Ga naar inhoud

[OPGELOST] virus of iets anders?


Gast capronicus

Aanbevolen berichten

Gast capronicus

Onlangs een blue screen gekregen tijdens start-up, bleef niet erg lang maar verscheen daarna niet meer, tevens start pc niet zo snel meer op (enkele minuten verschil), en begin me zo een beetje zorgen te maken aangezien er wel wat dingetjes scheef beginnen te lopen (anitvirus start niet meer op)

en nog zo van die dingen, aangezien ik het zelf niet opgelost krijg vraag ik bij deze vriendelijk wat hulp :bawling:

alvast logje van Hijack this

---------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:40:19, on 7/07/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Rainmeter\Rainmeter.exe

C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

C:\Program Files\Xfire\Xfire.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\PC Tools AntiVirus\PCTAV.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://be.msn.com/default.aspx/?lang=nl-be

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe

O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--

End of file - 5340 bytes

---------- Post added at 14:46 ---------- Previous post was at 14:44 ----------

ik krijg ondertss firefox niet meer opgestart

Link naar reactie
Delen op andere sites

Download Combofix naar je Bureaublad.

Lees hier meer over correct gebruik van Combofix.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!


  • Dubbelklik op Combofix.exe om het te starten.
    Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
    Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
    Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
    Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
    Klik na afloop terug op Ja om het scannen op malware te starten.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.

Link naar reactie
Delen op andere sites

Gast capronicus

ComboFix 09-07-06.03 - Seppe 07/07/2009 16:04.3 - NTFSx86

Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.32.1033.18.3326.1830 [GMT 2:00]

Gestart vanuit: c:\users\Seppe\Downloads\ComboFix.exe

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\System

c:\system\d3drm.dll

c:\system\win_qs8.jqx

c:\users\Seppe\AppData\Local\Temp\swt-gdip-win32-3448.dll

c:\users\Seppe\AppData\Local\Temp\swt-win32-3448.dll

c:\windows\system32\ATIODCLI.exe

c:\windows\system32\ATIODE.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-06-07 to 2009-07-07 ))))))))))))))))))))))))))))))

.

2009-07-02 18:55 . 2009-07-02 18:55 41808 ----a-w- c:\windows\system32\xfcodec.dll

2009-06-26 10:49 . 2009-06-26 11:01 -------- d-----w- c:\program files\Age Of Empires 2 & The Conquerors Expansion - Full Game

2009-06-21 08:54 . 2008-10-15 04:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll

2009-06-21 08:54 . 2008-10-15 04:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll

2009-06-21 08:54 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll

2009-06-19 07:33 . 2009-06-19 07:33 8457 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp DSP Effects.dat

2009-06-19 07:33 . 2009-06-19 07:33 13281 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat

2009-06-19 07:33 . 2009-06-19 07:33 -------- d-----w- c:\program files\Illustrate

2009-06-16 06:42 . 2009-06-16 06:42 -------- d-----w- c:\windows\system32\Futuremark

2009-06-16 06:42 . 2009-06-16 06:42 -------- d-----w- c:\program files\Common Files\Futuremark Shared

2009-06-16 06:42 . 2008-09-17 13:14 27672 ----a-r- c:\windows\system32\drivers\Entech.sys

2009-06-16 06:41 . 2009-06-16 06:41 -------- d-----w- c:\windows\Sun

2009-06-16 05:46 . 2009-03-26 23:16 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys

2009-06-16 05:46 . 2009-06-16 05:46 -------- d-----w- c:\program files\CPUID

2009-06-15 07:30 . 2009-06-15 08:17 -------- d-----w- C:\Root

2009-06-15 07:30 . 2009-06-15 08:35 -------- d-----w- c:\program files\Activision

2009-06-15 07:00 . 2009-06-15 07:00 -------- d-sh--w- c:\windows\ftpcache

2009-06-14 09:16 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll

2009-06-14 09:16 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll

2009-06-12 21:06 . 2009-06-12 21:06 -------- d-----w- c:\program files\LucasArts

2009-06-12 21:03 . 2009-06-12 21:03 -------- d-----w- c:\program files\Microsoft WSE

2009-06-12 20:51 . 2009-06-12 20:51 -------- d-----w- c:\program files\Electronic Arts

2009-06-11 04:40 . 2005-01-03 15:43 4682 ----a-w- c:\windows\system32\npptNT2.sys

2009-06-11 04:40 . 2009-06-11 04:40 -------- d-----w- c:\program files\Common Files\INCA Shared

2009-06-08 14:22 . 2009-06-08 14:22 -------- d-----w- c:\programdata\WindowsSearch

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-07 14:14 . 2009-02-13 15:11 -------- d-----w- c:\program files\Steam

2009-07-07 14:13 . 2009-04-06 08:43 -------- d-----w- c:\program files\PC Tools AntiVirus

2009-07-07 06:36 . 2009-05-17 16:13 -------- d-----w- c:\program files\Empire.Total.War-KaOs

2009-07-07 06:17 . 2009-02-13 13:19 -------- d-----w- c:\programdata\Xfire

2009-07-07 06:17 . 2009-02-13 13:19 -------- d-----w- c:\program files\Xfire

2009-07-06 21:15 . 2009-04-13 15:20 -------- d--h--w- c:\programdata\~0

2009-07-06 21:10 . 2009-02-15 22:17 -------- d-----w- c:\program files\EA Games

2009-07-06 21:05 . 2009-02-21 09:47 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-07-03 09:30 . 2009-02-13 13:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-07-03 09:30 . 2009-03-28 10:58 3561743 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-07-03 07:12 . 2009-02-13 15:18 -------- d-----w- c:\program files\Common Files\Steam

2009-07-02 19:05 . 2009-05-29 18:50 623758 ----a-w- c:\windows\system32\perfh007.dat

2009-07-02 19:05 . 2009-05-29 18:50 129388 ----a-w- c:\windows\system32\perfc007.dat

2009-07-02 19:05 . 2009-05-29 18:50 674588 ----a-w- c:\windows\system32\perfh00C.dat

2009-07-02 19:05 . 2009-05-29 18:50 130180 ----a-w- c:\windows\system32\perfc00C.dat

2009-07-02 19:05 . 2009-05-29 16:39 680816 ----a-w- c:\windows\system32\perfh013.dat

2009-07-02 19:05 . 2009-05-29 16:39 133512 ----a-w- c:\windows\system32\perfc013.dat

2009-07-02 19:05 . 2008-02-05 17:18 659302 ----a-w- c:\windows\system32\perfh019.dat

2009-07-02 19:05 . 2008-02-05 17:18 132690 ----a-w- c:\windows\system32\perfc019.dat

2009-06-19 07:33 . 2009-05-06 18:17 2433400 ----a-w- c:\windows\system32\SpoonUninstall.exe

2009-06-17 09:27 . 2009-02-13 13:12 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-06-17 09:27 . 2009-02-13 13:12 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-06-14 13:42 . 2009-02-13 20:17 -------- d-----w- c:\programdata\Microsoft Help

2009-06-14 12:32 . 2009-06-06 17:22 -------- d-----w- c:\program files\Wolfenstein - Enemy Territory

2009-06-14 11:44 . 2009-06-04 18:42 138520 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2009-06-14 11:44 . 2009-06-04 18:42 189640 ----a-w- c:\windows\system32\PnkBstrB.exe

2009-06-06 22:08 . 2009-06-06 22:00 -------- d-----w- c:\programdata\NexonEU

2009-06-06 22:00 . 2009-06-06 22:00 98304 ----a-w- c:\programdata\NexonEU\NGM\nxgameeu.dll

