Katusha virus

[daan2404]

Ik heb een virus, waarschijnlijk W32/Katusha
Deze heeft mijn programma McAfee aangetast. Kan nu niet meer op internet. Heb combofix laten draaien, maar kan nog steeds niet op internet. Hierbij het logbestandComboFix 11-11-28.02 - oscar 29-11-2011 15:56:51.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2039.1559 [GMT 1:00]
Gestart vanuit: J:\ComboFix.exe
.
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\oscar\LOCALS~1\Temp\3dcf2df1-2a83-477c-a7dd-858967792357\CliSecureRT.dll
c:\documents and settings\oscar\Local Settings\Temp\3dcf2df1-2a83-477c-a7dd-858967792357\CliSecureRT.dll
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-10-28 to 2011-11-29 ))))))))))))))))))))))))))))))
.
.
2011-11-29 14:54 . 2011-11-29 14:54 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-11-29 14:54 . 2011-11-29 14:54 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-11-29 06:39 . 2011-11-29 06:46 -------- d-----w- c:\documents and settings\oscar\Application Data\Sammsoft
2011-11-28 14:55 . 2011-08-17 13:49 138496 -c--a-w- c:\windows\system32\dllcache\afd.sys
2011-11-28 14:55 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-11-27 17:48 . 2011-11-27 17:51 -------- d-----w- c:\documents and settings\Administrator
2011-11-27 10:40 . 2011-11-27 10:45 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-11-27 10:39 . 2011-11-27 10:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-11-27 10:07 . 2011-11-27 10:23 -------- d-----w- c:\program files\PC Tools Security
2011-11-27 10:05 . 2011-11-27 10:21 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-11-26 19:44 . 2011-11-26 19:44 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-11-26 19:39 . 2011-11-28 15:12 -------- d-sh--w- c:\documents and settings\oscar\Local Settings\Application Data\c7a18213
2011-11-25 16:28 . 2011-11-25 16:28 -------- d-----w- c:\documents and settings\oscar\Application Data\Malwarebytes
2011-11-25 16:28 . 2011-11-25 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-11-25 16:12 . 2011-11-25 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\clp
2011-11-25 16:11 . 2011-11-25 16:11 -------- d-----w- c:\documents and settings\LocalService\Application Data\Fighters
2011-11-25 16:11 . 2011-11-25 16:12 -------- d-----w- c:\documents and settings\oscar\Application Data\Fighters
2011-11-25 16:10 . 2011-11-25 16:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Toolkit Suite
2011-11-25 16:10 . 2011-11-25 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Fighters
2011-11-25 15:22 . 2011-11-25 16:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-11-25 15:22 . 2011-11-25 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-11-25 14:43 . 2011-11-25 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2011-11-25 14:41 . 2011-11-25 14:41 -------- d-----w- c:\program files\Citrix
2011-11-25 14:41 . 2011-11-25 14:41 -------- d-----w- c:\documents and settings\oscar\Local Settings\Application Data\Citrix
2011-11-18 18:08 . 2011-11-18 18:08 -------- d-----w- c:\program files\Common Files\DirectX
2011-11-18 17:48 . 2011-11-18 17:48 -------- d-----w- c:\windows\Logs
2011-11-18 17:47 . 2011-11-18 17:47 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-11-18 17:47 . 2011-11-18 17:47 139152 ----a-w- c:\documents and settings\oscar\Application Data\PnkBstrK.sys
2011-11-18 17:47 . 2011-11-18 17:47 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-11-18 17:47 . 2011-11-27 09:05 81920 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-11-18 17:47 . 2011-11-18 17:47 2793768 ----a-w- c:\windows\system32\pbsvc.exe
2011-11-18 17:37 . 2011-11-18 17:37 -------- d-----w- c:\program files\Ubisoft
2011-11-16 18:25 . 2011-11-16 18:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 15:41 . 2011-11-04 15:41 -------- d-----w- c:\program files\Sierra
2011-11-04 14:22 . 2007-06-20 19:46 266088 ----a-w- c:\windows\system32\xactengine2_8.dll
2011-11-04 14:22 . 2007-10-22 02:37 17928 ----a-w- c:\windows\system32\X3DAudio1_2.dll
2011-11-04 14:22 . 2007-05-16 15:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2011-11-04 14:22 . 2007-05-16 15:45 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2011-11-04 14:22 . 2007-05-16 15:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2011-11-04 14:22 . 2007-04-04 17:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2011-11-04 14:22 . 2007-03-15 15:57 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2011-11-04 14:22 . 2007-03-12 15:42 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2011-11-04 14:21 . 2007-03-12 15:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2011-11-04 14:21 . 2007-01-24 14:27 255848 ----a-w- c:\windows\system32\xactengine2_6.dll
2011-11-04 11:48 . 2011-11-04 11:48 -------- d-sh--w- c:\windows\ftpcache
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 18:20 . 2011-10-24 13:02 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-11-26 19:44 . 2011-10-19 02:39 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2011-10-10 14:22 . 2011-06-06 21:15 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2002-09-11 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2010-03-18 08:09 614912 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2002-09-11 12:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2002-09-11 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-06 14:09 . 2002-09-11 12:00 1859072 ----a-w- c:\windows\system32\win32k.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
Cryptography Services Fout !!
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-08-01 20880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-01-23 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-01-23 126976]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\oscar\Menu Start\Programma's\Opstarten\
Registration Brothers In Arms EiB.LNK - l:\program files\Ubisoft\Gearbox Software\BrothersInArmsEiB\Support\Register\RegistrationReminder.exe [N/A]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"KiesTrayAgent"=c:\program files\Samsung\Kies\KiesTrayAgent.exe
"KiesHelper"=c:\program files\Samsung\Kies\KiesHelper.exe /s
"KiesPDLR"=c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"=SOUNDMAN.EXE
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" /hide
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"DATAMNGR"=c:\progra~1\WI371A~1\Datamngr\DATAMN~1.EXE
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows iLivid Toolbar\\Datamngr\\ToolBar\\dtUser.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2ServerLauncher.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-28 136176]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys [x]
R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-28 136176]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-11-27 23624]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 136808]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2011-11-25 c:\windows\Tasks\Easy Onderhoud.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-12-28 17:13]
.
2011-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-28 08:20]
.
2011-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-28 08:20]
.
2011-11-29 c:\windows\Tasks\User_Feed_Synchronization-{2992EF4F-425B-4F38-AD0F-B1B2C1441709}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-29 16:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Componen​ts\€–}|ÿÿÿÿÀ•}|ù•9~*]
"3140311900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(1200)
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\imapi.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Voltooingstijd: 2011-11-29 16:07:10 - machine werd herstart
ComboFix-quarantined-files.txt 2011-11-29 15:07
ComboFix2.txt 2011-11-28 15:45
ComboFix3.txt 2011-11-28 15:21
.
Pre-Run: 927.204.618.240 bytes beschikbaar
Post-Run: 927.204.913.152 bytes beschikbaar
.
- - End Of File - - 29F926ED239B773026031DD7626EEE4F

