[OPGELOST] hijack this logje. system secutiry 2009?

iTest · 26 juni 2009

Ik heb een paar minuten geleden last gehad van system security 2009 en heballes geprobeert om hem te verwijderen. hopelijk is dit gelukt maar i kvraag tog nog even op dit logje na te kijken.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:38:28, on 26-6-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\vsnpstd.exe

C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Zoeken

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll

O4 - HKLM\..\Run: [snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"

O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [EPSON Stylus SX400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE /FU "C:\WINDOWS\TEMP\E_S9E.tmp" /EF "HKCU"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209365616640

O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selftest/nl/Prg/ESTPTest.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. Antivirus software - BitDefender - The future of security now! - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe

O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: id6rjs4r64j6a7io8jkswhvv80 - Unknown owner - C:\WINDOWS\id6rjs4r64j6a7io8jkswhvv81.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--

End of file - 7934 bytes

Ik heb ook met malware bytes gescand en daar heb ik met snelle scan alles uitgehaalt. hij is nu bezig met ee nvolledige scan.

hopelijk kunnen jullie mij helpen. ook zou ik graag met een nieuwe start willen beginnen. nieuwste updates. zeker wete ndat er geen virussen op mijn computer zijn en dan mijn oudere herstelpunten weghalen.

misschien kunnen julie hier ook mee helpen

alvast bedankt

P.S. sorry voor mijn typfouten

kweezie wabbit · 26 juni 2009

Dan gaan we even wachten.

Malwarebytes gaat misschien reeds een aantal dingen fixen die nu nog in het logje staan.

Als de scan en de fix met malwarebytes gedaan is, maak je een nieuw hijackthis logje om hier te posten.

kape · 26 juni 2009

Doe eerst ook nog even dit vóór je het nieuwe logje van HiJackThis - zoals aanbevolen door Kweezie Wabbit - maakt :

Ga naar Start - Uitvoeren en tik in: sc stop id6rjs4r64j6a7io8jkswhvv80

Druk op Enter.

Ga naar Start - Uitvoeren en tik in: sc delete id6rjs4r64j6a7io8jkswhvv80

Druk op Enter.

Ga naar Start - Uitvoeren en tik in: sc stop npggsvc

Druk op Enter.

Ga naar Start - Uitvoeren en tik in: sc delete npggsvc

Druk op Enter.

iTest · 26 juni 2009

Doe eerst ook nog even dit vóór je het nieuwe logje van HiJackThis - zoals aanbevolen door Kweezie Wabbit - maakt :
Ga naar Start - Uitvoeren en tik in: sc stop id6rjs4r64j6a7io8jkswhvv80

Druk op Enter.

Ga naar Start - Uitvoeren en tik in: sc delete id6rjs4r64j6a7io8jkswhvv80

Druk op Enter.

Ga naar Start - Uitvoeren en tik in: sc stop npggsvc

Druk op Enter.

Ga naar Start - Uitvoeren en tik in: sc delete npggsvc

Druk op Enter.

Dat heb ik net gedaan

Hier is het malwarebytes logje

Malwarebytes' Anti-Malware 1.38
Database versie: 2338

Windows 5.1.2600 Service Pack 3

26-6-2009 18:19:36

mbam-log-2009-06-26 (18-19-36).txt

Scan type: Volledige Scan (C:\|D:\|F:\|G:\|H:\|I:\|)

Objecten gescand: 170294

Verstreken tijd: 1 hour(s), 1 minute(s), 58 second(s)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata bestanden geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 1

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:

c:\system volume information\_restore{d4fdde54-5700-4346-91e0-c37d6818c813}\RP178\A0041104.exe (Rogue.PerfectOptimizer) -> Quarantined and deleted successfully.

en hier is het nieuwe hijack this logje

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:23:47, on 26-6-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Zoeken

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll

O4 - HKLM\..\Run: [snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"

O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [EPSON Stylus SX400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE /FU "C:\WINDOWS\TEMP\E_S9E.tmp" /EF "HKCU"

O4 - HKUS\S-1-5-21-332125129-2876203032-2585229695-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Administrator')

O4 - HKUS\S-1-5-21-332125129-2876203032-2585229695-501\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Gast')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209365616640

O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selftest/nl/Prg/ESTPTest.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. Antivirus software - BitDefender - The future of security now! - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe

O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--

End of file - 7407 bytes

b.t.w ik heb mijn computer nog niet gerestart i.v.b. met vorige problemen waardoor ik mijn pc niet meer kon opstarten. graag reactie

ook krijg ik dit niet verwijderd met spybot S&D:

kape · 26 juni 2009

Logjes zien er goed uit. Doe even dit nu :

Download Combofix naar je Bureaublad.

Lees hier meer over correct gebruik van Combofix.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

Dubbelklik op Combofix.exe om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.

iTest · 26 juni 2009

ComboFix 09-06-26.02 - Gebruiker 26-06-2009 21:00.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1022.722 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\bhbahr.exe

C:\bnpxom.exe

C:\bwncipec.exe

c:\documents and settings\Gebruiker\Application Data\inst.exe

C:\kkbdvos.exe

c:\program files\sys

C:\snnouf.exe

C:\tgkbcr.exe

C:\utyus.exe

c:\windows\Install.txt

c:\windows\irc.txt

c:\windows\system32\kdfinj.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_ILVMONEYDRIVER53

-------\Legacy_MSNCACHE

-------\Legacy_NPF

-------\Legacy_SOPIDKC

-------\Legacy_SYS

-------\Legacy_SYSDRV

-------\Service_IlvMoneyDRIVER53

(((((((((((((((((((( Bestanden Gemaakt van 2009-05-26 to 2009-06-26 ))))))))))))))))))))))))))))))

.

2009-06-26 18:46 . 2008-10-09 13:31 192512 ----a-w- c:\windows\system32\txmlutil.dll

2009-06-26 11:04 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-06-26 11:04 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-06-26 11:04 . 2009-06-26 11:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-06-26 10:51 . 2009-06-26 10:52 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-06-26 10:15 . 2009-06-26 10:15 12288 ----a-w- c:\windows\id6rjs4r64j6a7io8jkswhvv81.exe

2009-06-23 20:47 . 2009-06-23 20:47 -------- d-----w- c:\program files\Softnyx

2009-06-23 19:23 . 2009-06-23 19:23 -------- d-----w- c:\program files\Trend Micro

2009-06-23 19:12 . 2009-06-23 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Ubisoft

2009-06-23 19:12 . 2009-06-23 19:12 22328 ----a-w- c:\documents and settings\Gebruiker\Application Data\PnkBstrK.sys

2009-06-23 19:12 . 2009-06-23 19:12 2337865 ----a-w- c:\windows\system32\pbsvc.exe

2009-06-23 18:56 . 2009-06-23 18:56 -------- d-----w- c:\program files\Ubisoft

2009-06-23 18:53 . 2005-07-19 03:10 147456 ----a-r- c:\windows\system32\igfxres.dll

2009-06-23 18:46 . 2009-06-23 18:46 -------- d-----w- c:\program files\AGEIA Technologies

2009-06-23 18:46 . 2009-06-23 18:46 -------- d-----w- c:\windows\system32\AGEIA

2009-06-23 18:46 . 2009-06-23 18:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-06-23 18:46 . 2009-06-10 04:03 457248 ----a-w- c:\windows\system32\nvudisp.exe

2009-06-23 18:45 . 2009-06-04 14:39 457248 ----a-w- c:\windows\system32\NVUNINST.EXE

2009-06-23 18:45 . 2009-06-23 18:45 -------- d-----w- C:\NVIDIA

2009-06-23 18:41 . 2009-06-23 18:41 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2009-06-23 12:11 . 2009-06-26 16:29 -------- d--h--r- c:\documents and settings\Gebruiker\Onlangs geopend

2009-06-23 11:39 . 2009-06-23 11:39 -------- d-----w- c:\program files\uTorrent

2009-06-23 11:38 . 2009-06-23 12:06 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\uTorrent

2009-06-23 09:46 . 2009-06-23 09:46 -------- d-----w- c:\program files\SystemRequirementsLab

2009-06-23 09:46 . 2009-06-23 09:46 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\SystemRequirementsLab

2009-06-23 09:46 . 2009-06-23 09:46 290816 ----a-w- c:\documents and settings\Gebruiker\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll

2009-06-23 09:46 . 2009-06-23 09:46 290816 ----a-w- c:\documents and settings\Gebruiker\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll

2009-06-23 09:46 . 2009-06-23 09:46 290816 ----a-w- c:\documents and settings\Gebruiker\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll

2009-06-23 09:46 . 2009-06-23 09:46 290816 ----a-w- c:\documents and settings\Gebruiker\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll

2009-06-22 10:35 . 2009-06-22 10:35 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\TuneUp Software

2009-06-22 10:34 . 2009-06-22 10:34 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software

2009-06-22 10:34 . 2009-06-22 10:51 -------- d-----w- c:\program files\TuneUp Utilities 2009

2009-06-22 10:34 . 2009-06-22 10:34 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}

2009-06-19 21:40 . 2009-06-18 14:14 51200 ----a-w- c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\ruqhmrm8.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\FFExternalAlert.dll

2009-06-19 21:40 . 2009-06-18 14:14 114688 ----a-w- c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\ruqhmrm8.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\npmozax.dll

2009-06-19 08:22 . 2009-06-19 08:22 -------- d-sh--w- c:\documents and settings\Gebruiker\PrivacIE

2009-06-19 08:14 . 2009-06-19 08:14 -------- d-sh--w- c:\documents and settings\Gebruiker\IETldCache

2009-06-18 23:27 . 2009-04-30 21:18 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-06-18 23:27 . 2009-04-30 21:17 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-06-18 23:27 . 2009-06-18 23:27 -------- d-----w- c:\windows\ie8updates

2009-06-18 23:25 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll

2009-06-18 23:22 . 2009-06-18 23:24 -------- dc-h--w- c:\windows\ie8

2009-06-18 18:22 . 2009-06-18 18:22 2035 ----a-w- c:\windows\system32\wbers.dat

2009-06-17 09:05 . 2009-06-17 09:05 45056 ----a-r- c:\documents and settings\Gebruiker\Application Data\Microsoft\Installer\{D17D8B97-F937-432F-88BD-382727D34441}\Setup.exe_D17D8B97F937432F88BD382727D34441_2.exe

2009-06-17 09:05 . 2009-06-17 09:05 45056 ----a-r- c:\documents and settings\Gebruiker\Application Data\Microsoft\Installer\{D17D8B97-F937-432F-88BD-382727D34441}\MapleStory.exe1_D17D8B97F937432F88BD382727D34441_1.exe

2009-06-17 09:05 . 2009-06-17 09:05 45056 ----a-r- c:\documents and settings\Gebruiker\Application Data\Microsoft\Installer\{D17D8B97-F937-432F-88BD-382727D34441}\MapleStory.exe_D17D8B97F937432F88BD382727D34441_2.exe