2009-06-06 22:00 . 2009-06-06 22:00 81920 ----a-w- c:\programdata\NexonEU\NGM\npNxGameeu.dll

2009-06-06 22:00 . 2009-06-06 22:00 532480 ----a-w- c:\programdata\NexonEU\NGM\NGMDll.dll

2009-06-06 22:00 . 2009-06-06 22:00 331776 ----a-w- c:\programdata\NexonEU\NGM\NGMResource.dll

2009-06-06 22:00 . 2009-06-06 22:00 258352 ----a-w- c:\programdata\NexonEU\NGM\unicows.dll

2009-06-06 22:00 . 2009-06-06 22:00 155648 ----a-w- c:\programdata\NexonEU\NGM\NGM.exe

2009-06-06 21:35 . 2009-06-06 21:35 421888 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe

2009-06-06 21:20 . 2009-06-06 21:20 98304 ----a-w- c:\programdata\NexonUS\NGM\nxgameus.dll

2009-06-06 21:20 . 2009-06-06 21:20 81920 ----a-w- c:\programdata\NexonUS\NGM\npNxGameUS.dll

2009-06-06 21:20 . 2009-06-06 21:20 520192 ----a-w- c:\programdata\NexonUS\NGM\NGMDll.dll

2009-06-06 21:20 . 2009-06-06 21:20 335872 ----a-w- c:\programdata\NexonUS\NGM\NGMResource.dll

2009-06-06 21:20 . 2009-06-06 21:20 258352 ----a-w- c:\programdata\NexonUS\NGM\unicows.dll

2009-06-06 21:20 . 2009-06-06 21:20 167936 ----a-w- c:\programdata\NexonUS\NGM\NGM.exe

2009-06-06 21:20 . 2009-06-06 21:20 -------- d-----w- c:\programdata\NexonUS

2009-06-06 20:47 . 2009-06-06 20:47 -------- d-----w- c:\programdata\PMB Files

2009-06-06 20:47 . 2009-06-06 20:47 -------- d-----w- c:\program files\Pando Networks

2009-06-05 19:10 . 2009-04-20 21:47 -------- d-----w- c:\program files\Windows Live Safety Center

2009-06-04 18:42 . 2009-06-04 18:42 794408 ----a-w- c:\windows\system32\pbsvc.exe

2009-06-04 18:42 . 2009-06-04 18:42 75064 ----a-w- c:\windows\system32\PnkBstrA.exe

2009-06-01 09:42 . 2009-02-13 19:03 -------- d-----w- c:\program files\Windows Live

2009-05-31 11:49 . 2009-05-31 11:49 -------- d-----w- c:\program files\Common Files\PX Storage Engine

2009-05-31 11:48 . 2009-05-31 11:48 -------- d-----w- c:\program files\Google

2009-05-30 17:17 . 2009-03-02 19:42 -------- d-----w- c:\program files\Rainmeter

2009-05-29 17:03 . 2009-05-29 18:50 36916 ----a-w- c:\windows\system32\perfd007.dat

2009-05-29 17:03 . 2009-05-29 18:50 290748 ----a-w- c:\windows\system32\perfi007.dat

2009-05-29 17:03 . 2009-05-29 18:40 36916 ----a-w- c:\windows\inf\PERFLIB\0407\perfd.dat

2009-05-29 17:03 . 2009-05-29 18:40 36916 ----a-w- c:\windows\inf\PERFLIB\0407\perfc.dat

2009-05-29 17:03 . 2009-05-29 18:40 290748 ----a-w- c:\windows\inf\PERFLIB\0407\perfi.dat

2009-05-29 17:03 . 2009-05-29 18:40 290748 ----a-w- c:\windows\inf\PERFLIB\0407\perfh.dat

2009-05-29 16:47 . 2009-02-13 20:21 -------- d-----w- c:\program files\Microsoft Works

2009-05-29 16:38 . 2009-05-29 16:39 41976 ----a-w- c:\windows\system32\perfd013.dat

2009-05-29 16:38 . 2009-05-29 16:39 336440 ----a-w- c:\windows\system32\perfi013.dat

2009-05-29 16:38 . 2009-05-29 16:38 41976 ----a-w- c:\windows\inf\PERFLIB\0413\perfd.dat

2009-05-29 16:38 . 2009-05-29 16:38 41976 ----a-w- c:\windows\inf\PERFLIB\0413\perfc.dat

2009-05-29 16:38 . 2009-05-29 16:38 336440 ----a-w- c:\windows\inf\PERFLIB\0413\perfi.dat

2009-05-29 16:38 . 2009-05-29 16:38 336440 ----a-w- c:\windows\inf\PERFLIB\0413\perfh.dat

2009-05-26 16:47 . 2009-05-26 16:47 -------- d-----w- c:\program files\Common Files\SWF Studio

2009-05-26 05:24 . 2009-02-14 11:11 -------- d-----w- c:\program files\SystemRequirementsLab

2009-05-23 18:40 . 2009-05-23 18:40 -------- d-----w- c:\programdata\ATI

2009-05-23 18:40 . 2009-02-13 12:52 -------- d-----w- c:\program files\ATI

2009-05-23 18:32 . 2009-02-13 12:52 -------- d-----w- c:\program files\ATI Technologies

2009-05-22 09:02 . 2009-05-22 09:02 -------- d-----w- c:\program files\Games

2009-05-18 17:51 . 2009-05-16 09:28 -------- d-----w- c:\program files\SmartDraw 2009

2009-05-11 16:12 . 2009-05-11 16:12 0 ----a-w- C:\ntuser.dat

2009-05-09 05:50 . 2009-06-10 09:23 915456 ----a-w- c:\windows\system32\wininet.dll

2009-05-09 05:34 . 2009-06-10 09:23 71680 ----a-w- c:\windows\system32\iesetup.dll

2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr

2009-04-29 03:31 . 2009-04-29 03:31 4491776 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2009-04-29 02:08 . 2009-04-29 02:08 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2009-04-29 02:08 . 2009-04-29 02:08 303104 ----a-w- c:\windows\system32\atieclxx.exe

2009-04-29 02:07 . 2009-04-29 02:07 176128 ----a-w- c:\windows\system32\atiesrxx.exe

2009-04-29 02:06 . 2009-01-14 05:02 159744 ----a-w- c:\windows\system32\atitmmxx.dll

2009-04-29 02:06 . 2009-01-14 05:01 356352 ----a-w- c:\windows\system32\atipdlxx.dll

2009-04-29 02:05 . 2009-04-29 02:05 278528 ----a-w- c:\windows\system32\Oemdspif.dll

2009-04-29 02:05 . 2009-04-29 02:05 11776 ----a-w- c:\windows\system32\atimuixx.dll

2009-04-29 02:05 . 2009-04-29 02:05 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2009-04-29 02:02 . 2009-04-29 02:02 2428928 ----a-w- c:\windows\system32\atidxx32.dll

2009-04-29 01:52 . 2009-01-14 04:44 3082752 ----a-w- c:\windows\system32\atiumdag.dll

2009-04-29 01:41 . 2009-04-29 01:41 11559424 ----a-w- c:\windows\system32\atioglxx.dll

2009-04-29 01:37 . 2009-01-14 04:22 4963840 ----a-w- c:\windows\system32\atiumdva.dll

2009-04-29 01:25 . 2009-04-29 01:25 51712 ----a-w- c:\windows\system32\atimpc32.dll

2009-04-29 01:25 . 2009-04-29 01:25 51712 ----a-w- c:\windows\system32\amdpcom32.dll

2009-04-29 01:24 . 2009-04-29 01:24 163840 ----a-w- c:\windows\system32\atiadlxx.dll