[miekiemoes]

Hoi,

Downloadt reglooks.exe: http://users.telenet.be/marcvn/tools/reglooks.exe
Plaats het op je bureaublad.
Dubbelklik op reglooks.exe. Doe verder niets (foutmeldingen mag je negeren) en wacht tot er een logfile opent. Post de inhoud van deze logfile.

[daan2404]

(29-11-2011 22:18)miekiemoes schreef:  Hoi,

Downloadt reglooks.exe: http://users.telenet.be/marcvn/tools/reglooks.exe
Plaats het op je bureaublad.
Dubbelklik op reglooks.exe. Doe verder niets (foutmeldingen mag je negeren) en wacht tot er een logfile opent. Post de inhoud van deze logfile.

Oke, heb ik gedaan :

REGLOOKS logfile - version 0.993
Scan started: wo 30-11-2011 15:54:46,07

--- INFORMATION ---

Manufacturer: INTELR - Model: AWRDACPI
Operating System: Microsoft Windows XP Home Edition -- 5.1.2600 -- Service Pack 3 --
Install Date: 6-6-2011 23:18:51
Last Boot: 30-11-2011 15:51:09
Processor: Intel® Pentium® D CPU 2.66GHz
Number of Processors: 2
Work Station
Bootmode: Fail-safe with network boot
Total RAM: 2039 MB (free 1778 MB - 87%)

Computername: HEUVERLI-45WVVA
Domain: MSHOME
User: Administrator (Administrator account)