2009-06-17 09:05 . 2009-06-17 09:05 45056 ----a-r- c:\documents and settings\Gebruiker\Application Data\Microsoft\Installer\{D17D8B97-F937-432F-88BD-382727D34441}\ARPPRODUCTICON.exe

2009-06-17 09:03 . 2009-06-17 09:03 -------- d-----w- c:\program files\NEXON

2009-06-16 19:22 . 2009-06-16 19:22 -------- d-----w- c:\program files\Samsung

2009-06-10 06:28 . 2009-06-10 06:28 3510272 ----a-w- c:\windows\system32\nvgames.dll

2009-06-10 06:28 . 2009-06-10 06:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll

2009-06-10 06:28 . 2009-06-10 06:28 86016 ----a-w- c:\windows\system32\nvmctray.dll

2009-06-10 06:28 . 2009-06-10 06:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe

2009-06-10 06:28 . 2009-06-10 06:28 143360 ----a-w- c:\windows\system32\nvcolor.exe

2009-06-10 06:28 . 2009-06-10 06:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll

2009-06-10 06:28 . 2009-06-10 06:28 229376 ----a-w- c:\windows\system32\nvmccs.dll

2009-06-10 04:03 . 2009-06-10 04:03 9998336 ----a-w- c:\windows\system32\nvoglnt.dll

2009-06-10 04:03 . 2009-06-10 04:03 815104 ----a-w- c:\windows\system32\nvapi.dll

2009-06-10 04:03 . 2009-06-10 04:03 671744 ----a-w- c:\windows\system32\nvcuvid.dll

2009-06-10 04:03 . 2009-06-10 04:03 1720320 ----a-w- c:\windows\system32\nvcuda.dll

2009-06-10 04:03 . 2009-06-10 04:03 1580550 ----a-w- c:\windows\system32\nvdata.bin

2009-06-10 04:03 . 2009-06-10 04:03 151552 ----a-w- c:\windows\system32\nvcodins.dll

2009-06-10 04:03 . 2009-06-10 04:03 151552 ----a-w- c:\windows\system32\nvcod.dll

2009-06-10 04:03 . 2009-06-10 04:03 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll

2009-06-07 17:48 . 2009-06-07 17:48 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\TechSmith

2009-06-07 17:42 . 2009-06-07 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith

2009-06-07 17:40 . 2009-06-07 17:40 -------- d-----w- c:\program files\Common Files\TechSmith Shared

2009-06-07 17:40 . 2009-06-07 17:40 -------- d-----w- c:\program files\TechSmith

2009-05-31 18:34 . 2008-10-17 08:50 79104 ----a-w- c:\windows\system32\drivers\Mkd2Nadr.sys

2009-05-31 18:34 . 2008-10-17 08:50 131072 ----a-w- c:\windows\system32\drivers\Mkd2kfNT.sys

2009-05-31 18:33 . 2009-05-31 18:33 -------- d-----w- c:\program files\AhnLab

2009-05-31 16:59 . 2009-05-31 18:04 -------- d-----w- C:\download

2009-05-31 16:59 . 2009-05-31 16:59 -------- d-----w- C:\Nexon

2009-05-31 16:59 . 2009-06-17 08:44 421888 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe

2009-05-30 10:11 . 2009-05-30 10:11 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\Conduit

2009-05-30 10:09 . 2008-06-26 12:34 11776 ----a-w- c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\ruqhmrm8.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}-trash\components\FFAlert.dll

2009-05-30 10:08 . 2009-05-30 10:08 -------- d-----w- c:\program files\Conduit

2009-05-30 10:08 . 2009-06-01 11:24 -------- d-----w- c:\program files\Hotspot_Shield

2009-05-30 10:07 . 2009-05-30 10:15 -------- d-----w- c:\program files\Hotspot Shield

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-26 18:50 . 2009-03-15 17:22 -------- d-----w- c:\program files\BitDefender

2009-06-26 18:45 . 2009-03-15 14:56 81984 ----a-w- c:\windows\system32\bdod.bin

2009-06-26 11:41 . 2009-03-12 20:10 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\DNA

2009-06-26 11:41 . 2008-06-13 19:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-06-26 11:16 . 2009-03-12 20:10 -------- d-----w- c:\program files\DNA

2009-06-26 10:52 . 2009-01-06 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-06-26 10:02 . 2008-06-12 14:11 137824 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2009-06-26 10:02 . 2008-06-12 14:11 202032 -c--a-w- c:\windows\system32\PnkBstrB.exe

2009-06-26 09:05 . 2009-02-18 11:32 34 ----a-w- c:\documents and settings\Gebruiker\jagex_runescape_preferences.dat

2009-06-23 21:25 . 2008-12-29 20:02 1100 ----a-w- c:\windows\system32\d3d8caps.dat

2009-06-23 19:12 . 2008-06-12 14:11 66872 ----a-w- c:\windows\system32\PnkBstrA.exe

2009-06-23 18:56 . 2007-10-19 11:43 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-06-23 17:21 . 2008-08-18 14:15 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-06-16 19:37 . 2008-06-10 18:44 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys

2009-06-10 04:03 . 2008-08-05 07:56 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2009-06-10 04:03 . 2008-04-14 17:02 5908608 ----a-w- c:\windows\system32\nv4_disp.dll

2009-06-07 10:51 . 2009-01-04 15:26 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\TeamViewer

2009-06-01 11:24 . 2009-03-15 18:17 -------- d-----w- c:\program files\Advanced System Optimizer

2009-05-21 22:14 . 2009-05-21 22:14 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Obsidium

2009-05-18 15:41 . 2008-01-08 09:25 29744 ----a-w- c:\documents and settings\Gebruiker\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-05-17 15:08 . 2009-05-17 15:08 -------- d-----w- c:\program files\MSECache

2009-05-16 08:06 . 2009-05-16 08:06 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Xfire

2009-05-15 10:28 . 2009-05-15 10:28 -------- d-----w- c:\program files\NHN USA

2009-05-14 18:08 . 2009-05-14 18:08 27136 ----a-w- c:\windows\system32\drivers\tapvpn.sys

2009-05-14 13:46 . 2009-05-14 13:46 52105 ----a-w- c:\documents and settings\All Users\Application Data\IJJIGame\uninst.exe

2009-05-14 13:46 . 2009-05-14 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\IJJIGame

2009-05-13 05:06 . 2006-03-02 12:00 915456 ----a-w- c:\windows\system32\wininet.dll

2009-05-07 15:34 . 2006-03-02 12:00 347136 ----a-w- c:\windows\system32\localspl.dll

2009-04-29 21:19 . 2009-04-29 21:19 41808 ----a-w- c:\windows\system32\xfcodec.dll

2009-04-29 09:42 . 2009-04-23 13:57 -------- d-----w- c:\program files\TeamViewer

2009-04-28 07:55 . 2009-04-28 07:55 70936 ----a-w- c:\windows\system32\PhysXLoader.dll

2009-04-19 19:51 . 2006-03-02 12:00 1847296 ----a-w- c:\windows\system32\win32k.sys

2009-04-15 21:11 . 2006-03-02 12:00 585434 ----a-w- c:\windows\system32\perfh013.dat

2009-04-15 21:11 . 2006-03-02 12:00 116388 ----a-w- c:\windows\system32\perfc013.dat

2009-04-15 14:55 . 2006-03-02 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll

2009-04-07 08:50 . 2009-04-07 08:50 288024 ----a-w- c:\windows\system32\PhysXCplUI.exe

2009-04-07 08:50 . 2009-04-07 08:50 288024 ----a-w- c:\windows\system32\PhysXCompatCplUI.exe

1999-05-23 22:17 . 1999-05-23 22:17 99840 -c--a-w- c:\program files\Common Files\IRAABOUT.DLL

1998-12-09 01:53 . 1998-12-09 01:53 70144 -c--a-w- c:\program files\Common Files\IRAMDMTR.DLL

1998-12-09 01:53 . 1998-12-09 01:53 48640 -c--a-w- c:\program files\Common Files\IRALPTTR.DLL

1998-12-09 01:53 . 1998-12-09 01:53 31744 -c--a-w- c:\program files\Common Files\IRAWEBTR.DLL

1998-12-09 01:53 . 1998-12-09 01:53 186368 -c--a-w- c:\program files\Common Files\IRAREG.DLL

1998-12-09 01:53 . 1998-12-09 01:53 17920 -c--a-w- c:\program files\Common Files\IRASRIAL.DLL

.

------- Sigcheck -------

[7] 2006-03-02 12:00 14336 AB8C6D89A897BACBA4657FDF00E344A6 c:\windows\$NtServicePackUninstall$\svchost.exe

[7] 2008-04-14 17:03 14336 E410EC73E2BE2A41D923B006F51C8427 c:\windows\ServicePackFiles\i386\svchost.exe

[7] 2008-04-14 17:03 14336 E410EC73E2BE2A41D923B006F51C8427 c:\windows\system32\svchost.exe

[-] 2005-03-02 18:21 578560 0B62745CE93E8C6F56547F70269DBABC c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[-] 2007-03-08 15:51 579584 FA35431E333943F4B2A6D33FA4EE3CE9 c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll

[-] 2007-03-08 15:39 579072 CB18F701A5D55A6308FAB8D18322C060 c:\windows\$NtServicePackUninstall$\user32.dll

[7] 2006-03-02 12:00 578560 8E5D344FD717D35EE7ED1C8E0AD0CBE6 c:\windows\$NtUninstallKB890859$\user32.dll

[-] 2005-03-02 18:19 578560 A9F2EBFC6EF9C1FB38CEDCF747162B6C c:\windows\$NtUninstallKB925902$\user32.dll

[7] 2008-04-14 17:02 580096 4CF588D2F2363B73EB4AF57967D46DFF c:\windows\ServicePackFiles\i386\user32.dll

[7] 2008-04-14 17:02 580096 4CF588D2F2363B73EB4AF57967D46DFF c:\windows\system32\user32.dll

[7] 2006-03-02 12:00 82944 06EBCBE58321E924980148B7E3DBD753 c:\windows\$NtServicePackUninstall$\ws2_32.dll

[7] 2008-04-14 17:02 82432 520391367546218929749612ABFE840C c:\windows\ServicePackFiles\i386\ws2_32.dll

[7] 2008-04-14 17:02 82432 520391367546218929749612ABFE840C c:\windows\system32\ws2_32.dll

[-] 2008-02-16 09:33 669184 C683F6CF71EDFCB8708BDF2C5DD1BA13 c:\windows\$hf_mig$\KB947864\SP2QFE\wininet.dll

[7] 2008-04-21 06:58 669696 20238850AFE4A19A885CD5658433D60D c:\windows\$hf_mig$\KB950759\SP2QFE\wininet.dll

[7] 2008-04-21 06:57 669184 0E4C070B2D83D7D76CF2A0384FA50750 c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll

[7] 2008-04-21 06:41 669696 438F668DDACCAD59F934772EE894A704 c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll

[7] 2008-06-23 14:57 669696 AE1A6AEA7F65F452C0916FB1399D832E c:\windows\$hf_mig$\KB953838\SP3QFE\wininet.dll

[7] 2008-08-20 05:08 669696 F77FD23458C5C4C16C37667FDDDCECBA c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll

[7] 2008-08-26 09:12 827904 8B421DDF376F3D042EC616994E6E7896 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll

[7] 2008-10-16 01:06 670208 A9CB7C8F4FB538DCAA26FFF76C2F8F14 c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll

[7] 2008-12-20 23:49 827904 6A77C48E137A73FFD1408F1A71C5184C c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll

[7] 2009-03-03 00:17 828416 78B519AC87AD7256C24EF44279EFD694 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll

[7] 2009-04-29 04:40 828928 478A5E95C6121A98673EE33DFCBE3400 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll

[7] 2009-05-13 05:09 915456 4BF497D1787B9B72DB6083395A1789D8 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll

[7] 2008-04-21 07:03 662528 B3E4295CA4A5B3639DE3DA1F95E78F29 c:\windows\$NtServicePackUninstall$\wininet.dll

[7] 2006-03-02 12:00 659456 6C7E1322898378C30BCD9F779A2621EE c:\windows\$NtUninstallKB947864$\wininet.dll

[7] 2008-04-14 17:02 669184 80CA4DCDD3DAD65CB8800508076712E7 c:\windows\$NtUninstallKB950759$\wininet.dll

[-] 2008-02-16 09:05 662528 1D77F302BBFE2D407DD67C5CB098EA95 c:\windows\$NtUninstallKB950759_0$\wininet.dll

[7] 2008-04-21 06:57 669184 0E4C070B2D83D7D76CF2A0384FA50750 c:\windows\$NtUninstallKB953838$\wininet.dll

[7] 2008-06-23 15:12 669184 8ADFF2F029A90FED04A322CBF084F3EA c:\windows\$NtUninstallKB956390$\wininet.dll

[7] 2008-08-20 05:30 669184 BC9059433D2F0889A71E3CDFF5AB2F71 c:\windows\$NtUninstallKB958215$\wininet.dll

[7] 2008-10-16 01:02 669184 FD8DC8F2FA8C3F3CC00C99018AF1530C c:\windows\ie7\wininet.dll

[7] 2007-08-13 17:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\ie7updates\KB956390-IE7\wininet.dll

[7] 2008-08-26 08:27 826368 5A1BB22BDFE98B2639A6D29E8CFB3BA4 c:\windows\ie7updates\KB961260-IE7\wininet.dll

[7] 2008-12-20 23:03 826368 DB4777DBC853EAC790E3DBDB68FFB1A1 c:\windows\ie7updates\KB963027-IE7\wininet.dll

[7] 2009-03-03 00:16 826368 C2A37E9F4096B019694A7519C5FFB2A0 c:\windows\ie7updates\KB969897-IE7\wininet.dll

[7] 2009-04-29 04:49 827392 D5E276ADDE1400549B5678873A804E6F c:\windows\ie8\wininet.dll

[7] 2009-03-08 02:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\ie8updates\KB969897-IE8\wininet.dll

[7] 2008-04-14 17:02 669184 80CA4DCDD3DAD65CB8800508076712E7 c:\windows\ServicePackFiles\i386\wininet.dll

[7] 2008-12-20 23:03 826368 DB4777DBC853EAC790E3DBDB68FFB1A1 c:\windows\SoftwareDistribution\Download\4ebf42ddd964eeee041afdbedb6cbfc0\SP2GDR\wininet.dll

[7] 2008-12-20 23:49 827904 6A77C48E137A73FFD1408F1A71C5184C c:\windows\SoftwareDistribution\Download\4ebf42ddd964eeee041afdbedb6cbfc0\SP2QFE\wininet.dll

[-] 2008-03-01 13:05 826368 0BC8124D6EA627A1BB864094A43C2698 c:\windows\SoftwareDistribution\Download\7403589eaa88ea82d304ec630ba16553\SP2GDR\wininet.dll

[-] 2008-03-01 12:49 827392 1073283DC2D66C5539301BAEF0BCB442 c:\windows\SoftwareDistribution\Download\7403589eaa88ea82d304ec630ba16553\SP2QFE\wininet.dll

[7] 2009-05-13 05:06 915456 84A401C1C289056C4CC9E1A391DE91E3 c:\windows\SoftwareDistribution\Download\ba9ee71e2965db33798dc8d4cecc0a07\SP3GDR\wininet.dll

[7] 2009-05-13 05:09 915456 4BF497D1787B9B72DB6083395A1789D8 c:\windows\SoftwareDistribution\Download\ba9ee71e2965db33798dc8d4cecc0a07\SP3QFE\wininet.dll

[7] 2008-08-26 08:27 826368 5A1BB22BDFE98B2639A6D29E8CFB3BA4 c:\windows\SoftwareDistribution\Download\e1981c8d244d19a2ccd9e01b6e905cf6\SP2GDR\wininet.dll

[7] 2008-08-26 09:12 827904 8B421DDF376F3D042EC616994E6E7896 c:\windows\SoftwareDistribution\Download\e1981c8d244d19a2ccd9e01b6e905cf6\SP2QFE\wininet.dll

[7] 2009-05-13 05:06 915456 84A401C1C289056C4CC9E1A391DE91E3 c:\windows\system32\wininet.dll

[7] 2009-05-13 05:06 915456 84A401C1C289056C4CC9E1A391DE91E3 c:\windows\system32\dllcache\wininet.dll

[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys

[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys

[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys

[7] 2006-03-02 12:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB941644$\tcpip.sys

[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys

[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys

[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys

[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys

[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys

[7] 2006-03-02 12:00 504832 732ED791711DF9C9DD15E5515BC681B8 c:\windows\$NtServicePackUninstall$\winlogon.exe

[7] 2008-04-14 17:03 510464 1247D4D5444E28519BBE31BE8AB4C029 c:\windows\ServicePackFiles\i386\winlogon.exe

[7] 2008-04-14 17:03 510464 1247D4D5444E28519BBE31BE8AB4C029 c:\windows\system32\winlogon.exe

[7] 2006-03-02 12:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys

[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys

[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys

[7] 2006-03-02 12:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys

[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys

[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys

[-] 2005-03-02 18:14 2061312 C26D84B802567E629D42861A11C7EC04 c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

[-] 2007-02-28 16:09 2063744 F51B8D8B0703518349096604E788B83E c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe

[7] 2009-02-09 11:19 2070528 07EE73D79A7CA142463470AEF230082B c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe

[7] 2008-08-14 17:28 2070400 DE961B54D30C7DD6AA6C3BD27D584E30 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe

[-] 2007-02-28 16:05 2061952 57B09AD681C1D8DB77CCC3E92D8F5D14 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe

[7] 2006-03-02 12:00 2061184 E0399688D466B7C3AFDFFB5A2ED9F351 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe

[-] 2005-03-02 18:09 2061184 C6CF1974ACDB8329DAF9D001C0937CB0 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe

[7] 2008-08-14 13:27 2070400 C92E65CBB38161373319BB11340DE919 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe

[7] 2008-04-14 16:41 2070272 6129DA5C68C13DCA12E77580730FD770 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe

[7] 2009-02-10 17:10 2070400 6A94A7317E28B6543D94174F9016BB68 c:\windows\Driver Cache\i386\ntkrnlpa.exe

[7] 2008-04-14 16:41 2070272 6129DA5C68C13DCA12E77580730FD770 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe

[7] 2009-02-10 17:10 2070400 6A94A7317E28B6543D94174F9016BB68 c:\windows\system32\ntkrnlpa.exe

[7] 2009-02-10 17:10 2070400 6A94A7317E28B6543D94174F9016BB68 c:\windows\system32\dllcache\ntkrnlpa.exe

[-] 2005-03-02 18:15 2183936 5DB3E8DEC987B5D350E4A105DCEAEE6A c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

[-] 2007-02-28 16:09 2186496 59DCA97DC201792C1CCF9FE621EE5ED7 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe

[7] 2009-02-10 17:19 2193536 7625D5BAFD2A4A8458468B139C893BB7 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe

[7] 2008-08-14 17:28 2193536 E332B6DE826D4222A758E3264AD8D520 c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe

[-] 2007-02-28 16:05 2184704 CAAA8FD3C034A227691A43B60873F097 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe

[7] 2006-03-02 12:00 2185344 87AAEA3908E069FB1BE37380C895DFB8 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe

[-] 2005-03-02 18:09 2183680 281A1E82F5F8FC0B2F4B57EF296A4240 c:\windows\$NtUninstallKB931784$\ntoskrnl.exe

[7] 2008-08-14 13:27 2193536 3E5E63D926C5E9F81045F3646815D2A1 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe

[7] 2008-04-14 16:42 2193408 140A1BAD8A6642C1386BB5B388EB447F c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

[7] 2009-02-09 11:27 2193408 27380B877348030B0662A39C47AAEC11 c:\windows\Driver Cache\i386\ntoskrnl.exe

[7] 2008-04-14 16:42 2193408 140A1BAD8A6642C1386BB5B388EB447F c:\windows\ServicePackFiles\i386\ntoskrnl.exe

[7] 2009-02-09 11:27 2193408 27380B877348030B0662A39C47AAEC11 c:\windows\system32\ntoskrnl.exe

[7] 2009-02-09 11:27 2193408 27380B877348030B0662A39C47AAEC11 c:\windows\system32\dllcache\ntoskrnl.exe

[7] 2008-04-14 17:02 1037312 AA04F042A820BF1868E643575887E1A6 c:\windows\explorer.exe

[-] 2007-06-13 13:12 1036800 1D6245AFBD3FAABC16A885116BE1874D c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

[-] 2007-06-13 13:24 1036800 147E95A42A58CE99E403F7F57656BBEB c:\windows\$NtServicePackUninstall$\explorer.exe

[7] 2006-03-02 12:00 1035776 A1D7304A87FC3093150F5E3CC7B0F338 c:\windows\$NtUninstallKB938828$\explorer.exe

[7] 2008-04-14 17:02 1037312 AA04F042A820BF1868E643575887E1A6 c:\windows\ServicePackFiles\i386\explorer.exe

[7] 2009-02-09 11:19 111104 D98A222A707FFE40043E533FE7A6BA24 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe

[7] 2006-03-02 12:00 108544 39991CD3C17B7529D039151A88E84499 c:\windows\$NtServicePackUninstall$\services.exe

[7] 2008-04-14 17:03 109056 B77BC5CD88EB96D4352AF5202EC4AEC2 c:\windows\$NtUninstallKB956572$\services.exe

[7] 2008-04-14 17:03 109056 B77BC5CD88EB96D4352AF5202EC4AEC2 c:\windows\ServicePackFiles\i386\services.exe

[7] 2009-02-09 11:27 111104 657B69389B893F440B07590C9E963F23 c:\windows\system32\services.exe

