 . 2009-04-11 06:28 100352 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\DrUpdate.dll

+ 2009-06-03 10:15 . 2009-04-11 06:28 258048 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\dpx.dll

+ 2009-06-03 10:15 . 2009-04-11 06:28 243712 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\CntrtextInstaller.dll

+ 2009-06-03 10:15 . 2009-04-11 06:28 271360 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\cmitrust.dll

+ 2009-06-03 10:15 . 2009-04-11 06:28 119808 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\cmiadapter.dll

+ 2009-06-03 10:15 . 2009-04-11 06:28 535040 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\CbsCore.dll

+ 2009-06-03 10:15 . 2009-04-11 06:28 199168 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\apss.dll

+ 2009-06-03 10:15 . 2009-04-11 06:28 222208 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\apircl.dll

+ 2009-04-16 08:59 . 2009-03-03 04:40 827392 c:\windows\System32\wininet.dll

+ 2008-01-21 02:23 . 2008-01-21 02:23 208384 c:\windows\System32\WinFXDocObj.exe

- 2009-06-02 14:30 . 2009-03-08 11:34 208384 c:\windows\System32\WinFXDocObj.exe

+ 2008-01-21 02:24 . 2008-01-21 02:24 233984 c:\windows\System32\webcheck.dll

+ 2009-01-08 15:05 . 2008-05-08 21:59 430080 c:\windows\System32\vbscript.dll

+ 2008-01-21 02:24 . 2008-01-21 02:24 105984 c:\windows\System32\url.dll

- 2009-06-02 14:30 . 2009-03-08 11:34 105984 c:\windows\System32\url.dll

+ 2009-04-16 08:59 . 2009-03-03 04:39 102912 c:\windows\System32\occache.dll

+ 2009-04-16 08:59 . 2009-03-03 04:38 671232 c:\windows\System32\mstime.dll

+ 2008-01-21 02:24 . 2008-01-21 02:24 193024 c:\windows\System32\msrating.dll

- 2009-06-02 14:30 . 2009-03-08 11:22 156160 c:\windows\System32\msls31.dll

+ 2008-01-21 02:24 . 2008-01-21 02:24 156160 c:\windows\System32\msls31.dll

+ 2008-01-21 02:24 . 2008-01-21 02:24 476672 c:\windows\System32\mshtmled.dll

+ 2009-04-16 08:59 . 2009-03-03 04:38 458240 c:\windows\System32\msfeeds.dll

+ 2009-02-03 02:15 . 2009-02-03 02:15 240544 c:\windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe

+ 2009-01-08 15:05 . 2008-05-08 21:59 512000 c:\windows\System32\jscript.dll

+ 2008-01-21 02:24 . 2008-01-21 02:24 167936 c:\windows\System32\iexpress.exe

+ 2008-01-21 02:24 . 2008-01-21 02:24 180736 c:\windows\System32\ieui.dll

+ 2009-04-16 08:59 . 2009-03-03 04:37 270336 c:\windows\System32\iertutil.dll

+ 2008-01-21 02:24 . 2008-01-21 02:24 193024 c:\windows\System32\iepeers.dll

+ 2009-04-16 08:59 . 2009-03-03 04:37 389120 c:\windows\System32\iedkcs32.dll

+ 2008-01-21 02:24 . 2008-01-21 02:24 383488 c:\windows\System32\ieapfltr.dll

+ 2006-11-02 07:27 . 2006-11-02 09:39 161792 c:\windows\System32\ieakui.dll

+ 2009-04-16 08:59 . 2009-03-03 04:37 230400 c:\windows\System32\ieaksie.dll

+ 2008-01-21 02:24 . 2008-01-21 02:24 153088 c:\windows\System32\ieakeng.dll

+ 2008-01-21 02:24 . 2008-01-21 02:24 133120 c:\windows\System32\extmgr.dll

+ 2008-01-21 02:24 . 2008-01-21 02:24 214528 c:\windows\System32\dxtrans.dll

+ 2008-01-21 02:24 . 2008-01-21 02:24 347136 c:\windows\System32\dxtmsft.dll

+ 2008-01-21 02:24 . 2008-01-21 02:24 128000 c:\windows\System32\advpack.dll

+ 2009-06-03 10:15 . 2009-04-11 06:28 1835520 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wcp.dll