Removable Disk: A:\ - - GB (free GB)
Local Disk: C:\ - NTFS - 931 GB (free 874 GB)
Removable Disk: D:\ - - GB (free GB)
Removable Disk: E:\ - - GB (free GB)
Removable Disk: F:\ - - GB (free GB)
Removable Disk: G:\ - - GB (free GB)
CD \ DVD Drive: H:\
CD \ DVD Drive: I:\
Removable Disk: J:\ - FAT32 - 7 GB (free 5 GB)

Bootdevice: \Device\HarddiskVolume1
Systemdrive: C:
Windowsdirectory: C:\WINDOWS
Systemdirectory: C:\WINDOWS\system32


Internet Explorer Version: 8.0.6001.18702

Windows update: 2011-11-19 08:53:30






DEP: ONN - DEP is enabled for a limited number of binaries, the kernel, and all Windows-based services


--- System Restore Points ---

Restorepoint 1: 29-11-2011 20:14:20 - Cancelled operation - Controlepunt van systeem


--- RUNNING PROCESSES ---

C:\WINDOWS\System32\smss.exe
csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
wmiprvse.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cscript.exe


--- SIGCHECK ---

C:\WINDOWS\explorer.exe -- [1037312] -- [14-04-2008 18:02] -- sigcheck OK
C:\WINDOWS\system32\appmgmts.dll NOT found
C:\WINDOWS\system32\browser.dll -- [77824] -- [14-04-2008 18:02] -- sigcheck OK
C:\WINDOWS\system32\comres.dll -- [822784] -- [14-04-2008 18:02] -- sigcheck OK
C:\WINDOWS\system32\comctl32.dll -- [617472] -- [23-08-2010 17:13] -- sigcheck OK
C:\WINDOWS\system32\cryptsvc.dll -- [62464] -- [14-04-2008 18:02] -- sigcheck OK
C:\WINDOWS\system32\ctfmon.exe -- [15360] -- [14-04-2008 18:02] -- sigcheck OK
C:\WINDOWS\system32\es.dll -- [253952] -- [07-07-2008 21:30] -- sigcheck OK
C:\WINDOWS\system32\eventlog.dll -- [56320] -- [14-04-2008 18:02] -- sigcheck OK
C:\WINDOWS\system32\ias.dll NOT found
C:\WINDOWS\system32\imm32.dll -- [110080] -- [14-04-2008 18:02] -- sigcheck OK
C:\WINDOWS\system32\kernel32.dll -- [1030656] -- [21-03-2009 15:09] -- sigcheck OK
C:\WINDOWS\system32\linkinfo.dll -- [19968] -- [14-04-2008 18:02] -- sigcheck OK
C:\WINDOWS\system32\lpk.dll -- [22016] -- [14-04-2008 18:02] -- sigcheck OK
C:\WINDOWS\system32\lsass.exe -- [13312] -- [14-04-2008 18:03] -- sigcheck OK
C:\WINDOWS\system32\mfc40u.dll -- [953856] -- [18-09-2010 07:53] -- sigcheck OK
C:\WINDOWS\system32\msgsvc.dll -- [33792] -- [14-04-2008 18:02] -- sigcheck OK
C:\WINDOWS\system32\mshtml.dll -- [5971456] -- [03-10-2011 09:31] -- sigcheck OK
C:\WINDOWS\system32\mspmsnsv.dll -- [27136] -- [18-10-2006 20:47] -- sigcheck OK
C:\WINDOWS\system32\mswsock.dll -- [247296] -- [20-06-2008 17:04] -- sigcheck OK
C:\WINDOWS\system32\netlogon.dll -- [407040] -- [14-04-2008 18:02] -- sigcheck OK
C:\WINDOWS\system32\netman.dll -- [198144] -- [14-04-2008 18:02] -- sigcheck OK
C:\WINDOWS\system32\ntkrnlpa.exe -- [2031616] -- [09-12-2010 16:14] -- sigcheck OK
C:\WINDOWS\system32\ntmssvc.dll -- [437248] -- [14-04-2008 18:02] -- sigcheck OK
C:\WINDOWS\system32\ntoskrnl.exe -- [2153472] -- [09-12-2010 16:14] -- sigcheck OK
C:\WINDOWS\system32\pchsvc.dll NOT found
C:\WINDOWS\system32\powrprof.dll -- [17408] -- [14-04-2008 18:02] -- sigcheck OK
C:\WINDOWS\system32\qmgr.dll -- [409088] -- [14-04-2008 18:02] -- sigcheck OK