[7] 2009-02-09 11:27 111104 657B69389B893F440B07590C9E963F23 c:\windows\system32\dllcache\services.exe

[7] 2006-03-02 12:00 13312 34A82DEBEFB057FCCCBE15F619FC98A7 c:\windows\$NtServicePackUninstall$\lsass.exe

[7] 2008-04-14 17:03 13312 8754210A3399D19610CE2D71E0C3E5D9 c:\windows\ServicePackFiles\i386\lsass.exe

[7] 2008-04-14 17:03 13312 8754210A3399D19610CE2D71E0C3E5D9 c:\windows\system32\lsass.exe

[7] 2006-03-02 12:00 15360 7DE46C9C40ABB58C8FDFE0212A3BF2B4 c:\windows\$NtServicePackUninstall$\ctfmon.exe

[7] 2008-04-14 17:02 15360 E98A8C802CDB31FCF4121D9DFBEA3677 c:\windows\ServicePackFiles\i386\ctfmon.exe

[7] 2008-04-14 17:02 15360 E98A8C802CDB31FCF4121D9DFBEA3677 c:\windows\system32\ctfmon.exe

[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe

[7] 2006-03-02 12:00 57856 CCCB8B94B17466EFB9DC27F42625B0E5 c:\windows\$NtUninstallKB896423$\spoolsv.exe

[7] 2008-04-14 17:03 57856 DB454135DE1A09FE7FEDA7B554B5CCA2 c:\windows\ServicePackFiles\i386\spoolsv.exe

[7] 2008-04-14 17:03 57856 DB454135DE1A09FE7FEDA7B554B5CCA2 c:\windows\system32\spoolsv.exe

[7] 2008-04-14 17:03 112128 FCACAD9819D9A698AC93A7188D97F355 c:\windows\ServicePackFiles\i386\wuauclt.exe

[7] 2008-10-16 13:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\wuauclt.exe

[7] 2008-10-16 13:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\dllcache\wuauclt.exe

[7] 2006-03-02 12:00 24576 DE7A0EE4A6A28E6DFE3118EB22468DA6 c:\windows\$NtServicePackUninstall$\userinit.exe

[7] 2008-04-14 17:03 26112 6818A533ED3B2FA9936DF3DAF45352DF c:\windows\ServicePackFiles\i386\userinit.exe

[7] 2008-04-14 17:03 26112 6818A533ED3B2FA9936DF3DAF45352DF c:\windows\system32\userinit.exe

[7] 2006-03-02 12:00 297472 E2CE999886A4636026F157DEB886AA94 c:\windows\$NtServicePackUninstall$\termsrv.dll

[7] 2008-04-14 17:02 297472 E0AEF86A594C9990D6321C5CA239C5B7 c:\windows\ServicePackFiles\i386\termsrv.dll

[7] 2008-04-14 17:02 297472 E0AEF86A594C9990D6321C5CA239C5B7 c:\windows\system32\termsrv.dll

[-] 2007-04-16 16:11 1027072 68757F5935D6D76DD10975B7B7A9751D c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll

[7] 2009-03-21 14:04 1032704 93E2307273AE7B2D5418E132902373A7 c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll

[-] 2007-04-16 15:54 1025536 6557EA471552BB9AF16B66902D572BD5 c:\windows\$NtServicePackUninstall$\kernel32.dll

[7] 2006-03-02 12:00 1024512 54379BD67780FDBBE1590EEC142A659C c:\windows\$NtUninstallKB935839$\kernel32.dll

[7] 2008-04-14 17:02 1030656 09BCB7171F8172C2BA0189FE1F9C25CB c:\windows\$NtUninstallKB959426$\kernel32.dll

[7] 2008-04-14 17:02 1030656 09BCB7171F8172C2BA0189FE1F9C25CB c:\windows\ServicePackFiles\i386\kernel32.dll

[7] 2009-03-21 14:09 1030656 CE7EFE07C7119C8CD09D953AD9ECA7CD c:\windows\system32\kernel32.dll

[7] 2009-03-21 14:09 1030656 CE7EFE07C7119C8CD09D953AD9ECA7CD c:\windows\system32\dllcache\kernel32.dll

[7] 2006-03-02 12:00 17408 D5A792DB732622A393A0469FE6EAA728 c:\windows\$NtServicePackUninstall$\powrprof.dll

[7] 2008-04-14 17:02 17408 32167CE0150DC2A269D99689A143FB67 c:\windows\ServicePackFiles\i386\powrprof.dll

[7] 2008-04-14 17:02 17408 32167CE0150DC2A269D99689A143FB67 c:\windows\system32\powrprof.dll

[7] 2006-03-02 12:00 110080 7ADE4584ED6657CAE3D523CF101992BD c:\windows\$NtServicePackUninstall$\imm32.dll

[7] 2008-04-14 17:02 110080 58211BB9D2F5C761BFB504C2BBBA8D99 c:\windows\ServicePackFiles\i386\imm32.dll

[7] 2008-04-14 17:02 110080 58211BB9D2F5C761BFB504C2BBBA8D99 c:\windows\system32\imm32.dll

[7] 2006-03-02 12:00 1548288 486594A19F7AEDEBEA600855FFD5E914 c:\windows\$NtServicePackUninstall$\sfcfiles.dll

[7] 2008-04-14 17:02 1571840 328CBDD2445F5B3A047644567EEB557F c:\windows\ServicePackFiles\i386\sfcfiles.dll

[7] 2008-04-14 17:02 1571840 328CBDD2445F5B3A047644567EEB557F c:\windows\system32\sfcfiles.dll

[7] 2006-03-02 12:00 25216 59549E9180CE29D832289E1A1D9E3C60 c:\windows\$NtServicePackUninstall$\kbdclass.sys

[7] 2008-04-14 16:39 25088 380397621E94B32C744E7B2CC1330390 c:\windows\ServicePackFiles\i386\kbdclass.sys

[7] 2008-04-14 16:39 25088 380397621E94B32C744E7B2CC1330390 c:\windows\system32\drivers\kbdclass.sys

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"snpstd"="c:\windows\vsnpstd.exe" [2003-12-31 40960]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]

"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 172032]

"Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-03-23 14202368]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Poort voor Symantec Fax Starter Edition.lnk - c:\program files\Microsoft Office\Office\1043\OLFSNT40.EXE [1999-5-24 46077]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^RAID Manager.lnk]

backup=c:\windows\pss\RAID Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk]

backup=c:\windows\pss\Windows Search.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Documents and Settings\\Gebruiker\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=

"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=

"c:\\ijji\\ENGLISH\\u_gunz.exe"=

"c:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=

"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=

"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=

"c:\\Program Files\\Softnyx\\RakionIS\\Bin\\rakion.bin"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"43594:TCP"= 43594:TCP:RSPS

"8085:TCP"= 8085:TCP:sys

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [19-10-2007 13:43 25105]

S3 DAEDriver54;DAEDriver54;c:\windows\SoftwareDistribution\DataStore\Logs\dak32.sys [13-11-2008 17:11 29696]

S3 DBKDRVR54;DBKDRVR54;\??\c:\program files\Cheat Engine\dbk32.sys --> c:\program files\Cheat Engine\dbk32.sys [?]

S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [31-5-2009 20:34 131072]

S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [31-5-2009 20:34 79104]

S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [7-1-2008 10:37 25088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bdx REG_MULTI_SZ scan

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

- - - - ORPHANS VERWIJDERD - - - -

MSConfigStartUp-RAMBooster - (no file)

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.dufpy.com

uInternet Settings,ProxyOverride = *.local

FF - ProfilePath - c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\ruqhmrm8.default\

FF - prefs.js: browser.startup.homepage - about:blank

FF - component: c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\ruqhmrm8.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\FFExternalAlert.dll

FF - plugin: c:\program files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiCHPlugin.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-06-26 21:06

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32]

@DACL=(02 0000)

@="c:\\Program Files\\IESurfBar\\SurfLite Toolbar\\tbhelper.dll"

"ThreadingModel"="both"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ProgID]

@DACL=(02 0000)

@="URLSearchHook.ToolbarURLSearchHook.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\TypeLib]

@DACL=(02 0000)

@="{4509D3CC-B642-4745-B030-645B79522C6D}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VersionIndependentProgID]

@DACL=(02 0000)

@="URLSearchHook.ToolbarURLSearchHook"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(3084)

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\windows\system32\drivers\CDAC11BA.EXE

c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\PnkBstrB.exe

c:\windows\system32\wscntfy.exe

c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

.

**************************************************************************

.

Voltooingstijd: 2009-06-26 21:12 - machine werd herstart

ComboFix-quarantined-files.txt 2009-06-26 19:12

Pre-Run: 49.023.090.688 bytes beschikbaar

Post-Run: 48.978.337.792 bytes beschikbaar

443 --- E O F --- 2009-06-26 18:43

en hijack this. graag vertellen als er iets is verbeterd/veranderd.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:14:58, on 26-6-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Zoeken

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209365616640

O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selftest/nl/Prg/ESTPTest.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--

End of file - 5926 bytes

kape · 26 juni 2009

Je logje van HiJackThis ziet er nu prima uit. Combofix heeft flink wat opgeruimd, maar er moet toch nog wat gebeuren :

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\id6rjs4r64j6a7io8jkswhvv81.exe

c:\windows\system32\pbsvc.exe

c:\windows\system32\PhysXCplUI.exe

c:\windows\system32\PhysXCompatCplUI.exe

c:\program files\Cheat Engine\dbk32.sys

Driver::

DBKDRVR54

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht. En laat dan eens weten of alle merkbare problemen van System Security van de baan zijn of niet ? En of Spybot nog wat te vertellen heeft ?

iTest · 26 juni 2009

hier is het logje :

ComboFix 09-06-26.02 - Gebruiker 26-06-2009 22:13.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1022.763 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Gebruiker\Bureaublad\CFScript.txt

AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

FILE ::

"c:\program files\Cheat Engine\dbk32.sys"

"c:\windows\id6rjs4r64j6a7io8jkswhvv81.exe"

"c:\windows\system32\pbsvc.exe"

"c:\windows\system32\PhysXCompatCplUI.exe"

"c:\windows\system32\PhysXCplUI.exe"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\id6rjs4r64j6a7io8jkswhvv81.exe

c:\windows\system32\pbsvc.exe

c:\windows\system32\PhysXCompatCplUI.exe

c:\windows\system32\PhysXCplUI.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_DBKDRVR54

-------\Service_DBKDRVR54

(((((((((((((((((((( Bestanden Gemaakt van 2009-05-26 to 2009-06-26 ))))))))))))))))))))))))))))))

.