+ 2009-06-03 10:15 . 2009-04-11 06:28 2032640 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\cmiv2.dll

+ 2009-06-03 10:15 . 2009-04-11 06:28 1744384 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\apds.dll

+ 2009-04-16 08:59 . 2009-03-03 04:40 1166336 c:\windows\System32\urlmon.dll

+ 2006-11-02 10:22 . 2009-06-03 12:49 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat

- 2006-11-02 10:22 . 2009-06-02 14:35 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat

+ 2009-04-16 08:59 . 2009-03-03 04:38 3580928 c:\windows\System32\mshtml.dll

+ 2009-02-03 02:15 . 2009-02-03 02:15 3771296 c:\windows\System32\Macromed\Flash\NPSWF32.dll

+ 2009-04-16 08:59 . 2009-03-03 04:37 6068736 c:\windows\System32\ieframe.dll

+ 2008-01-21 02:24 . 2008-01-21 02:24 2455488 c:\windows\System32\ieapfltr.dat

- 2009-06-02 15:48 . 2009-06-02 15:48 6258688 c:\windows\ERDNT\Hiv-backup\schema.dat

+ 2009-06-02 15:48 . 2009-06-03 14:12 6258688 c:\windows\ERDNT\Hiv-backup\schema.dat

.

-- Snapshot teruggezet naar huidige datum --

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-07-29 16:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]

"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-29 526896]

"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768]

"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]

"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]

"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-17 817672]

"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2009-01-08 3673600]

"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-07-24 147456]

"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-07-24 167936]

"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-07-18 167936]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-02 1947928]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

"eRecoveryService"="" [bU]

"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-08-19 6265376]

"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2008-08-19 1833504]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]

2009-01-08 06:31 3116032 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]

2008-03-25 14:24 567560 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{E47F008D-5D1D-42C4-82B3-09331CDA7A36}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe

"{E8958C4C-B1BF-4957-8AB6-52ABDD601BCC}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe

"{95FCA65D-396A-4F33-812B-076DC20DF081}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe

"{B3F61EC1-9C61-4BFE-B85F-7936C34EBA3A}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe

"{A7EF5407-3299-4FF1-91F4-1EB3BD707307}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe

"{FCBFFE7B-D16F-443B-9E29-E7D9D64C2165}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe

"{A09BF21E-987D-44DE-83FD-0325A5D0E39A}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{1C7CC37B-6060-4364-ABD4-829FACF5648F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{40B204A6-95EE-4B7E-9A42-CD1F557B39FB}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector

"{06310D73-2D8A-4DF2-8CD5-3C35D0CD7A6F}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe

"{E52443A0-3171-4409-A56B-DCD577465D0B}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie

"{26C284A9-1642-4F8C-8D19-32C3C1F8312D}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program

"{B1B4F4D8-B8FA-409F-BC86-081E2844CFD2}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia

"{FE0E4381-2EB9-4459-A1D4-AA9ABAAD17F6}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe

"{1199AEF3-211A-4837-9368-82168026A079}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe

"TCP Query User{8ACC6B56-E398-4D12-ADED-52A181FBC925}c:\\program files\\steam\\steamapps\\agent_sprink\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\agent_sprink\counter-strike source\hl2.exe:hl2

"UDP Query User{4DE088D3-CB1B-48E7-999A-B73449CF6DFE}c:\\program files\\steam\\steamapps\\agent_sprink\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\agent_sprink\counter-strike source\hl2.exe:hl2

"TCP Query User{A756D3E3-9134-4B99-8427-93B12845BFF8}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire

"UDP Query User{35028847-1F0B-47C2-907C-BDC43947B2BC}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire

"TCP Query User{3078A1FA-C9D7-476A-91D2-7BAD40EFE211}c:\\program files\\valve\\steam\\steamapps\\lozrez\\counter-strike\\hl.exe"= UDP:c:\program files\valve\steam\steamapps\lozrez\counter-strike\hl.exe:Half-Life Launcher