C:\WINDOWS\system32\rasauto.dll -- [88576] -- [14-04-2008 18:02] -- sigcheck OK
C:\WINDOWS\system32\regsvc.dll -- [59904] -- [14-04-2008 18:02] -- sigcheck OK
C:\WINDOWS\system32\rpcss.dll -- [401408] -- [09-02-2009 11:56] -- sigcheck OK
C:\WINDOWS\system32\scecli.dll -- [185856] -- [14-04-2008 18:02] -- sigcheck OK
C:\WINDOWS\system32\schedsvc.dll -- [193536] -- [14-04-2008 18:02] -- sigcheck OK
C:\WINDOWS\system32\services.exe -- [111104] -- [09-02-2009 12:27] -- sigcheck OK
C:\WINDOWS\system32\sfc.dll -- [5120] -- [14-04-2008 18:02] -- sigcheck OK
C:\WINDOWS\system32\sfcfiles.dll -- [1571840] -- [14-04-2008 18:02] -- sigcheck OK
C:\WINDOWS\system32\spoolsv.exe -- [58880] -- [17-08-2010 14:17] -- sigcheck OK
C:\WINDOWS\system32\srsvc.dll -- [171008] -- [14-04-2008 18:02] -- sigcheck OK
C:\WINDOWS\system32\ssdpsrv.dll -- [71680] -- [14-04-2008 18:02] -- sigcheck OK
C:\WINDOWS\system32\svchost.exe -- [14336] -- [14-04-2008 18:03] -- sigcheck OK
C:\WINDOWS\system32\tapisrv.dll -- [249856] -- [14-04-2008 18:02] -- sigcheck OK
C:\WINDOWS\system32\termsrv.dll -- [297472] -- [14-04-2008 18:02] -- sigcheck OK
C:\WINDOWS\system32\upnphost.dll -- [186368] -- [14-04-2008 18:02] -- sigcheck OK
C:\WINDOWS\system32\user32.dll -- [580096] -- [14-04-2008 18:02] -- sigcheck OK
C:\WINDOWS\system32\userinit.exe -- [26112] -- [14-04-2008 18:03] -- sigcheck OK
C:\WINDOWS\system32\wininet.dll -- [916480] -- [23-08-2011 00:41] -- sigcheck OK
C:\WINDOWS\system32\winlogon.exe -- [510464] -- [14-04-2008 18:03] -- sigcheck OK
C:\WINDOWS\system32\ws2_32.dll -- [82432] -- [14-04-2008 18:02] -- sigcheck OK
C:\WINDOWS\system32\wscntfy.exe -- [13824] -- [14-04-2008 18:03] -- sigcheck OK
C:\WINDOWS\system32\wuauclt.exe -- [53472] -- [06-08-2009 18:24] -- sigcheck OK
C:\WINDOWS\system32\xmlprov.dll -- [129024] -- [14-04-2008 18:02] -- sigcheck OK
C:\WINDOWS\system32\drivers\acpiec.sys -- [12032] -- [11-09-2002 13:00] -- sigcheck OK
C:\WINDOWS\system32\drivers\aec.sys -- [142592] -- [13-04-2008 17:39] -- sigcheck OK
C:\WINDOWS\system32\drivers\afd.sys -- [138496] -- [17-08-2011 14:49] -- sigcheck OK
C:\WINDOWS\system32\drivers\asyncmac.sys -- [14336] -- [13-04-2008 19:57] -- sigcheck OK
C:\WINDOWS\system32\drivers\atapi.sys -- [96512] -- [13-04-2008 19:40] -- sigcheck OK
C:\WINDOWS\system32\drivers\beep.sys -- [4224] -- [11-09-2002 13:00] -- sigcheck OK
C:\WINDOWS\system32\drivers\classpnp.sys -- [49536] -- [13-04-2008 20:16] -- sigcheck OK
C:\WINDOWS\system32\drivers\disk.sys -- [36352] -- [13-04-2008 19:40] -- sigcheck OK
C:\WINDOWS\system32\drivers\iaStor.sys NOT found
C:\WINDOWS\system32\drivers\ip6fw.sys -- [36608] -- [13-04-2008 19:53] -- sigcheck OK
C:\WINDOWS\system32\drivers\IPSec.sys NOT found
C:\WINDOWS\system32\drivers\kbdclass.sys -- [25088] -- [14-04-2008 17:39] -- sigcheck OK
C:\WINDOWS\system32\drivers\ndis.sys -- [182656] -- [13-04-2008 20:20] -- sigcheck OK
C:\WINDOWS\system32\drivers\ntfs.sys -- [574976] -- [13-04-2008 20:15] -- sigcheck OK
C:\WINDOWS\system32\drivers\tcpip.sys -- [361600] -- [20-06-2008 12:51] -- sigcheck OK
C:\WINDOWS\system32\drivers\tdx.sys NOT found