2009-06-26 19:18 . 2009-06-26 19:18 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\BitDefender

2009-06-26 19:17 . 2009-06-26 19:20 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender

2009-06-26 19:17 . 2009-06-26 19:17 -------- d-----w- c:\program files\BitDefender

2009-06-26 19:16 . 2009-06-26 19:18 -------- d-----w- c:\program files\Common Files\BitDefender

2009-06-26 19:10 . 2009-06-26 19:10 -------- dc----w- c:\windows\system32\dllcache\cache

2009-06-26 11:04 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-06-26 11:04 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-06-26 11:04 . 2009-06-26 11:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-06-26 10:51 . 2009-06-26 10:52 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-06-23 20:47 . 2009-06-23 20:47 -------- d-----w- c:\program files\Softnyx

2009-06-23 19:23 . 2009-06-23 19:23 -------- d-----w- c:\program files\Trend Micro

2009-06-23 19:12 . 2009-06-23 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Ubisoft

2009-06-23 19:12 . 2009-06-23 19:12 22328 ----a-w- c:\documents and settings\Gebruiker\Application Data\PnkBstrK.sys

2009-06-23 18:56 . 2009-06-23 18:56 -------- d-----w- c:\program files\Ubisoft

2009-06-23 18:53 . 2005-07-19 03:10 147456 ----a-r- c:\windows\system32\igfxres.dll

2009-06-23 18:46 . 2009-06-23 18:46 -------- d-----w- c:\program files\AGEIA Technologies

2009-06-23 18:46 . 2009-06-23 18:46 -------- d-----w- c:\windows\system32\AGEIA

2009-06-23 18:46 . 2009-06-23 18:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-06-23 18:46 . 2009-06-10 04:03 457248 ----a-w- c:\windows\system32\nvudisp.exe

2009-06-23 18:45 . 2009-06-04 14:39 457248 ----a-w- c:\windows\system32\NVUNINST.EXE

2009-06-23 18:45 . 2009-06-23 18:45 -------- d-----w- C:\NVIDIA

2009-06-23 18:41 . 2009-06-23 18:41 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2009-06-23 12:11 . 2009-06-26 20:09 -------- d--h--r- c:\documents and settings\Gebruiker\Onlangs geopend

2009-06-23 11:39 . 2009-06-23 11:39 -------- d-----w- c:\program files\uTorrent

2009-06-23 11:38 . 2009-06-23 12:06 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\uTorrent

2009-06-23 09:46 . 2009-06-23 09:46 -------- d-----w- c:\program files\SystemRequirementsLab

2009-06-23 09:46 . 2009-06-23 09:46 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\SystemRequirementsLab

2009-06-23 09:46 . 2009-06-23 09:46 290816 ----a-w- c:\documents and settings\Gebruiker\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll

2009-06-23 09:46 . 2009-06-23 09:46 290816 ----a-w- c:\documents and settings\Gebruiker\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll

2009-06-23 09:46 . 2009-06-23 09:46 290816 ----a-w- c:\documents and settings\Gebruiker\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll

2009-06-23 09:46 . 2009-06-23 09:46 290816 ----a-w- c:\documents and settings\Gebruiker\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll

2009-06-22 10:35 . 2009-06-22 10:35 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\TuneUp Software

2009-06-22 10:34 . 2009-06-22 10:34 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software

2009-06-22 10:34 . 2009-06-22 10:51 -------- d-----w- c:\program files\TuneUp Utilities 2009

2009-06-22 10:34 . 2009-06-22 10:34 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}

2009-06-19 21:40 . 2009-06-18 14:14 51200 ----a-w- c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\ruqhmrm8.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\FFExternalAlert.dll

2009-06-19 21:40 . 2009-06-18 14:14 114688 ----a-w- c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\ruqhmrm8.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\npmozax.dll

2009-06-19 08:22 . 2009-06-19 08:22 -------- d-sh--w- c:\documents and settings\Gebruiker\PrivacIE

2009-06-19 08:14 . 2009-06-19 08:14 -------- d-sh--w- c:\documents and settings\Gebruiker\IETldCache

2009-06-18 23:27 . 2009-04-30 21:18 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-06-18 23:27 . 2009-04-30 21:17 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-06-18 23:27 . 2009-06-18 23:27 -------- d-----w- c:\windows\ie8updates

2009-06-18 23:25 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll

2009-06-18 23:22 . 2009-06-18 23:24 -------- dc-h--w- c:\windows\ie8

2009-06-18 18:22 . 2009-06-18 18:22 2035 ----a-w- c:\windows\system32\wbers.dat

2009-06-17 09:05 . 2009-06-17 09:05 45056 ----a-r- c:\documents and settings\Gebruiker\Application Data\Microsoft\Installer\{D17D8B97-F937-432F-88BD-382727D34441}\Setup.exe_D17D8B97F937432F88BD382727D34441_2.exe

2009-06-17 09:05 . 2009-06-17 09:05 45056 ----a-r- c:\documents and settings\Gebruiker\Application Data\Microsoft\Installer\{D17D8B97-F937-432F-88BD-382727D34441}\MapleStory.exe1_D17D8B97F937432F88BD382727D34441_1.exe

2009-06-17 09:05 . 2009-06-17 09:05 45056 ----a-r- c:\documents and settings\Gebruiker\Application Data\Microsoft\Installer\{D17D8B97-F937-432F-88BD-382727D34441}\MapleStory.exe_D17D8B97F937432F88BD382727D34441_2.exe

2009-06-17 09:05 . 2009-06-17 09:05 45056 ----a-r- c:\documents and settings\Gebruiker\Application Data\Microsoft\Installer\{D17D8B97-F937-432F-88BD-382727D34441}\ARPPRODUCTICON.exe

2009-06-17 09:03 . 2009-06-17 09:03 -------- d-----w- c:\program files\NEXON

2009-06-16 19:22 . 2009-06-16 19:22 -------- d-----w- c:\program files\Samsung

2009-06-10 06:28 . 2009-06-10 06:28 3510272 ----a-w- c:\windows\system32\nvgames.dll

2009-06-10 06:28 . 2009-06-10 06:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll

2009-06-10 06:28 . 2009-06-10 06:28 86016 ----a-w- c:\windows\system32\nvmctray.dll

2009-06-10 06:28 . 2009-06-10 06:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe

2009-06-10 06:28 . 2009-06-10 06:28 143360 ----a-w- c:\windows\system32\nvcolor.exe

2009-06-10 06:28 . 2009-06-10 06:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll

2009-06-10 06:28 . 2009-06-10 06:28 229376 ----a-w- c:\windows\system32\nvmccs.dll

2009-06-10 04:03 . 2009-06-10 04:03 9998336 ----a-w- c:\windows\system32\nvoglnt.dll

2009-06-10 04:03 . 2009-06-10 04:03 815104 ----a-w- c:\windows\system32\nvapi.dll

2009-06-10 04:03 . 2009-06-10 04:03 671744 ----a-w- c:\windows\system32\nvcuvid.dll

2009-06-10 04:03 . 2009-06-10 04:03 1720320 ----a-w- c:\windows\system32\nvcuda.dll

2009-06-10 04:03 . 2009-06-10 04:03 1580550 ----a-w- c:\windows\system32\nvdata.bin

2009-06-10 04:03 . 2009-06-10 04:03 151552 ----a-w- c:\windows\system32\nvcodins.dll

2009-06-10 04:03 . 2009-06-10 04:03 151552 ----a-w- c:\windows\system32\nvcod.dll

2009-06-10 04:03 . 2009-06-10 04:03 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll

2009-06-07 17:48 . 2009-06-07 17:48 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\TechSmith

2009-06-07 17:42 . 2009-06-07 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith

2009-06-07 17:40 . 2009-06-07 17:40 -------- d-----w- c:\program files\Common Files\TechSmith Shared

2009-06-07 17:40 . 2009-06-07 17:40 -------- d-----w- c:\program files\TechSmith

2009-05-31 18:34 . 2008-10-17 08:50 79104 ----a-w- c:\windows\system32\drivers\Mkd2Nadr.sys

2009-05-31 18:34 . 2008-10-17 08:50 131072 ----a-w- c:\windows\system32\drivers\Mkd2kfNT.sys

2009-05-31 18:33 . 2009-05-31 18:33 -------- d-----w- c:\program files\AhnLab

2009-05-31 16:59 . 2009-05-31 18:04 -------- d-----w- C:\download

2009-05-31 16:59 . 2009-05-31 16:59 -------- d-----w- C:\Nexon

2009-05-31 16:59 . 2009-06-17 08:44 421888 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe

2009-05-30 10:11 . 2009-05-30 10:11 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\Conduit

2009-05-30 10:09 . 2008-06-26 12:34 11776 ----a-w- c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\ruqhmrm8.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}-trash\components\FFAlert.dll

2009-05-30 10:08 . 2009-05-30 10:08 -------- d-----w- c:\program files\Conduit

2009-05-30 10:08 . 2009-06-01 11:24 -------- d-----w- c:\program files\Hotspot_Shield

2009-05-30 10:07 . 2009-05-30 10:15 -------- d-----w- c:\program files\Hotspot Shield

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-26 20:05 . 2008-06-12 14:11 137824 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2009-06-26 20:02 . 2009-03-15 14:56 81984 ----a-w- c:\windows\system32\bdod.bin

2009-06-26 19:55 . 2008-06-12 14:11 202032 -c--a-w- c:\windows\system32\PnkBstrB.exe

2009-06-26 11:41 . 2009-03-12 20:10 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\DNA

2009-06-26 11:41 . 2008-06-13 19:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-06-26 11:16 . 2009-03-12 20:10 -------- d-----w- c:\program files\DNA

2009-06-26 10:52 . 2009-01-06 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-06-26 09:05 . 2009-02-18 11:32 34 ----a-w- c:\documents and settings\Gebruiker\jagex_runescape_preferences.dat

2009-06-23 21:25 . 2008-12-29 20:02 1100 ----a-w- c:\windows\system32\d3d8caps.dat

2009-06-23 19:12 . 2008-06-12 14:11 66872 ----a-w- c:\windows\system32\PnkBstrA.exe

2009-06-23 18:56 . 2007-10-19 11:43 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-06-23 17:21 . 2008-08-18 14:15 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-06-16 19:37 . 2008-06-10 18:44 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys

2009-06-10 04:03 . 2008-08-05 07:56 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2009-06-10 04:03 . 2008-04-14 17:02 5908608 ----a-w- c:\windows\system32\nv4_disp.dll

2009-06-07 10:51 . 2009-01-04 15:26 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\TeamViewer

2009-06-01 11:24 . 2009-03-15 18:17 -------- d-----w- c:\program files\Advanced System Optimizer

2009-05-21 22:14 . 2009-05-21 22:14 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Obsidium

2009-05-18 15:41 . 2008-01-08 09:25 29744 ----a-w- c:\documents and settings\Gebruiker\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-05-17 15:08 . 2009-05-17 15:08 -------- d-----w- c:\program files\MSECache

2009-05-16 08:06 . 2009-05-16 08:06 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Xfire

2009-05-15 10:28 . 2009-05-15 10:28 -------- d-----w- c:\program files\NHN USA

2009-05-14 18:08 . 2009-05-14 18:08 27136 ----a-w- c:\windows\system32\drivers\tapvpn.sys

2009-05-14 13:46 . 2009-05-14 13:46 52105 ----a-w- c:\documents and settings\All Users\Application Data\IJJIGame\uninst.exe