"UDP Query User{40FCD9CD-09C8-41EB-8ADD-1EAE631089F1}c:\\program files\\valve\\steam\\steamapps\\lozrez\\counter-strike\\hl.exe"= TCP:c:\program files\valve\steam\steamapps\lozrez\counter-strike\hl.exe:Half-Life Launcher

"TCP Query User{5F73B1CB-FEFB-4072-A5EB-E428009656A8}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary

"UDP Query User{BD7F533A-2FC2-4C10-8324-815ADA4670E9}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary

"TCP Query User{22FF1C22-829E-4B0F-A1B4-20F01D62C51A}c:\\program files\\steam\\steamapps\\last2309\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\last2309\counter-strike\hl.exe:Half-Life Launcher

"UDP Query User{8923E16A-F3C0-4AC9-96D0-E97DCE963058}c:\\program files\\steam\\steamapps\\last2309\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\last2309\counter-strike\hl.exe:Half-Life Launcher

"{C4ADDBBD-F5C5-4460-A822-624625C29A1C}"= UDP:c:\program files\Steam\SteamApps\last2309\counter-strike\hlds.exe:hlds

"{11922263-6604-412A-98FA-981EC61E81DE}"= TCP:c:\program files\Steam\SteamApps\last2309\counter-strike\hlds.exe:hlds

"TCP Query User{99E5AB60-CC6E-444A-A952-FE66CE732800}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC

"UDP Query User{49B8FE2F-9C5D-44C3-AD72-8191EC1B1279}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC

"{5FB19A98-1056-49FE-8126-D8578F11B1E8}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

"TCP Query User{2A56A00F-7305-4DA3-A6FF-194DBF8B1079}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{F0706D99-87E5-44FC-AB08-15F7464A2B04}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"{C3C387DB-6A41-4CF5-93EC-4F222F4D8411}"= UDP:c:\ngm\NGM.exe:Nexon Game Manager

"{7CC1BFCE-3797-4EB4-80AE-387ED709CE07}"= TCP:c:\ngm\NGM.exe:Nexon Game Manager

"{4063163C-8520-4048-B69E-7E7AD603E203}"= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager

"{2D3BD776-DC94-4593-AB70-4F8BE6E8B1F0}"= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager

"TCP Query User{CC5AB682-F8D2-4069-8CC1-635D491F78E4}c:\\program files\\2speced-client\\client.exe"= UDP:c:\program files\2speced-client\client.exe:client

"UDP Query User{6A7A0CF1-7B2C-46E2-BE21-4FDA18444464}c:\\program files\\2speced-client\\client.exe"= TCP:c:\program files\2speced-client\client.exe:client

"TCP Query User{A2E8EAE0-14A3-4D66-8CC4-01F28B792DDE}c:\\program files\\xfire\\dppm_source.exe"= UDP:c:\program files\xfire\dppm_source.exe:Dyyno P2P Source Application

"UDP Query User{57A79F8D-749A-4C7E-9C0F-32E8EED81220}c:\\program files\\xfire\\dppm_source.exe"= TCP:c:\program files\xfire\dppm_source.exe:Dyyno P2P Source Application

"{F9185CA1-367F-4661-920C-0BC7E9989970}"= UDP:c:\program files\Subagames\CrossFire\CF_G4box.exe:CrossFire

"{5C875434-D30F-41EE-B363-4C8F1921B84F}"= TCP:c:\program files\Subagames\CrossFire\CF_G4box.exe:CrossFire

"TCP Query User{971934F6-177B-4C85-900B-48EA2E5D0289}c:\\nexon\\nexon_eu_downloader\\nexon_eu_downloader_engine.exe"= UDP:c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe:NEXON_EU_Downloader_Engine

"UDP Query User{04759FD6-54FA-4DA1-81A2-8558EDFB9C7D}c:\\nexon\\nexon_eu_downloader\\nexon_eu_downloader_engine.exe"= TCP:c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe:NEXON_EU_Downloader_Engine

"{21815E07-F8A6-455D-B204-1921E60871D4}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster

"{55E998B1-4893-4734-ACFC-2F970EA618F2}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster

R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\System32\drivers\AlfaFF.sys [8-1-2009 8:31 43184]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [7-1-2009 21:28 325896]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [1-2-2009 21:50 108552]

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [8-1-2009 8:37 61424]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7-1-2009 21:28 908568]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7-1-2009 21:28 298776]