--- SSODL regkeys ---

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" -- File: %SystemRoot%\system32\shell32.dll -- [?]
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" -- File: %SystemRoot%\system32\SHELL32.dll -- [?]
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" -- File: %Systemroot%\system32\webcheck.dll -- [?]
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" -- File: %systemroot%\system32\stobject.dll -- [?]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -- File: C:\WINDOWS\system32\WPDShServiceObj.dll -- [133632] -- [18-10-2006 20:47]


--- STS regkeys ---

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui" -- File: %SystemRoot%\System32\browseui.dll -- [?]
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën" -- File: %SystemRoot%\System32\browseui.dll -- [?]


--- USERINIT regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
File: C:\WINDOWS\system32\userinit.exe -- [26112] -- [14-04-2008 18:03]


--- SHELL regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"
File: C:\WINDOWS\Explorer.exe -- [1037312] -- [14-04-2008 18:02]


--- SYSTEM regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


--- APPINIT_DLLS regkey ---

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"RequireSignedAppInit_DLLs"=dword:00000001


--- NOTIFY regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
-- File: C:\WINDOWS\system32\crypt32.dll -- [602624] -- [28-09-2011 08:06]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
-- File: C:\WINDOWS\system32\cryptnet.dll -- [64512] -- [14-04-2008 18:02]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
-- File: C:\WINDOWS\system32\cscdll.dll -- [102400] -- [14-04-2008 18:02]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
-- File: %SystemRoot%\System32\dimsntfy.dll -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
-- File: C:\WINDOWS\system32\igfxsrvc.dll -- [348160] -- [23-01-2005 03:31]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
-- File: C:\WINDOWS\system32\wlnotify.dll -- [93696] -- [14-04-2008 18:02]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
-- File: C:\WINDOWS\system32\wlnotify.dll -- [93696] -- [14-04-2008 18:02]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
-- File: C:\WINDOWS\system32\sclgntfy.dll -- [21504] -- [14-04-2008 18:02]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
-- File: C:\WINDOWS\system32\WlNotify.dll -- [93696] -- [14-04-2008 18:02]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
-- File: C:\WINDOWS\system32\wlnotify.dll -- [93696] -- [14-04-2008 18:02]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
-- File: C:\WINDOWS\system32\wlnotify.dll -- [93696] -- [14-04-2008 18:02]


--- RUN / LOAD regkeys ---

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
no run / load keys found


--- SHELLEXECUTEHOOKS regkey ---

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" -- File: shell32.dll -- [?]


--- HKLM AUTORUN regkeys ---

[HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor]
no AutoRun regkey found


--- HKCU AUTORUN regkeys ---

[HKEY_CURRENT_USER\Software\Microsoft\Command Processor]
no AutoRun regkey found


--- HKLM\RUN regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray" -- File C:\WINDOWS\System32\igfxtray.exe -- [155648] -- [23-01-2005 03:36]
"HotKeysCmds" -- File C:\WINDOWS\System32\hkcmd.exe -- [126976] -- [23-01-2005 03:31]
"QuickTime Task" -- File: "C:\Program Files\QuickTime\qttask.exe" -atboottime -- [?]