2009-04-29 01:22 . 2009-04-29 01:22 53248 ----a-w- c:\windows\system32\aticalrt.dll

2009-04-29 01:22 . 2009-04-29 01:22 53248 ----a-w- c:\windows\system32\aticalcl.dll

2009-04-29 01:20 . 2009-04-29 01:20 3293184 ----a-w- c:\windows\system32\aticaldd.dll

2009-04-29 01:11 . 2009-04-29 01:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2009-04-28 20:15 . 2009-04-28 20:15 531 ----a-w- c:\windows\eReg.dat

2009-04-24 05:43 . 2009-04-24 05:43 95544 ----a-w- c:\windows\system32\drivers\AtiHdmi.sys

2009-04-23 12:43 . 2009-06-10 09:23 784896 ----a-w- c:\windows\system32\rpcrt4.dll

2009-04-23 12:42 . 2009-06-10 09:23 636928 ----a-w- c:\windows\system32\localspl.dll

2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w- c:\windows\system32\xlive.dll

2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files\steam\steam.exe" [2009-06-11 1217784]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-28 61440]

c:\users\Seppe\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\

Multiclicker - Shortcut.lnk - c:\users\Seppe\Downloads\Autoclicker\Multiclicker\Multiclicker.jar [2009-5-13 421088]

Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2006-1-21 118784]

Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-2-15 3581680]

Xfire.lnk - c:\program files\Xfire\Xfire.exe [2009-7-2 3190096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /r \??\m:\0autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Vuze.lnk]

backup=c:\windows\pss\Vuze.lnk.CommonStartup

backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2173211156-1617119053-3617723833-1000]

"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"TCP Query User{2B472955-341F-49AF-9C2B-FB694E00694F}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{91D928D9-FAC6-4965-BD8F-0122B6BC2B96}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{4F772B06-4A9F-4923-928B-EB2D1037DF6B}c:\\program files\\steam\\steamapps\\capronicus\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\capronicus\counter-strike source\hl2.exe:hl2

"UDP Query User{49AA79F9-52F0-4F34-AADB-4E093E4F82E1}c:\\program files\\steam\\steamapps\\capronicus\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\capronicus\counter-strike source\hl2.exe:hl2

"{A60D3307-60CB-4CFE-AE7C-51BEA6C092C9}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{84939BE0-B785-4F8E-9E9B-F660A60ECAFE}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{C2B8DF65-0C43-4D37-B2E8-02A342946288}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{52D4234A-D993-4DEF-A44D-4AD198A461B6}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{19F4F152-5FE6-41DD-8508-FAB5DD827A00}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"TCP Query User{27C0330C-F297-4989-B4D6-9A0A27779006}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus

"UDP Query User{B2493C4F-600D-47BE-9D47-45BED40EAB9D}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus

"{42576958-BADA-4CFB-88FA-3A8EEA86F913}"= UDP:5353:Adobe CSI CS4

"{E9EB19C1-3962-4DF6-B4DE-11A66E1076C6}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

"{CDFA765E-CB2A-4488-9B7C-24CE178768A6}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

"TCP Query User{58EDEAB2-539A-49BE-BD6F-B125B86B196B}c:\\users\\seppe\\downloads\\utorrent(2).exe"= UDP:c:\users\seppe\downloads\utorrent(2).exe:utorrent(2).exe

"UDP Query User{999D3B95-A3F2-4E03-B9F1-73D987725CDB}c:\\users\\seppe\\downloads\\utorrent(2).exe"= TCP:c:\users\seppe\downloads\utorrent(2).exe:utorrent(2).exe

"TCP Query User{5BDC3C58-B176-4E1E-BAE5-88E57C2AFBD9}c:\\program files\\globalstar software\\school tycoon\\schooltycoon.exe"= UDP:c:\program files\globalstar software\school tycoon\schooltycoon.exe:SchoolTycoon

"UDP Query User{25085926-C2AD-457F-B844-C8BE2A78D1CF}c:\\program files\\globalstar software\\school tycoon\\schooltycoon.exe"= TCP:c:\program files\globalstar software\school tycoon\schooltycoon.exe:SchoolTycoon

"TCP Query User{391C575E-EF34-48B4-BDED-CB5124251D5B}c:\\program files\\globalstar software\\mall tycoon\\mall.exe"= UDP:c:\program files\globalstar software\mall tycoon\mall.exe:mall

"UDP Query User{871BC957-80A6-43C0-B544-460326C87E4D}c:\\program files\\globalstar software\\mall tycoon\\mall.exe"= TCP:c:\program files\globalstar software\mall tycoon\mall.exe:mall

"TCP Query User{72B597A6-99E4-4163-B029-F3C88BEEED7C}c:\\program files\\global star software\\airport tycoon 3\\at3.exe"= UDP:c:\program files\global star software\airport tycoon 3\at3.exe:at3

"UDP Query User{AF88DCF9-25EC-4183-BCFC-1C05BC208628}c:\\program files\\global star software\\airport tycoon 3\\at3.exe"= TCP:c:\program files\global star software\airport tycoon 3\at3.exe:at3

"{A9E18A82-0796-48DF-BF24-EDB215884C1C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{422B9248-660A-40A2-9CD7-3EE1F05EDD43}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"TCP Query User{F2891369-0F66-454B-9FC9-69E825545198}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire

"UDP Query User{5F1954E7-3AFA-4643-BA19-0B0B12CAA1AB}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire

"{070A0F7E-62F2-4CFA-86C2-6F8B28E6A067}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{EEA15B89-0F83-48FF-8E06-FE280E3DA1BA}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"{863AA783-85E4-4D61-8BD1-BD691145FCD3}"= UDP:c:\program files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2

"{8635A537-B0E3-4F96-9957-749395E39111}"= TCP:c:\program files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2

"{D90E9EE7-C987-423B-B51B-85292FBACEE3}"= UDP:c:\users\Seppe\Games\Tom Clancy's H.A.W.X\HAWX.exe:Tom_Clancy's_H.A.W.X_1

"{17DEC3F5-37EC-4EF3-B3A2-E81E290A5453}"= TCP:c:\users\Seppe\Games\Tom Clancy's H.A.W.X\HAWX.exe:Tom_Clancy's_H.A.W.X_1

"{0B123EA7-D72C-4EE4-BAC8-5A3DBC07911A}"= UDP:c:\users\Seppe\Games\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom_Clancy's_H.A.W.X_2

"{CFC4B098-38D0-4C84-BCAE-55274CD6BCAD}"= TCP:c:\users\Seppe\Games\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom_Clancy's_H.A.W.X_2

"{FF7D9662-04B0-453A-9270-C4E66D74E712}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{304F2AD7-E565-4787-B627-B6FA9C5276A4}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{E06D5DBC-B34B-41E1-A453-37E142BF7F3A}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{A1AB407F-ACDC-4098-B9EB-58D54D5A351A}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{B8BE1B49-4908-4BD5-97D9-FB1A52717CFB}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster

"{FADA85C0-E68A-4661-9FA5-D926856C83A0}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster

"{52E5EFC5-428C-45A1-9127-08DCD672AF38}"= UDP:58754:Pando Media Booster

"{0051F787-09C0-478B-AC1D-FBFD3CB6A27D}"= TCP:58754:Pando Media Booster

"{0363C5F2-6401-4246-BFAC-B18D10026D9F}"= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager

"{79E466C2-632B-42DC-A1B9-17E5EBA6CE0A}"= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager

"{86C6CA9F-532E-42FF-8661-0B19D706E0E9}"= UDP:c:\programdata\NexonEU\NGM\NGM.exe:Nexon Game Manager