R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [3-3-2008 14:11 16384]

R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [8-1-2009 8:39 81504]

R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [3-11-2008 10:23 24576]

R2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [8-1-2009 8:31 3521024]

R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [25-4-2008 22:36 45056]

R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [8-1-2009 8:39 122368]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [25-4-2008 22:36 131072]

R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\System32\drivers\L1E60x86.sys [3-11-2008 18:20 47616]

R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [8-1-2009 2:33 22072]

R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [28-3-2007 8:51 43008]

S3 Mkd2kfNt;Mkd2kfNt;c:\windows\System32\drivers\Mkd2kfNT.sys [3-5-2009 13:41 131072]

S3 Mkd2Nadr;Mkd2Nadr;c:\windows\System32\drivers\Mkd2Nadr.sys [3-5-2009 13:41 79104]

S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\System32\drivers\netr28.sys [3-11-2008 18:20 419328]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

--- Andere Services/Drivers In Geheugen ---

*Deregistered* - EagleNT

.

Inhoud van de 'Gedeelde Taken' map

2009-05-31 c:\windows\Tasks\OGADaily.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2009-06-03 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=2&o=vp32&d=0109&m=aspire_6530g

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Nicholas\AppData\Roaming\Mozilla\Firefox\Profiles\s38qilow.default\

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-06-03 16:18

Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

c:\windows\TEMP\TMP00000075F13AD85F508CC909 524288 bytes executable

Scan succesvol afgerond

verborgen bestanden: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]

"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

Voltooingstijd: 2009-06-03 16:19

ComboFix-quarantined-files.txt 2009-06-03 14:19

ComboFix2.txt 2009-06-02 15:55

ComboFix3.txt 2009-05-22 09:35

ComboFix4.txt 2009-05-22 00:30

ComboFix5.txt 2009-06-03 14:12

Pre-Run: 104.046.272.512 bytes beschikbaar

Post-Run: 104.013.946.880 bytes beschikbaar

351 --- E O F --- 2009-06-03 10:33

Zou je ook eens kunnen uitleggen als er iets kwaadaardig was wat het was en wat het doen?

Alvast bedankt!

Mvg,

CK

Als ik het logje bekijk zie ik dat er dingen zitten van 2speced, nexon, xfire, crossfire, gameguard en steam waar vindt ik die en hoe verwijder ik die?

Link naar reactie
Delen op andere sites

Ga naar Start - Uitvoeren en tik in: sc stop npggsvc

Druk op Enter.

Ga naar Start - Uitvoeren en tik in: sc delete npggsvc

Druk op Enter.

Alle gemelde items zijn zaken die je hebt toegelaten in je firewall.

Link naar reactie
Delen op andere sites

Verwijder Combofix: Start -> Uitvoeren en typ: combofix /u

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Download CCleaner.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Opschonen'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Configuratiescherm -> Systeem en Onderhoud -> Systeem -> tabblad "Systeembeveiliging" -> vinkje weghalen bij de schijf waarvan je de herstelpunten wil verwijderen -> klikken op "toepassen". Dan krijg je de schermmelding “Weet u zeker dat u systeemherstel wil uitschakelen”. Klik hier op “Systeemherstel uitschakelen”. Dan zijn alle herstelpunten verwijderd op de aangeduide schijf.

Zet daarna opnieuw een vinkje bij de harde schijf. Maak meteen ook een nieuw herstelpunt, zodat je niet hoeft te wachten op een automatisch herstelpunt van het systeem.

P.S. : En wat die opleiding betreft : in principe zou ik dat wel willen doen, maar ik vrees dat me de tijd ontbreekt om dat er nog bij te nemen. Maar ik zou je wel kunnen aanbevelen om je dan aan te melden voor de opleiding bij HiJackThis.nl. Daar krijg je een volledige opleiding - vanaf de basis - voor het ontleden van HJT-logjes. Ga naar de website van HiJackThis.nl, registreer je als lid van dit forum ... en in de rubriek "aanmelden" meldt je dat je interesse hebt voor de opleiding. Hou er wel rekening mee dat er een behoorlijke wachtlijst is en dat je dus niet onmiddellijk kan beginnen met de cursus.

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.