2009-05-14 13:46 . 2009-05-14 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\IJJIGame

2009-05-13 05:06 . 2006-03-02 12:00 915456 ----a-w- c:\windows\system32\wininet.dll

2009-05-07 15:34 . 2006-03-02 12:00 347136 ----a-w- c:\windows\system32\localspl.dll

2009-04-29 21:19 . 2009-04-29 21:19 41808 ----a-w- c:\windows\system32\xfcodec.dll

2009-04-29 09:42 . 2009-04-23 13:57 -------- d-----w- c:\program files\TeamViewer

2009-04-28 07:55 . 2009-04-28 07:55 70936 ----a-w- c:\windows\system32\PhysXLoader.dll

2009-04-19 19:51 . 2006-03-02 12:00 1847296 ----a-w- c:\windows\system32\win32k.sys

2009-04-15 21:11 . 2006-03-02 12:00 585434 ----a-w- c:\windows\system32\perfh013.dat

2009-04-15 21:11 . 2006-03-02 12:00 116388 ----a-w- c:\windows\system32\perfc013.dat

2009-04-15 14:55 . 2006-03-02 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll

1999-05-23 22:17 . 1999-05-23 22:17 99840 -c--a-w- c:\program files\Common Files\IRAABOUT.DLL

1998-12-09 01:53 . 1998-12-09 01:53 70144 -c--a-w- c:\program files\Common Files\IRAMDMTR.DLL

1998-12-09 01:53 . 1998-12-09 01:53 48640 -c--a-w- c:\program files\Common Files\IRALPTTR.DLL

1998-12-09 01:53 . 1998-12-09 01:53 31744 -c--a-w- c:\program files\Common Files\IRAWEBTR.DLL

1998-12-09 01:53 . 1998-12-09 01:53 186368 -c--a-w- c:\program files\Common Files\IRAREG.DLL

1998-12-09 01:53 . 1998-12-09 01:53 17920 -c--a-w- c:\program files\Common Files\IRASRIAL.DLL

2009-03-05 16:08 . 2009-06-26 19:21 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll

.

------- Sigcheck -------

[7] 2006-03-02 12:00 14336 AB8C6D89A897BACBA4657FDF00E344A6 c:\windows\$NtServicePackUninstall$\svchost.exe

[7] 2008-04-14 17:03 14336 E410EC73E2BE2A41D923B006F51C8427 c:\windows\ServicePackFiles\i386\svchost.exe

[7] 2008-04-14 17:03 14336 E410EC73E2BE2A41D923B006F51C8427 c:\windows\system32\svchost.exe

[-] 2005-03-02 18:21 578560 0B62745CE93E8C6F56547F70269DBABC c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[-] 2007-03-08 15:51 579584 FA35431E333943F4B2A6D33FA4EE3CE9 c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll

[-] 2007-03-08 15:39 579072 CB18F701A5D55A6308FAB8D18322C060 c:\windows\$NtServicePackUninstall$\user32.dll

[7] 2006-03-02 12:00 578560 8E5D344FD717D35EE7ED1C8E0AD0CBE6 c:\windows\$NtUninstallKB890859$\user32.dll

[-] 2005-03-02 18:19 578560 A9F2EBFC6EF9C1FB38CEDCF747162B6C c:\windows\$NtUninstallKB925902$\user32.dll

[7] 2008-04-14 17:02 580096 4CF588D2F2363B73EB4AF57967D46DFF c:\windows\ServicePackFiles\i386\user32.dll

[7] 2008-04-14 17:02 580096 4CF588D2F2363B73EB4AF57967D46DFF c:\windows\system32\user32.dll

[7] 2006-03-02 12:00 82944 06EBCBE58321E924980148B7E3DBD753 c:\windows\$NtServicePackUninstall$\ws2_32.dll

[7] 2008-04-14 17:02 82432 520391367546218929749612ABFE840C c:\windows\ServicePackFiles\i386\ws2_32.dll

[7] 2008-04-14 17:02 82432 520391367546218929749612ABFE840C c:\windows\system32\ws2_32.dll

[-] 2008-02-16 09:33 669184 C683F6CF71EDFCB8708BDF2C5DD1BA13 c:\windows\$hf_mig$\KB947864\SP2QFE\wininet.dll

[7] 2008-04-21 06:58 669696 20238850AFE4A19A885CD5658433D60D c:\windows\$hf_mig$\KB950759\SP2QFE\wininet.dll

[7] 2008-04-21 06:57 669184 0E4C070B2D83D7D76CF2A0384FA50750 c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll

[7] 2008-04-21 06:41 669696 438F668DDACCAD59F934772EE894A704 c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll

[7] 2008-06-23 14:57 669696 AE1A6AEA7F65F452C0916FB1399D832E c:\windows\$hf_mig$\KB953838\SP3QFE\wininet.dll

[7] 2008-08-20 05:08 669696 F77FD23458C5C4C16C37667FDDDCECBA c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll

[7] 2008-08-26 09:12 827904 8B421DDF376F3D042EC616994E6E7896 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll

[7] 2008-10-16 01:06 670208 A9CB7C8F4FB538DCAA26FFF76C2F8F14 c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll

[7] 2008-12-20 23:49 827904 6A77C48E137A73FFD1408F1A71C5184C c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll

[7] 2009-03-03 00:17 828416 78B519AC87AD7256C24EF44279EFD694 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll

[7] 2009-04-29 04:40 828928 478A5E95C6121A98673EE33DFCBE3400 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll

[7] 2009-05-13 05:09 915456 4BF497D1787B9B72DB6083395A1789D8 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll

[7] 2008-04-21 07:03 662528 B3E4295CA4A5B3639DE3DA1F95E78F29 c:\windows\$NtServicePackUninstall$\wininet.dll

[7] 2006-03-02 12:00 659456 6C7E1322898378C30BCD9F779A2621EE c:\windows\$NtUninstallKB947864$\wininet.dll

[7] 2008-04-14 17:02 669184 80CA4DCDD3DAD65CB8800508076712E7 c:\windows\$NtUninstallKB950759$\wininet.dll

[-] 2008-02-16 09:05 662528 1D77F302BBFE2D407DD67C5CB098EA95 c:\windows\$NtUninstallKB950759_0$\wininet.dll

[7] 2008-04-21 06:57 669184 0E4C070B2D83D7D76CF2A0384FA50750 c:\windows\$NtUninstallKB953838$\wininet.dll

[7] 2008-06-23 15:12 669184 8ADFF2F029A90FED04A322CBF084F3EA c:\windows\$NtUninstallKB956390$\wininet.dll

[7] 2008-08-20 05:30 669184 BC9059433D2F0889A71E3CDFF5AB2F71 c:\windows\$NtUninstallKB958215$\wininet.dll

[7] 2008-10-16 01:02 669184 FD8DC8F2FA8C3F3CC00C99018AF1530C c:\windows\ie7\wininet.dll

[7] 2007-08-13 17:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\ie7updates\KB956390-IE7\wininet.dll

[7] 2008-08-26 08:27 826368 5A1BB22BDFE98B2639A6D29E8CFB3BA4 c:\windows\ie7updates\KB961260-IE7\wininet.dll

[7] 2008-12-20 23:03 826368 DB4777DBC853EAC790E3DBDB68FFB1A1 c:\windows\ie7updates\KB963027-IE7\wininet.dll

[7] 2009-03-03 00:16 826368 C2A37E9F4096B019694A7519C5FFB2A0 c:\windows\ie7updates\KB969897-IE7\wininet.dll

[7] 2009-04-29 04:49 827392 D5E276ADDE1400549B5678873A804E6F c:\windows\ie8\wininet.dll

[7] 2009-03-08 02:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\ie8updates\KB969897-IE8\wininet.dll

[7] 2008-04-14 17:02 669184 80CA4DCDD3DAD65CB8800508076712E7 c:\windows\ServicePackFiles\i386\wininet.dll

[7] 2008-12-20 23:03 826368 DB4777DBC853EAC790E3DBDB68FFB1A1 c:\windows\SoftwareDistribution\Download\4ebf42ddd964eeee041afdbedb6cbfc0\SP2GDR\wininet.dll

[7] 2008-12-20 23:49 827904 6A77C48E137A73FFD1408F1A71C5184C c:\windows\SoftwareDistribution\Download\4ebf42ddd964eeee041afdbedb6cbfc0\SP2QFE\wininet.dll

[-] 2008-03-01 13:05 826368 0BC8124D6EA627A1BB864094A43C2698 c:\windows\SoftwareDistribution\Download\7403589eaa88ea82d304ec630ba16553\SP2GDR\wininet.dll

[-] 2008-03-01 12:49 827392 1073283DC2D66C5539301BAEF0BCB442 c:\windows\SoftwareDistribution\Download\7403589eaa88ea82d304ec630ba16553\SP2QFE\wininet.dll

[7] 2009-05-13 05:06 915456 84A401C1C289056C4CC9E1A391DE91E3 c:\windows\SoftwareDistribution\Download\ba9ee71e2965db33798dc8d4cecc0a07\SP3GDR\wininet.dll

[7] 2009-05-13 05:09 915456 4BF497D1787B9B72DB6083395A1789D8 c:\windows\SoftwareDistribution\Download\ba9ee71e2965db33798dc8d4cecc0a07\SP3QFE\wininet.dll

[7] 2008-08-26 08:27 826368 5A1BB22BDFE98B2639A6D29E8CFB3BA4 c:\windows\SoftwareDistribution\Download\e1981c8d244d19a2ccd9e01b6e905cf6\SP2GDR\wininet.dll

[7] 2008-08-26 09:12 827904 8B421DDF376F3D042EC616994E6E7896 c:\windows\SoftwareDistribution\Download\e1981c8d244d19a2ccd9e01b6e905cf6\SP2QFE\wininet.dll

[7] 2009-05-13 05:06 915456 84A401C1C289056C4CC9E1A391DE91E3 c:\windows\system32\wininet.dll

[7] 2009-05-13 05:06 915456 84A401C1C289056C4CC9E1A391DE91E3 c:\windows\system32\dllcache\wininet.dll

[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys

[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys

[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys

[7] 2006-03-02 12:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB941644$\tcpip.sys

[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys

[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys

[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys

[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys

[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys

[7] 2006-03-02 12:00 504832 732ED791711DF9C9DD15E5515BC681B8 c:\windows\$NtServicePackUninstall$\winlogon.exe

[7] 2008-04-14 17:03 510464 1247D4D5444E28519BBE31BE8AB4C029 c:\windows\ServicePackFiles\i386\winlogon.exe

[7] 2008-04-14 17:03 510464 1247D4D5444E28519BBE31BE8AB4C029 c:\windows\system32\winlogon.exe

[7] 2006-03-02 12:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys

[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys

[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys

[7] 2006-03-02 12:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys

[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys

[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys

[-] 2005-03-02 18:14 2061312 C26D84B802567E629D42861A11C7EC04 c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