"{5CE25A84-2065-40AE-8179-1D343FFACD08}"= TCP:c:\programdata\NexonEU\NGM\NGM.exe:Nexon Game Manager

"{41188A5A-C84B-4CD3-8B3C-344AF0D737CF}"= UDP:c:\nexon\Combat Arms EU\NMService.exe:Nexon Messenger Core

"{A2AAD524-CE5A-4810-BF6D-66CBB6B4A5DE}"= TCP:c:\nexon\Combat Arms EU\NMService.exe:Nexon Messenger Core

"{F4E55DE5-8FE8-41DE-910E-8EDB83C6F62D}"= UDP:c:\program files\Activision\Prototype\prototypef.exe:Prototype

"{2AFA9AAB-9068-45C2-BA8C-9FED6B703D8A}"= TCP:c:\program files\Activision\Prototype\prototypef.exe:Prototype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\Nexon\\Combat Arms\\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"c:\\Nexon\\Combat Arms\\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

"c:\\Nexon\\Combat Arms EU\\CombatArms.exe"= c:\nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe

"c:\\Nexon\\Combat Arms EU\\Engine.exe"= c:\nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [29/04/2009 4:07 176128]

R2 wmcmgc;Windows Management Configuration;c:\windows\System32\svchost.exe -k netsvcs [21/01/2008 4:21 21504]

R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\System32\drivers\AtiHdmi.sys [24/04/2009 7:43 95544]

S3 cpuz132;cpuz132;c:\windows\System32\drivers\cpuz132_x32.sys [16/06/2009 7:46 12672]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\System32\drivers\s115bus.sys [23/04/2007 14:54 83208]

S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\System32\drivers\s115mdfl.sys [23/04/2007 14:54 15112]

S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\System32\drivers\s115mdm.sys [23/04/2007 14:54 108680]

S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s115mgmt.sys [23/04/2007 14:54 100488]

S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\System32\drivers\s115obex.sys [23/04/2007 14:54 98568]

S4 ASKService;ASKService; [x]

S4 ASKUpgrade;ASKUpgrade; [x]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

wmcmgc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]

%SystemRoot%\system32\soundschemes.exe /AddRegistration

.

Inhoud van de 'Gedeelde Taken' map

2009-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2173211156-1617119053-3617723833-1000Core.job

- c:\users\Seppe\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-16 12:26]

2009-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2173211156-1617119053-3617723833-1000UA.job

- c:\users\Seppe\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-16 12:26]

2009-07-07 c:\windows\Tasks\SDMsgUpdate (TE).job

- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-05-16 05:29]

2009-04-05 c:\windows\Tasks\Uniblue SpyEraser.job

- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2009-04-05 06:23]

2009-07-06 c:\windows\Tasks\User_Feed_Synchronization-{463EAFF3-D343-4801-A30B-8E7C4C844514}.job

- c:\windows\system32\msfeedssync.exe [2009-05-29 11:31]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Seppe\AppData\Roaming\Mozilla\Firefox\Profiles\zw1y802j.default\

FF - prefs.js: browser.startup.homepage - google.be

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

**************************************************************************

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-2173211156-1617119053-3617723833-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:e3,bf,16,c6,7b,fe,c0,af,45,eb,66,4f,a0,30,e1,df,56,dc,c7,c0,ea,da,17,

07,fe,00,b1,7d,be,83,16,f9,e3,dc,4c,eb,fb,c1,2c,f4,5f,a7,92,a2,fb,69,e4,f3,\

"??"=hex:bf,46,ec,79,c9,a0,b3,e4,82,c3,a1,5a,a6,0c,eb,46

[HKEY_USERS\S-1-5-21-2173211156-1617119053-3617723833-1000\Software\SecuROM\License information*]

@Allowed: (Read) (RestrictedCode)

"datasecu"=hex:8b,70,97,13,32,5a,44,d8,9b,6b,11,9b,fc,0c,ca,04,9a,93,f9,1b,4a,

af,97,37,04,77,23,3d,c1,b7,c7,0c,3f,f1,45,6e,8e,03,2f,36,c7,11,26,fb,22,bc,\

"rkeysecu"=hex:5f,2a,52,f5,ab,d7,d8,f6,2a,19,19,5e,b3,78,4e,0e

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(1712)

c:\program files\Stardock\ObjectDock\DockShellHook.dll

c:\program files\Xfire\xfire_toucan_37857.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\System32\audiodg.exe

c:\windows\System32\atieclxx.exe

c:\windows\System32\conime.exe

c:\windows\System32\CISVC.EXE

c:\windows\System32\PnkBstrA.exe

c:\windows\servicing\TrustedInstaller.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\System32\wbem\unsecapp.exe

c:\program files\Common Files\Steam\SteamService.exe

.

**************************************************************************

.

Voltooingstijd: 2009-07-07 16:19 - machine werd herstart

ComboFix-quarantined-files.txt 2009-07-07 14:19

ComboFix2.txt 2009-04-30 20:02

Pre-Run: 148.048.044.032 bytes free

Post-Run: 155.349.413.888 bytes free

377 --- E O F --- 2009-07-03 07:17

Link naar reactie
Delen op andere sites

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2173211156-1617119053-3617723833-1000Core.job

c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2173211156-1617119053-3617723833-1000UA.job

c:\windows\Tasks\SDMsgUpdate (TE).job

Folder::

c:\programdata\~0

Driver::

ASKService

ASKUpgrade

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

Link naar reactie
Delen op andere sites

Gast capronicus

ComboFix 09-07-08.04 - Seppe 09/07/2009 9:16.4 - NTFSx86

Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.32.1033.18.3326.2004 [GMT 2:00]

Gestart vanuit: c:\combofix\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Seppe\Downloads\CFScript.txt..txt

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::

"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2173211156-1617119053-3617723833-1000Core.job"

"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2173211156-1617119053-3617723833-1000UA.job"

"c:\windows\Tasks\SDMsgUpdate (TE).job"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\~0

c:\programdata\~0\mia.lib

c:\programdata\~0\setup.exe

c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2173211156-1617119053-3617723833-1000Core.job

c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2173211156-1617119053-3617723833-1000UA.job

c:\windows\Tasks\SDMsgUpdate (TE).job

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_ASKUPGRADE

-------\Service_ASKService

-------\Service_ASKUpgrade

(((((((((((((((((((( Bestanden Gemaakt van 2009-06-09 to 2009-07-09 ))))))))))))))))))))))))))))))

.

2009-07-08 22:18 . 2009-07-08 22:18 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys

2009-07-08 22:18 . 2009-07-08 22:18 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys

2009-07-08 22:02 . 2009-07-08 22:08 -------- d-----w- c:\program files\Ubisoft

2009-07-08 21:35 . 2009-07-08 22:19 -------- d-----w- C:\temp

2009-07-08 09:21 . 2009-07-08 11:50 -------- d--h--w- C:\$AVG8.VAULT$

2009-07-08 08:37 . 2009-07-08 08:37 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-07-08 08:37 . 2009-07-08 08:37 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-07-08 08:37 . 2009-07-08 08:37 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-07-08 08:37 . 2009-07-09 07:09 -------- d-----w- c:\windows\system32\drivers\Avg

2009-07-08 08:37 . 2009-07-08 08:37 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-07-08 08:36 . 2009-07-08 08:36 -------- d-----w- c:\programdata\avg8

2009-07-08 08:36 . 2009-07-08 08:36 -------- d-----w- c:\program files\AVG

2009-07-02 18:55 . 2009-07-02 18:55 41808 ----a-w- c:\windows\system32\xfcodec.dll

2009-06-26 10:49 . 2009-06-26 11:01 -------- d-----w- c:\program files\Age Of Empires 2 & The Conquerors Expansion - Full Game

2009-06-21 08:54 . 2008-10-15 04:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll

2009-06-21 08:54 . 2008-10-15 04:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll

2009-06-21 08:54 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll

2009-06-19 07:33 . 2009-06-19 07:33 8457 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp DSP Effects.dat

2009-06-19 07:33 . 2009-06-19 07:33 13281 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat

2009-06-19 07:33 . 2009-06-19 07:33 -------- d-----w- c:\program files\Illustrate

2009-06-16 06:42 . 2009-06-16 06:42 -------- d-----w- c:\windows\system32\Futuremark

2009-06-16 06:42 . 2009-06-16 06:42 -------- d-----w- c:\program files\Common Files\Futuremark Shared

2009-06-16 06:42 . 2008-09-17 13:14 27672 ----a-r- c:\windows\system32\drivers\Entech.sys

2009-06-16 06:41 . 2009-06-16 06:41 -------- d-----w- c:\windows\Sun

2009-06-16 05:46 . 2009-03-26 23:16 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys

2009-06-16 05:46 . 2009-06-16 05:46 -------- d-----w- c:\program files\CPUID

2009-06-15 07:30 . 2009-06-15 08:17 -------- d-----w- C:\Root

2009-06-15 07:30 . 2009-06-15 08:35 -------- d-----w- c:\program files\Activision

2009-06-15 07:00 . 2009-06-15 07:00 -------- d-sh--w- c:\windows\ftpcache

2009-06-14 09:16 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll

2009-06-14 09:16 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll

2009-06-12 21:06 . 2009-06-12 21:06 -------- d-----w- c:\program files\LucasArts

2009-06-12 21:03 . 2009-06-12 21:03 -------- d-----w- c:\program files\Microsoft WSE

2009-06-12 20:51 . 2009-06-12 20:51 -------- d-----w- c:\program files\Electronic Arts

2009-06-11 04:40 . 2005-01-03 15:43 4682 ----a-w- c:\windows\system32\npptNT2.sys

2009-06-11 04:40 . 2009-06-11 04:40 -------- d-----w- c:\program files\Common Files\INCA Shared

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-09 07:10 . 2009-02-13 13:19 -------- d-----w- c:\programdata\Xfire

2009-07-09 07:09 . 2009-02-13 15:11 -------- d-----w- c:\program files\Steam

2009-07-08 22:08 . 2009-02-21 09:47 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-07-08 07:45 . 2009-05-29 18:50 623758 ----a-w- c:\windows\system32\perfh007.dat

2009-07-08 07:45 . 2009-05-29 18:50 129388 ----a-w- c:\windows\system32\perfc007.dat

2009-07-08 07:45 . 2009-05-29 18:50 674588 ----a-w- c:\windows\system32\perfh00C.dat

2009-07-08 07:45 . 2009-05-29 18:50 130180 ----a-w- c:\windows\system32\perfc00C.dat

2009-07-08 07:45 . 2009-05-29 16:39 680816 ----a-w- c:\windows\system32\perfh013.dat

2009-07-08 07:45 . 2009-05-29 16:39 133512 ----a-w- c:\windows\system32\perfc013.dat

2009-07-08 07:45 . 2008-02-05 17:18 659302 ----a-w- c:\windows\system32\perfh019.dat

2009-07-08 07:45 . 2008-02-05 17:18 132690 ----a-w- c:\windows\system32\perfc019.dat

2009-07-07 14:13 . 2009-04-06 08:43 -------- d-----w- c:\program files\PC Tools AntiVirus

2009-07-07 06:36 . 2009-05-17 16:13 -------- d-----w- c:\program files\Empire.Total.War-KaOs

2009-07-07 06:17 . 2009-02-13 13:19 -------- d-----w- c:\program files\Xfire

2009-07-06 21:10 . 2009-02-15 22:17 -------- d-----w- c:\program files\EA Games

2009-07-03 09:30 . 2009-02-13 13:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-07-03 09:30 . 2009-03-28 10:58 3561743 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-07-03 07:12 . 2009-02-13 15:18 -------- d-----w- c:\program files\Common Files\Steam

2009-06-19 07:33 . 2009-05-06 18:17 2433400 ----a-w- c:\windows\system32\SpoonUninstall.exe

2009-06-17 09:27 . 2009-02-13 13:12 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-06-17 09:27 . 2009-02-13 13:12 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-06-14 13:42 . 2009-02-13 20:17 -------- d-----w- c:\programdata\Microsoft Help

2009-06-14 12:32 . 2009-06-06 17:22 -------- d-----w- c:\program files\Wolfenstein - Enemy Territory

2009-06-14 11:44 . 2009-06-04 18:42 138520 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2009-06-14 11:44 . 2009-06-04 18:42 189640 ----a-w- c:\windows\system32\PnkBstrB.exe

2009-06-08 14:22 . 2009-06-08 14:22 -------- d-----w- c:\programdata\WindowsSearch

2009-06-06 22:08 . 2009-06-06 22:00 -------- d-----w- c:\programdata\NexonEU

2009-06-06 22:00 . 2009-06-06 22:00 98304 ----a-w- c:\programdata\NexonEU\NGM\nxgameeu.dll

2009-06-06 22:00 . 2009-06-06 22:00 81920 ----a-w- c:\programdata\NexonEU\NGM\npNxGameeu.dll

2009-06-06 22:00 . 2009-06-06 22:00 532480 ----a-w- c:\programdata\NexonEU\NGM\NGMDll.dll

2009-06-06 22:00 . 2009-06-06 22:00 331776 ----a-w- c:\programdata\NexonEU\NGM\NGMResource.dll

2009-06-06 22:00 . 2009-06-06 22:00 258352 ----a-w- c:\programdata\NexonEU\NGM\unicows.dll

2009-06-06 22:00 . 2009-06-06 22:00 155648 ----a-w- c:\programdata\NexonEU\NGM\NGM.exe

2009-06-06 21:35 . 2009-06-06 21:35 421888 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe

2009-06-06 21:20 . 2009-06-06 21:20 98304 ----a-w- c:\programdata\NexonUS\NGM\nxgameus.dll

2009-06-06 21:20 . 2009-06-06 21:20 81920 ----a-w- c:\programdata\NexonUS\NGM\npNxGameUS.dll

2009-06-06 21:20 . 2009-06-06 21:20 520192 ----a-w- c:\programdata\NexonUS\NGM\NGMDll.dll

2009-06-06 21:20 . 2009-06-06 21:20 335872 ----a-w- c:\programdata\NexonUS\NGM\NGMResource.dll

2009-06-06 21:20 . 2009-06-06 21:20 258352 ----a-w- c:\programdata\NexonUS\NGM\unicows.dll

2009-06-06 21:20 . 2009-06-06 21:20 167936 ----a-w- c:\programdata\NexonUS\NGM\NGM.exe

2009-06-06 21:20 . 2009-06-06 21:20 -------- d-----w- c:\programdata\NexonUS

2009-06-06 20:47 . 2009-06-06 20:47 -------- d-----w- c:\programdata\PMB Files

2009-06-06 20:47 . 2009-06-06 20:47 -------- d-----w- c:\program files\Pando Networks

2009-06-05 19:10 . 2009-04-20 21:47 -------- d-----w- c:\program files\Windows Live Safety Center

2009-06-04 18:42 . 2009-06-04 18:42 794408 ----a-w- c:\windows\system32\pbsvc.exe