[-] 2007-02-28 16:09 2063744 F51B8D8B0703518349096604E788B83E c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe

[7] 2009-02-09 11:19 2070528 07EE73D79A7CA142463470AEF230082B c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe

[7] 2008-08-14 17:28 2070400 DE961B54D30C7DD6AA6C3BD27D584E30 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe

[-] 2007-02-28 16:05 2061952 57B09AD681C1D8DB77CCC3E92D8F5D14 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe

[7] 2006-03-02 12:00 2061184 E0399688D466B7C3AFDFFB5A2ED9F351 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe

[-] 2005-03-02 18:09 2061184 C6CF1974ACDB8329DAF9D001C0937CB0 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe

[7] 2008-08-14 13:27 2070400 C92E65CBB38161373319BB11340DE919 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe

[7] 2008-04-14 16:41 2070272 6129DA5C68C13DCA12E77580730FD770 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe

[7] 2009-02-10 17:10 2070400 6A94A7317E28B6543D94174F9016BB68 c:\windows\Driver Cache\i386\ntkrnlpa.exe

[7] 2008-04-14 16:41 2070272 6129DA5C68C13DCA12E77580730FD770 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe

[7] 2009-02-10 17:10 2070400 6A94A7317E28B6543D94174F9016BB68 c:\windows\system32\ntkrnlpa.exe

[7] 2009-02-10 17:10 2070400 6A94A7317E28B6543D94174F9016BB68 c:\windows\system32\dllcache\ntkrnlpa.exe

[-] 2005-03-02 18:15 2183936 5DB3E8DEC987B5D350E4A105DCEAEE6A c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

[-] 2007-02-28 16:09 2186496 59DCA97DC201792C1CCF9FE621EE5ED7 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe

[7] 2009-02-10 17:19 2193536 7625D5BAFD2A4A8458468B139C893BB7 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe

[7] 2008-08-14 17:28 2193536 E332B6DE826D4222A758E3264AD8D520 c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe

[-] 2007-02-28 16:05 2184704 CAAA8FD3C034A227691A43B60873F097 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe

[7] 2006-03-02 12:00 2185344 87AAEA3908E069FB1BE37380C895DFB8 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe

[-] 2005-03-02 18:09 2183680 281A1E82F5F8FC0B2F4B57EF296A4240 c:\windows\$NtUninstallKB931784$\ntoskrnl.exe

[7] 2008-08-14 13:27 2193536 3E5E63D926C5E9F81045F3646815D2A1 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe

[7] 2008-04-14 16:42 2193408 140A1BAD8A6642C1386BB5B388EB447F c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

[7] 2009-02-09 11:27 2193408 27380B877348030B0662A39C47AAEC11 c:\windows\Driver Cache\i386\ntoskrnl.exe

[7] 2008-04-14 16:42 2193408 140A1BAD8A6642C1386BB5B388EB447F c:\windows\ServicePackFiles\i386\ntoskrnl.exe

[7] 2009-02-09 11:27 2193408 27380B877348030B0662A39C47AAEC11 c:\windows\system32\ntoskrnl.exe

[7] 2009-02-09 11:27 2193408 27380B877348030B0662A39C47AAEC11 c:\windows\system32\dllcache\ntoskrnl.exe

[7] 2008-04-14 17:02 1037312 AA04F042A820BF1868E643575887E1A6 c:\windows\explorer.exe

[-] 2007-06-13 13:12 1036800 1D6245AFBD3FAABC16A885116BE1874D c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

[-] 2007-06-13 13:24 1036800 147E95A42A58CE99E403F7F57656BBEB c:\windows\$NtServicePackUninstall$\explorer.exe

[7] 2006-03-02 12:00 1035776 A1D7304A87FC3093150F5E3CC7B0F338 c:\windows\$NtUninstallKB938828$\explorer.exe

[7] 2008-04-14 17:02 1037312 AA04F042A820BF1868E643575887E1A6 c:\windows\ServicePackFiles\i386\explorer.exe

[7] 2009-02-09 11:19 111104 D98A222A707FFE40043E533FE7A6BA24 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe

[7] 2006-03-02 12:00 108544 39991CD3C17B7529D039151A88E84499 c:\windows\$NtServicePackUninstall$\services.exe

[7] 2008-04-14 17:03 109056 B77BC5CD88EB96D4352AF5202EC4AEC2 c:\windows\$NtUninstallKB956572$\services.exe

[7] 2008-04-14 17:03 109056 B77BC5CD88EB96D4352AF5202EC4AEC2 c:\windows\ServicePackFiles\i386\services.exe

[7] 2009-02-09 11:27 111104 657B69389B893F440B07590C9E963F23 c:\windows\system32\services.exe

[7] 2009-02-09 11:27 111104 657B69389B893F440B07590C9E963F23 c:\windows\system32\dllcache\services.exe

[7] 2006-03-02 12:00 13312 34A82DEBEFB057FCCCBE15F619FC98A7 c:\windows\$NtServicePackUninstall$\lsass.exe

[7] 2008-04-14 17:03 13312 8754210A3399D19610CE2D71E0C3E5D9 c:\windows\ServicePackFiles\i386\lsass.exe

[7] 2008-04-14 17:03 13312 8754210A3399D19610CE2D71E0C3E5D9 c:\windows\system32\lsass.exe

[7] 2006-03-02 12:00 15360 7DE46C9C40ABB58C8FDFE0212A3BF2B4 c:\windows\$NtServicePackUninstall$\ctfmon.exe

[7] 2008-04-14 17:02 15360 E98A8C802CDB31FCF4121D9DFBEA3677 c:\windows\ServicePackFiles\i386\ctfmon.exe

[7] 2008-04-14 17:02 15360 E98A8C802CDB31FCF4121D9DFBEA3677 c:\windows\system32\ctfmon.exe

[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe

[7] 2006-03-02 12:00 57856 CCCB8B94B17466EFB9DC27F42625B0E5 c:\windows\$NtUninstallKB896423$\spoolsv.exe

[7] 2008-04-14 17:03 57856 DB454135DE1A09FE7FEDA7B554B5CCA2 c:\windows\ServicePackFiles\i386\spoolsv.exe

[7] 2008-04-14 17:03 57856 DB454135DE1A09FE7FEDA7B554B5CCA2 c:\windows\system32\spoolsv.exe

[7] 2008-04-14 17:03 112128 FCACAD9819D9A698AC93A7188D97F355 c:\windows\ServicePackFiles\i386\wuauclt.exe

[7] 2008-10-16 13:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\wuauclt.exe

[7] 2008-10-16 13:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\dllcache\wuauclt.exe

[7] 2006-03-02 12:00 24576 DE7A0EE4A6A28E6DFE3118EB22468DA6 c:\windows\$NtServicePackUninstall$\userinit.exe

[7] 2008-04-14 17:03 26112 6818A533ED3B2FA9936DF3DAF45352DF c:\windows\ServicePackFiles\i386\userinit.exe

[7] 2008-04-14 17:03 26112 6818A533ED3B2FA9936DF3DAF45352DF c:\windows\system32\userinit.exe

[7] 2006-03-02 12:00 297472 E2CE999886A4636026F157DEB886AA94 c:\windows\$NtServicePackUninstall$\termsrv.dll

[7] 2008-04-14 17:02 297472 E0AEF86A594C9990D6321C5CA239C5B7 c:\windows\ServicePackFiles\i386\termsrv.dll

[7] 2008-04-14 17:02 297472 E0AEF86A594C9990D6321C5CA239C5B7 c:\windows\system32\termsrv.dll

[-] 2007-04-16 16:11 1027072 68757F5935D6D76DD10975B7B7A9751D c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll

[7] 2009-03-21 14:04 1032704 93E2307273AE7B2D5418E132902373A7 c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll

[-] 2007-04-16 15:54 1025536 6557EA471552BB9AF16B66902D572BD5 c:\windows\$NtServicePackUninstall$\kernel32.dll

[7] 2006-03-02 12:00 1024512 54379BD67780FDBBE1590EEC142A659C c:\windows\$NtUninstallKB935839$\kernel32.dll

[7] 2008-04-14 17:02 1030656 09BCB7171F8172C2BA0189FE1F9C25CB c:\windows\$NtUninstallKB959426$\kernel32.dll

[7] 2008-04-14 17:02 1030656 09BCB7171F8172C2BA0189FE1F9C25CB c:\windows\ServicePackFiles\i386\kernel32.dll

[7] 2009-03-21 14:09 1030656 CE7EFE07C7119C8CD09D953AD9ECA7CD c:\windows\system32\kernel32.dll

[7] 2009-03-21 14:09 1030656 CE7EFE07C7119C8CD09D953AD9ECA7CD c:\windows\system32\dllcache\kernel32.dll

[7] 2006-03-02 12:00 17408 D5A792DB732622A393A0469FE6EAA728 c:\windows\$NtServicePackUninstall$\powrprof.dll

[7] 2008-04-14 17:02 17408 32167CE0150DC2A269D99689A143FB67 c:\windows\ServicePackFiles\i386\powrprof.dll

[7] 2008-04-14 17:02 17408 32167CE0150DC2A269D99689A143FB67 c:\windows\system32\powrprof.dll

[7] 2006-03-02 12:00 110080 7ADE4584ED6657CAE3D523CF101992BD c:\windows\$NtServicePackUninstall$\imm32.dll

[7] 2008-04-14 17:02 110080 58211BB9D2F5C761BFB504C2BBBA8D99 c:\windows\ServicePackFiles\i386\imm32.dll

[7] 2008-04-14 17:02 110080 58211BB9D2F5C761BFB504C2BBBA8D99 c:\windows\system32\imm32.dll

[7] 2006-03-02 12:00 1548288 486594A19F7AEDEBEA600855FFD5E914 c:\windows\$NtServicePackUninstall$\sfcfiles.dll

[7] 2008-04-14 17:02 1571840 328CBDD2445F5B3A047644567EEB557F c:\windows\ServicePackFiles\i386\sfcfiles.dll

[7] 2008-04-14 17:02 1571840 328CBDD2445F5B3A047644567EEB557F c:\windows\system32\sfcfiles.dll

[7] 2006-03-02 12:00 25216 59549E9180CE29D832289E1A1D9E3C60 c:\windows\$NtServicePackUninstall$\kbdclass.sys

[7] 2008-04-14 16:39 25088 380397621E94B32C744E7B2CC1330390 c:\windows\ServicePackFiles\i386\kbdclass.sys

[7] 2008-04-14 16:39 25088 380397621E94B32C744E7B2CC1330390 c:\windows\system32\drivers\kbdclass.sys

.

((((((((((((((((((((((((((((( SnapShot@2009-06-26_19.06.44 )))))))))))))))))))))))))))))))))))))))))

.