2009-06-04 18:42 . 2009-06-04 18:42 75064 ----a-w- c:\windows\system32\PnkBstrA.exe

2009-06-01 09:42 . 2009-02-13 19:03 -------- d-----w- c:\program files\Windows Live

2009-05-31 11:49 . 2009-05-31 11:49 -------- d-----w- c:\program files\Common Files\PX Storage Engine

2009-05-31 11:48 . 2009-05-31 11:48 -------- d-----w- c:\program files\Google

2009-05-30 17:17 . 2009-03-02 19:42 -------- d-----w- c:\program files\Rainmeter

2009-05-29 17:03 . 2009-05-29 18:50 36916 ----a-w- c:\windows\system32\perfd007.dat

2009-05-29 17:03 . 2009-05-29 18:50 290748 ----a-w- c:\windows\system32\perfi007.dat

2009-05-29 17:03 . 2009-05-29 18:40 36916 ----a-w- c:\windows\inf\PERFLIB\0407\perfd.dat

2009-05-29 17:03 . 2009-05-29 18:40 36916 ----a-w- c:\windows\inf\PERFLIB\0407\perfc.dat

2009-05-29 17:03 . 2009-05-29 18:40 290748 ----a-w- c:\windows\inf\PERFLIB\0407\perfi.dat

2009-05-29 17:03 . 2009-05-29 18:40 290748 ----a-w- c:\windows\inf\PERFLIB\0407\perfh.dat

2009-05-29 16:47 . 2009-02-13 20:21 -------- d-----w- c:\program files\Microsoft Works

2009-05-29 16:38 . 2009-05-29 16:39 41976 ----a-w- c:\windows\system32\perfd013.dat

2009-05-29 16:38 . 2009-05-29 16:39 336440 ----a-w- c:\windows\system32\perfi013.dat

2009-05-29 16:38 . 2009-05-29 16:38 41976 ----a-w- c:\windows\inf\PERFLIB\0413\perfd.dat

2009-05-29 16:38 . 2009-05-29 16:38 41976 ----a-w- c:\windows\inf\PERFLIB\0413\perfc.dat

2009-05-29 16:38 . 2009-05-29 16:38 336440 ----a-w- c:\windows\inf\PERFLIB\0413\perfi.dat

2009-05-29 16:38 . 2009-05-29 16:38 336440 ----a-w- c:\windows\inf\PERFLIB\0413\perfh.dat

2009-05-26 16:47 . 2009-05-26 16:47 -------- d-----w- c:\program files\Common Files\SWF Studio

2009-05-26 05:24 . 2009-02-14 11:11 -------- d-----w- c:\program files\SystemRequirementsLab

2009-05-23 18:40 . 2009-05-23 18:40 -------- d-----w- c:\programdata\ATI

2009-05-23 18:40 . 2009-02-13 12:52 -------- d-----w- c:\program files\ATI

2009-05-23 18:32 . 2009-02-13 12:52 -------- d-----w- c:\program files\ATI Technologies

2009-05-22 09:02 . 2009-05-22 09:02 -------- d-----w- c:\program files\Games

2009-05-18 17:51 . 2009-05-16 09:28 -------- d-----w- c:\program files\SmartDraw 2009

2009-05-11 16:12 . 2009-05-11 16:12 0 ----a-w- C:\ntuser.dat

2009-05-09 05:50 . 2009-06-10 09:23 915456 ----a-w- c:\windows\system32\wininet.dll

2009-05-09 05:34 . 2009-06-10 09:23 71680 ----a-w- c:\windows\system32\iesetup.dll

2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr

2009-04-29 03:31 . 2009-04-29 03:31 4491776 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2009-04-29 02:08 . 2009-04-29 02:08 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2009-04-29 02:08 . 2009-04-29 02:08 303104 ----a-w- c:\windows\system32\atieclxx.exe

2009-04-29 02:07 . 2009-04-29 02:07 176128 ----a-w- c:\windows\system32\atiesrxx.exe

2009-04-29 02:06 . 2009-01-14 05:02 159744 ----a-w- c:\windows\system32\atitmmxx.dll

2009-04-29 02:06 . 2009-01-14 05:01 356352 ----a-w- c:\windows\system32\atipdlxx.dll

2009-04-29 02:05 . 2009-04-29 02:05 278528 ----a-w- c:\windows\system32\Oemdspif.dll

2009-04-29 02:05 . 2009-04-29 02:05 11776 ----a-w- c:\windows\system32\atimuixx.dll

2009-04-29 02:05 . 2009-04-29 02:05 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2009-04-29 02:02 . 2009-04-29 02:02 2428928 ----a-w- c:\windows\system32\atidxx32.dll

2009-04-29 01:52 . 2009-01-14 04:44 3082752 ----a-w- c:\windows\system32\atiumdag.dll

2009-04-29 01:41 . 2009-04-29 01:41 11559424 ----a-w- c:\windows\system32\atioglxx.dll

2009-04-29 01:37 . 2009-01-14 04:22 4963840 ----a-w- c:\windows\system32\atiumdva.dll

2009-04-29 01:25 . 2009-04-29 01:25 51712 ----a-w- c:\windows\system32\atimpc32.dll

2009-04-29 01:25 . 2009-04-29 01:25 51712 ----a-w- c:\windows\system32\amdpcom32.dll

2009-04-29 01:24 . 2009-04-29 01:24 163840 ----a-w- c:\windows\system32\atiadlxx.dll

2009-04-29 01:22 . 2009-04-29 01:22 53248 ----a-w- c:\windows\system32\aticalrt.dll

2009-04-29 01:22 . 2009-04-29 01:22 53248 ----a-w- c:\windows\system32\aticalcl.dll

2009-04-29 01:20 . 2009-04-29 01:20 3293184 ----a-w- c:\windows\system32\aticaldd.dll

2009-04-29 01:11 . 2009-04-29 01:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2009-04-28 20:15 . 2009-04-28 20:15 531 ----a-w- c:\windows\eReg.dat

2009-04-24 05:43 . 2009-04-24 05:43 95544 ----a-w- c:\windows\system32\drivers\AtiHdmi.sys

2009-04-23 12:43 . 2009-06-10 09:23 784896 ----a-w- c:\windows\system32\rpcrt4.dll

2009-04-23 12:42 . 2009-06-10 09:23 636928 ----a-w- c:\windows\system32\localspl.dll

2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w- c:\windows\system32\xlive.dll

2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-07-07_14.13.37 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-01-21 01:56 . 2009-07-09 07:09 11858 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 13:03 . 2009-07-09 07:09 29512 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2009-02-13 12:47 . 2009-07-07 13:15 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-02-13 12:47 . 2009-07-09 07:13 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-02-13 12:47 . 2009-07-09 07:13 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-02-13 12:47 . 2009-07-07 13:15 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-02-13 12:47 . 2009-07-07 13:15 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-02-13 12:47 . 2009-07-09 07:13 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-08 22:17 . 2009-07-08 22:17 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll

- 2009-06-21 08:54 . 2009-06-21 08:54 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll

- 2009-06-21 08:54 . 2009-06-21 08:54 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll

+ 2009-07-08 22:17 . 2009-07-08 22:17 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll

+ 2009-02-13 12:51 . 2009-07-09 07:09 2102 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2173211156-1617119053-3617723833-1000_UserData.bin

+ 2006-11-02 10:33 . 2009-07-08 07:45 601162 c:\windows\System32\perfh009.dat

- 2006-11-02 10:33 . 2009-07-02 19:05 601162 c:\windows\System32\perfh009.dat

- 2006-11-02 10:33 . 2009-07-02 19:05 107192 c:\windows\System32\perfc009.dat

+ 2006-11-02 10:33 . 2009-07-08 07:45 107192 c:\windows\System32\perfc009.dat

- 2009-05-29 18:50 . 2009-07-07 12:45 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-05-29 18:50 . 2009-07-08 09:56 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-08 22:08 . 2009-07-08 22:08 216064 c:\windows\Installer\34457f4.msi

- 2009-06-21 08:54 . 2009-06-21 08:54 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll

+ 2009-07-08 22:17 . 2009-07-08 22:17 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll

- 2009-06-21 08:54 . 2009-06-21 08:54 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll

+ 2009-07-08 22:17 . 2009-07-08 22:17 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll

+ 2009-07-08 22:17 . 2009-07-08 22:17 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll

- 2009-06-21 08:54 . 2009-06-21 08:54 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll

+ 2009-07-08 22:17 . 2009-07-08 22:17 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll

- 2009-06-21 08:54 . 2009-06-21 08:54 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll

- 2009-06-21 08:54 . 2009-06-21 08:54 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll

+ 2009-07-08 22:17 . 2009-07-08 22:17 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll

- 2009-06-21 08:54 . 2009-06-21 08:54 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2009-07-08 22:17 . 2009-07-08 22:17 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2009-07-08 22:17 . 2009-07-08 22:17 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2009-06-21 08:54 . 2009-06-21 08:54 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2009-06-21 08:54 . 2009-06-21 08:54 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2009-07-08 22:17 . 2009-07-08 22:17 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2009-07-08 22:17 . 2009-07-08 22:17 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2009-06-21 08:54 . 2009-06-21 08:54 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2009-06-21 08:54 . 2009-06-21 08:54 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2009-07-08 22:17 . 2009-07-08 22:17 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2009-06-21 08:54 . 2009-06-21 08:54 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2009-07-08 22:17 . 2009-07-08 22:17 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2009-06-21 08:54 . 2009-06-21 08:54 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2009-07-08 22:17 . 2009-07-08 22:17 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2009-07-08 22:17 . 2009-07-08 22:17 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2009-06-21 08:54 . 2009-06-21 08:54 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2009-06-21 08:54 . 2009-06-21 08:54 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll

+ 2009-07-08 22:17 . 2009-07-08 22:17 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll

+ 2009-07-08 22:17 . 2009-07-08 22:17 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2009-06-21 08:54 . 2009-06-21 08:54 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2009-06-21 08:54 . 2009-06-21 08:54 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2009-07-08 22:17 . 2009-07-08 22:17 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

.

-- Snapshot teruggezet naar huidige datum --

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files\steam\steam.exe" [2009-06-11 1217784]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-28 61440]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-08 1948440]

c:\users\Seppe\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\

Multiclicker - Shortcut.lnk - c:\users\Seppe\Downloads\Autoclicker\Multiclicker\Multiclicker.jar [2009-5-13 421088]

Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2006-1-21 118784]

Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-2-15 3581680]

Xfire.lnk - c:\program files\Xfire\Xfire.exe [2009-7-2 3190096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /r \??\m:\0autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Vuze.lnk]

backup=c:\windows\pss\Vuze.lnk.CommonStartup

backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2173211156-1617119053-3617723833-1000]

"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"TCP Query User{2B472955-341F-49AF-9C2B-FB694E00694F}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{91D928D9-FAC6-4965-BD8F-0122B6BC2B96}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{4F772B06-4A9F-4923-928B-EB2D1037DF6B}c:\\program files\\steam\\steamapps\\capronicus\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\capronicus\counter-strike source\hl2.exe:hl2

"UDP Query User{49AA79F9-52F0-4F34-AADB-4E093E4F82E1}c:\\program files\\steam\\steamapps\\capronicus\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\capronicus\counter-strike source\hl2.exe:hl2

"{A60D3307-60CB-4CFE-AE7C-51BEA6C092C9}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{84939BE0-B785-4F8E-9E9B-F660A60ECAFE}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{C2B8DF65-0C43-4D37-B2E8-02A342946288}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{52D4234A-D993-4DEF-A44D-4AD198A461B6}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{19F4F152-5FE6-41DD-8508-FAB5DD827A00}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"TCP Query User{27C0330C-F297-4989-B4D6-9A0A27779006}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus

"UDP Query User{B2493C4F-600D-47BE-9D47-45BED40EAB9D}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus

"{42576958-BADA-4CFB-88FA-3A8EEA86F913}"= UDP:5353:Adobe CSI CS4

"{E9EB19C1-3962-4DF6-B4DE-11A66E1076C6}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

"{CDFA765E-CB2A-4488-9B7C-24CE178768A6}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

"TCP Query User{58EDEAB2-539A-49BE-BD6F-B125B86B196B}c:\\users\\seppe\\downloads\\utorrent(2).exe"= UDP:c:\users\seppe\downloads\utorrent(2).exe:utorrent(2).exe

"UDP Query User{999D3B95-A3F2-4E03-B9F1-73D987725CDB}c:\\users\\seppe\\downloads\\utorrent(2).exe"= TCP:c:\users\seppe\downloads\utorrent(2).exe:utorrent(2).exe

"TCP Query User{5BDC3C58-B176-4E1E-BAE5-88E57C2AFBD9}c:\\program files\\globalstar software\\school tycoon\\schooltycoon.exe"= UDP:c:\program files\globalstar software\school tycoon\schooltycoon.exe:SchoolTycoon

"UDP Query User{25085926-C2AD-457F-B844-C8BE2A78D1CF}c:\\program files\\globalstar software\\school tycoon\\schooltycoon.exe"= TCP:c:\program files\globalstar software\school tycoon\schooltycoon.exe:SchoolTycoon

"TCP Query User{391C575E-EF34-48B4-BDED-CB5124251D5B}c:\\program files\\globalstar software\\mall tycoon\\mall.exe"= UDP:c:\program files\globalstar software\mall tycoon\mall.exe:mall

"UDP Query User{871BC957-80A6-43C0-B544-460326C87E4D}c:\\program files\\globalstar software\\mall tycoon\\mall.exe"= TCP:c:\program files\globalstar software\mall tycoon\mall.exe:mall

"TCP Query User{72B597A6-99E4-4163-B029-F3C88BEEED7C}c:\\program files\\global star software\\airport tycoon 3\\at3.exe"= UDP:c:\program files\global star software\airport tycoon 3\at3.exe:at3

"UDP Query User{AF88DCF9-25EC-4183-BCFC-1C05BC208628}c:\\program files\\global star software\\airport tycoon 3\\at3.exe"= TCP:c:\program files\global star software\airport tycoon 3\at3.exe:at3

"{A9E18A82-0796-48DF-BF24-EDB215884C1C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{422B9248-660A-40A2-9CD7-3EE1F05EDD43}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"TCP Query User{F2891369-0F66-454B-9FC9-69E825545198}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire

"UDP Query User{5F1954E7-3AFA-4643-BA19-0B0B12CAA1AB}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire

"{070A0F7E-62F2-4CFA-86C2-6F8B28E6A067}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{EEA15B89-0F83-48FF-8E06-FE280E3DA1BA}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"{863AA783-85E4-4D61-8BD1-BD691145FCD3}"= UDP:c:\program files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2

"{8635A537-B0E3-4F96-9957-749395E39111}"= TCP:c:\program files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2

"{D90E9EE7-C987-423B-B51B-85292FBACEE3}"= UDP:c:\users\Seppe\Games\Tom Clancy's H.A.W.X\HAWX.exe:Tom_Clancy's_H.A.W.X_1