+ 2006-12-01 22:08 . 2006-12-01 22:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll

- 2006-12-01 21:08 . 2006-12-01 21:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll

+ 2006-12-01 22:08 . 2006-12-01 22:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll

- 2006-12-01 21:08 . 2006-12-01 21:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll

- 2006-12-01 21:08 . 2006-12-01 21:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll

+ 2006-12-01 22:08 . 2006-12-01 22:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll

+ 2006-12-01 22:08 . 2006-12-01 22:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll

- 2006-12-01 21:08 . 2006-12-01 21:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll

+ 2006-12-01 22:08 . 2006-12-01 22:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll

- 2006-12-01 21:08 . 2006-12-01 21:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll

- 2006-12-01 21:08 . 2006-12-01 21:08 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll

+ 2006-12-01 22:08 . 2006-12-01 22:08 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll

+ 2006-12-01 22:08 . 2006-12-01 22:08 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll

- 2006-12-01 21:08 . 2006-12-01 21:08 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll

- 2006-12-01 21:08 . 2006-12-01 21:08 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll

+ 2006-12-01 22:08 . 2006-12-01 22:08 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll

+ 2006-12-01 22:08 . 2006-12-01 22:08 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll

- 2006-12-01 21:08 . 2006-12-01 21:08 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll

+ 2006-12-01 22:26 . 2006-12-01 22:26 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll

- 2006-12-01 21:26 . 2006-12-01 21:26 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll

- 2006-12-01 21:25 . 2006-12-01 21:25 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll

+ 2006-12-01 22:25 . 2006-12-01 22:25 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll

+ 2009-06-26 20:21 . 2009-06-26 20:21 16384 c:\windows\Temp\Perflib_Perfdata_20c.dat

+ 2002-01-05 01:38 . 2002-01-05 01:38 54784 c:\windows\system32\msvci70.dll

- 2002-01-05 00:38 . 2002-01-05 00:38 54784 c:\windows\system32\msvci70.dll

+ 2009-06-26 19:18 . 2009-06-26 19:18 57344 c:\windows\Installer\{A1FA92EE-84A3-447D-A6C6-4514B5936DC2}\texticon.exe

+ 2009-06-26 19:18 . 2009-06-26 19:18 22486 c:\windows\Installer\{A1FA92EE-84A3-447D-A6C6-4514B5936DC2}\register_icon.exe

+ 2009-06-26 19:18 . 2009-06-26 19:18 32768 c:\windows\Installer\{A1FA92EE-84A3-447D-A6C6-4514B5936DC2}\maintenance_icon.exe

+ 2009-06-26 19:18 . 2009-06-26 19:18 61440 c:\windows\Installer\{A1FA92EE-84A3-447D-A6C6-4514B5936DC2}\helpicon.exe

- 2006-12-01 19:54 . 2006-12-01 19:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll

+ 2006-12-01 20:54 . 2006-12-01 20:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll

+ 2006-12-01 20:54 . 2006-12-01 20:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll

- 2006-12-01 19:54 . 2006-12-01 19:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll

- 2006-12-01 19:54 . 2006-12-01 19:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll

+ 2006-12-01 20:54 . 2006-12-01 20:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll

+ 2007-01-31 12:50 . 2007-01-31 12:50 913408 c:\windows\system32\xreglib.dll

- 2009-06-26 18:46 . 2008-10-09 13:31 192512 c:\windows\system32\txmlutil.dll

+ 2008-10-09 14:31 . 2008-10-09 14:31 192512 c:\windows\system32\txmlutil.dll

- 2003-02-21 01:42 . 2003-02-21 16:42 348160 c:\windows\system32\msvcr71.dll

+ 2003-02-21 02:42 . 2003-02-21 02:42 348160 c:\windows\system32\msvcr71.dll

- 2002-01-04 23:37 . 2002-01-04 23:37 344064 c:\windows\system32\msvcr70.dll

+ 2002-01-05 00:37 . 2002-01-05 00:37 344064 c:\windows\system32\msvcr70.dll

+ 2003-03-18 18:14 . 2003-03-18 18:14 499712 c:\windows\system32\msvcp71.dll

- 2003-03-18 17:14 . 2003-03-18 17:14 499712 c:\windows\system32\msvcp71.dll

+ 2002-01-05 01:40 . 2002-01-05 01:40 487424 c:\windows\system32\msvcp70.dll

- 2002-01-05 00:40 . 2002-01-05 00:40 487424 c:\windows\system32\msvcp70.dll

+ 2002-01-05 01:36 . 2002-01-05 01:36 964608 c:\windows\system32\mfc70u.dll

- 2002-01-05 00:36 . 2002-01-05 00:36 964608 c:\windows\system32\mfc70u.dll

- 2002-01-05 00:48 . 2002-01-05 00:48 974848 c:\windows\system32\mfc70.dll

+ 2002-01-05 01:48 . 2002-01-05 01:48 974848 c:\windows\system32\mfc70.dll

+ 2008-12-10 18:42 . 2008-12-10 18:42 242184 c:\windows\system32\drivers\bdfsfltr.sys

+ 2008-09-18 10:09 . 2008-09-18 10:09 111112 c:\windows\system32\drivers\bdfm.sys

+ 2007-04-11 09:11 . 2007-04-11 09:11 511328 c:\windows\system32\capicom.dll

- 2007-04-11 08:11 . 2007-04-11 08:11 511328 c:\windows\system32\capicom.dll

+ 2006-12-01 22:25 . 2006-12-01 22:25 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll

- 2006-12-01 21:25 . 2006-12-01 21:25 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll

- 2006-12-01 21:25 . 2006-12-01 21:25 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll

+ 2006-12-01 22:25 . 2006-12-01 22:25 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll

+ 2003-03-18 19:12 . 2003-03-18 19:12 1047552 c:\windows\system32\mfc71u.dll

- 2003-03-18 18:12 . 2003-03-18 18:12 1047552 c:\windows\system32\mfc71u.dll

- 2003-03-18 18:20 . 2003-03-18 18:20 1060864 c:\windows\system32\mfc71.dll

+ 2003-03-18 19:20 . 2003-03-18 19:20 1060864 c:\windows\system32\mfc71.dll

.

-- Snapshot teruggezet naar huidige datum --

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"snpstd"="c:\windows\vsnpstd.exe" [2003-12-31 40960]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]

"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 172032]

"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-03-19 778240]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-02-23 69632]

"Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-03-23 14202368]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Poort voor Symantec Fax Starter Edition.lnk - c:\program files\Microsoft Office\Office\1043\OLFSNT40.EXE [1999-5-24 46077]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^RAID Manager.lnk]

backup=c:\windows\pss\RAID Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk]

backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Documents and Settings\\Gebruiker\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=

"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=

"c:\\ijji\\ENGLISH\\u_gunz.exe"=

"c:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=

"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=

"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=

"c:\\Program Files\\Softnyx\\RakionIS\\Bin\\rakion.bin"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"43594:TCP"= 43594:TCP:RSPS

"8085:TCP"= 8085:TCP:sys

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [19-10-2007 13:43 25105]

R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [18-9-2008 12:09 111112]

S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [20-1-2009 19:16 172032]

S3 DAEDriver54;DAEDriver54;c:\windows\SoftwareDistribution\DataStore\Logs\dak32.sys [13-11-2008 17:11 29696]

S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [31-5-2009 20:34 131072]

S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [31-5-2009 20:34 79104]

S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [7-1-2008 10:37 25088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bdx REG_MULTI_SZ scan

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.dufpy.com

uInternet Settings,ProxyOverride = *.local

FF - ProfilePath - c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\ruqhmrm8.default\

FF - prefs.js: browser.startup.homepage - about:blank

FF - component: c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\ruqhmrm8.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\FFExternalAlert.dll

FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll

FF - plugin: c:\program files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiCHPlugin.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-26 22:21

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32]

@DACL=(02 0000)

@="c:\\Program Files\\IESurfBar\\SurfLite Toolbar\\tbhelper.dll"

"ThreadingModel"="both"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ProgID]

@DACL=(02 0000)

@="URLSearchHook.ToolbarURLSearchHook.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\TypeLib]

@DACL=(02 0000)

@="{4509D3CC-B642-4745-B030-645B79522C6D}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VersionIndependentProgID]

@DACL=(02 0000)

@="URLSearchHook.ToolbarURLSearchHook"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(984)

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

c:\program files\BitDefender\BitDefender 2009\vsserv.exe

c:\windows\system32\drivers\CDAC11BA.EXE

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\windows\system32\rundll32.exe

c:\program files\BitDefender\BitDefender 2009\seccenter.exe

.

**************************************************************************

.

Voltooingstijd: 2009-06-26 22:32 - machine werd herstart

ComboFix-quarantined-files.txt 2009-06-26 20:32

ComboFix2.txt 2009-06-26 19:12

Pre-Run: 49.782.505.472 bytes beschikbaar

Post-Run: 49.797.365.760 bytes beschikbaar

506 --- E O F --- 2009-06-26 18:43

Ik heb er geen problemen meer mee, Is verder mijn hele computer schoon of kunnen jullie dat niet zien met alleen een hijack this logje? omdat ik graag mijn syusteem herstel even wil resetten. alvast bedankt voor alles. hier nog een hijack this logje in geval van nodig :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:20:37, on 27-6-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE

C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dufpy.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll

O4 - HKLM\..\Run: [snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"

O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209365616640

O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selftest/nl/Prg/ESTPTest.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe

O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--

End of file - 6883 bytes

kweezie wabbit · 27 juni 2009

Wat je nu nog kan doen is het register opschonen met CCleaner

Download CCleaner. Bovenaan de groene kolom klikken op “download the latest version”.
Installeer CCleaner.

Selecteer “Nederlands” bij de taalkeuze.

Klik op “volgende”

Klik op “akkoord”

Klik op “volgende”

Nu krijg je een kader met 6 keuzevakjes.
Laat enkel 1,2 en 5 aangevinkt staan.

Klik op “installeren”.

Klik op “voltooien”

Start CCleaner met het icoontje op je bureaublad.

In de linkerkolom klik je op “register”.

Klik onderaan op de knop “scan naar problemen” wacht tot het scannen gedaan is.

Klik dan op de knop “herstel geselecteerde problemen”.

Op de vraag of een backup moet bewaard worden antwoord je “ja” en je bepaalt waar de backup moet bewaard worden (best een nieuwe map aanmaken hiervoor).

Klik dan op de knop “herstel alle geselecteerde fouten” en bevestig met “ok”.

Klik op “sluit”.

Herhaal de procedure van scannen en herstellen tot er geen fouten meer gevonden worden.

Sluit CCleaner.

kape · 27 juni 2009

De suggestie van Kweezie Wabbit is slechts de helft van het verhaal ... je moet nog iets meer doen om de resten van de besmetting op te ruimen :

Verwijder Combofix: Start -> Uitvoeren en typ: combofix /u

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Download CCleaner.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Opschonen'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

That's it !

Inloggen

[OPGELOST] hijack this logje. system secutiry 2009?

Aanbevolen berichten

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Welkom op PC Helpforum

Leden statistieken

OVER ONS

SITEMAP

Belangrijke informatie