"{17DEC3F5-37EC-4EF3-B3A2-E81E290A5453}"= TCP:c:\users\Seppe\Games\Tom Clancy's H.A.W.X\HAWX.exe:Tom_Clancy's_H.A.W.X_1

"{0B123EA7-D72C-4EE4-BAC8-5A3DBC07911A}"= UDP:c:\users\Seppe\Games\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom_Clancy's_H.A.W.X_2

"{CFC4B098-38D0-4C84-BCAE-55274CD6BCAD}"= TCP:c:\users\Seppe\Games\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom_Clancy's_H.A.W.X_2

"{FF7D9662-04B0-453A-9270-C4E66D74E712}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{304F2AD7-E565-4787-B627-B6FA9C5276A4}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{E06D5DBC-B34B-41E1-A453-37E142BF7F3A}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{A1AB407F-ACDC-4098-B9EB-58D54D5A351A}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{B8BE1B49-4908-4BD5-97D9-FB1A52717CFB}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster

"{FADA85C0-E68A-4661-9FA5-D926856C83A0}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster

"{52E5EFC5-428C-45A1-9127-08DCD672AF38}"= UDP:58754:Pando Media Booster

"{0051F787-09C0-478B-AC1D-FBFD3CB6A27D}"= TCP:58754:Pando Media Booster

"{0363C5F2-6401-4246-BFAC-B18D10026D9F}"= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager

"{79E466C2-632B-42DC-A1B9-17E5EBA6CE0A}"= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager

"{86C6CA9F-532E-42FF-8661-0B19D706E0E9}"= UDP:c:\programdata\NexonEU\NGM\NGM.exe:Nexon Game Manager

"{5CE25A84-2065-40AE-8179-1D343FFACD08}"= TCP:c:\programdata\NexonEU\NGM\NGM.exe:Nexon Game Manager

"{41188A5A-C84B-4CD3-8B3C-344AF0D737CF}"= UDP:c:\nexon\Combat Arms EU\NMService.exe:Nexon Messenger Core

"{A2AAD524-CE5A-4810-BF6D-66CBB6B4A5DE}"= TCP:c:\nexon\Combat Arms EU\NMService.exe:Nexon Messenger Core

"{F4E55DE5-8FE8-41DE-910E-8EDB83C6F62D}"= UDP:c:\program files\Activision\Prototype\prototypef.exe:Prototype

"{2AFA9AAB-9068-45C2-BA8C-9FED6B703D8A}"= TCP:c:\program files\Activision\Prototype\prototypef.exe:Prototype

"{B8A064FB-0413-49EF-BAD4-46B3383C34BA}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe

"{E8B9E504-A5FB-486C-8069-69699A4149DB}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\Nexon\\Combat Arms\\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"c:\\Nexon\\Combat Arms\\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

"c:\\Nexon\\Combat Arms EU\\CombatArms.exe"= c:\nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe

"c:\\Nexon\\Combat Arms EU\\Engine.exe"= c:\nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe

R3 cpuz130;cpuz130;c:\users\Seppe\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]

R3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-03-26 12672]

R3 hitmanpro3;Hitman Pro 3 Support Driver;c:\windows\system32\drivers\hitmanpro3.sys [x]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-06-11 2739229]

R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]

R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]

R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]

R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]

R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-07-08 335752]

S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-07-08 108552]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-04-29 176128]

S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-07-08 298776]

S2 wmcmgc;Windows Management Configuration;c:\windows\System32\svchost.exe [2008-01-21 21504]

S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2009-04-24 95544]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

wmcmgc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]

%SystemRoot%\system32\soundschemes.exe /AddRegistration

.

Inhoud van de 'Gedeelde Taken' map

2009-04-05 c:\windows\Tasks\Uniblue SpyEraser.job

- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2009-04-05 06:23]

2009-07-09 c:\windows\Tasks\User_Feed_Synchronization-{463EAFF3-D343-4801-A30B-8E7C4C844514}.job

- c:\windows\system32\msfeedssync.exe [2009-05-29 11:31]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-07-09 09:23

Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-2173211156-1617119053-3617723833-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:e3,bf,16,c6,7b,fe,c0,af,45,eb,66,4f,a0,30,e1,df,56,dc,c7,c0,ea,da,17,

07,fe,00,b1,7d,be,83,16,f9,e3,dc,4c,eb,fb,c1,2c,f4,5f,a7,92,a2,fb,69,e4,f3,\

"??"=hex:bf,46,ec,79,c9,a0,b3,e4,82,c3,a1,5a,a6,0c,eb,46

[HKEY_USERS\S-1-5-21-2173211156-1617119053-3617723833-1000\Software\SecuROM\License information*]

@Allowed: (Read) (RestrictedCode)

"datasecu"=hex:8b,70,97,13,32,5a,44,d8,9b,6b,11,9b,fc,0c,ca,04,9a,93,f9,1b,4a,

af,97,37,04,77,23,3d,c1,b7,c7,0c,3f,f1,45,6e,8e,03,2f,36,c7,11,26,fb,22,bc,\

"rkeysecu"=hex:5f,2a,52,f5,ab,d7,d8,f6,2a,19,19,5e,b3,78,4e,0e

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(864)

c:\program files\Common Files\Adobe\Adobe Drive CS4\ADFSMenu.dll

c:\progra~1\OOSOFT~1\Defrag\oodsh.dll

c:\progra~1\OOSOFT~1\Defrag\OODSHRS.DLL

c:\program files\Malwarebytes' Anti-Malware\mbamext.dll

c:\program files\WinRAR\rarext.dll

c:\program files\7-Zip\7-zip.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\System32\audiodg.exe

c:\windows\System32\atieclxx.exe

c:\windows\System32\CISVC.EXE

c:\windows\System32\PnkBstrA.exe

c:\windows\servicing\TrustedInstaller.exe

c:\progra~1\AVG\AVG8\avgrsx.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

c:\windows\System32\conime.exe

c:\windows\System32\rundll32.exe

c:\windows\System32\wbem\unsecapp.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Voltooingstijd: 2009-07-09 9:29 - machine werd herstart

ComboFix-quarantined-files.txt 2009-07-09 07:29

ComboFix2.txt 2009-07-07 14:19

ComboFix3.txt 2009-04-30 20:02

Pre-Run: 184.037.085.184 bytes free

Post-Run: 183.587.004.416 bytes free

414 --- E O F --- 2009-07-03 07:17

---------- Post added at 09:33 ---------- Previous post was at 09:32 ----------

sorry voor late respons maar geraakte niet meer op site :s

Link naar reactie
Delen op andere sites

sorry voor late respons maar geraakte niet meer op site
Geen probleem ... kan gebeuren :s

En is er nu nog iets negatiefs merkbaar ? Mij lijkt het er globaal erg goed uit te zien. Indien geen problemen meer, moeten we nog wel één en ander opruimen.

Link naar reactie
Delen op andere sites

Verwijder Combofix: Start -> Uitvoeren en typ: combofix /u

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Download CCleaner.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Opschonen'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Configuratiescherm -> Systeem en Onderhoud -> Systeem -> tabblad "Systeembeveiliging" -> vinkje weghalen bij de schijf waarvan je de herstelpunten wil verwijderen -> klikken op "toepassen". Dan krijg je de schermmelding “Weet u zeker dat u systeemherstel wil uitschakelen”. Klik hier op “Systeemherstel uitschakelen”. Dan zijn alle herstelpunten verwijderd op de aangeduide schijf.

Zet daarna opnieuw een vinkje bij de harde schijf. Maak meteen ook een nieuw herstelpunt, zodat je niet hoeft te wachten op een automatisch herstelpunt van het systeem.

That's it !

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.