--- HKLM\RUNONCE regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
no runonce values found


--- HKLM\RUNONCEEX regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
no runonceex values found


--- HKLM\RUNSERVICES regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
key not found


--- HKLM\RUNSERVICESONCE regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
key not found


--- HKCU\RUN regkey ---

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
no run values found


--- HKCU\RUNONCE regkey ---

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
no runonce values found


--- HKCU\RUNONCEEX regkey ---

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
key not found


--- HKCU\RUNSERVICES regkey ---

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
no runservices values found


--- HKCU\RUNSERVICESONCE regkey ---

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
no runservicesonce values found


--- HKU\.DEFAULT\Run regkeys - Default user ---

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE" -- File C:\WINDOWS\System32\CTFMON.EXE -- [15360] -- [14-04-2008 18:02]


--- HKU\S-1-5-18\Run regkeys - user SYSTEM ---

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE" -- File C:\WINDOWS\System32\CTFMON.EXE -- [15360] -- [14-04-2008 18:02]


--- HKU\S-1-5-19\Run regkeys - User Lokale service ---

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
key not found


--- HKU\S-1-5-20\Run regkeys - User Lokale service ---

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
key not found


--- HKLM\Explorer\Run regkeys ---

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
no run values found


--- HKCU\Explorer\Run regkeys ---

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
no run values found


--- Image File Execution regkeys ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
no debuggers found


--- BROWSER HELPER OBJECTS regkeys ---

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
-- CLSID not found
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
-- File: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll -- [408448] -- [22-01-2009 14:41]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
-- File: C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll -- [305328] -- [17-08-2011 06:30]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
-- File: C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll -- [1007160] -- [28-07-2011 09:30]


--- TOOLBAR regkeys ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} -- File: C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll -- [305328] -- [17-08-2011 06:30]


--- HKLM\URLSEARCHHOOKS regkeys ---

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
no urlsearchhooks found


--- HKCU\URLSEARCHHOOKS regkeys ---

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} -- File: C:\WINDOWS\system32\ieframe.dll -- [11081728] -- [23-08-2011 16:41]


--- SRCEENSAVER regkey ---

[HKEY_CURRENT_USER\Control Panel\Desktop]
"SCRNSAVE.EXE" -- File: %SystemRoot%\System32\logon.scr -- [?]


--- ALTERNATESHELL regkey ---

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
File: C:\WINDOWS\system32\cmd.exe -- [399872] -- [14-04-2008 18:02]


--- SECURITYPROVIDERS regkey ---

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
File: C:\WINDOWS\system32\msapsspc.dll -- [86016] -- [14-04-2008 18:02]
File: C:\WINDOWS\system32\schannel.dll -- [151552] -- [29-04-2011 18:25]
File: C:\WINDOWS\system32\digest.dll -- [68608] -- [14-04-2008 18:02]
File: C:\WINDOWS\system32\msnsspc.dll -- [290816] -- [14-04-2008 18:02]


--- Active Setup\Installed Components regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
-- File: C:\WINDOWS\system32\ieudinit.exe -- [36864] -- [08-03-2009 03:32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
-- File: C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
-- File: "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
-- File: RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
-- File: %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608555}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1325db73-d9f1-48f8-8895-6d814ec58889}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
-- File: %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3C3901C5-3455-3E0A-A214-0B093A5070A6}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
-- File: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
-- File: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4d64f3ba-f112-4efe-a02e-96680859937c}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
-- File: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5b7bf89d-d196-4c32-a303-a57b8ab7f18d}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
-- File: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
-- File: regsvr32.exe /s /n /i:U shell32.dll -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
-- File: C:\WINDOWS\system32\ie4uinit.exe -BaseSettings -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
-- File: C:\WINDOWS\system32\ie4uinit.exe -BaseSettings -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{dd772a76-bef3-44d7-8b39-502c8504c1f1}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{f15ee071-deb7-4cbb-951f-431c98338d8e}]
-- filepath not found


-- DRIVERS --

S4 - Abiosdsk - Abiosdsk -
S4 - abp480n5 - abp480n5 -
R0 - ACPI - Microsoft ACPI-stuurprogramma - C:\WINDOWS\system32\DRIVERS\ACPI.sys
S4 - ACPIEC - ACPIEC - C:\WINDOWS\system32\drivers\ACPIEC.sys
S4 - adpu160m - adpu160m -
S3 - aec - Microsoft Kernel akoestische echo-opheffing - C:\WINDOWS\system32\drivers\aec.sys
R1 - AFD - Omgeving voor AFD-netwerkondersteuning - C:\WINDOWS\system32\drivers\afd.sys
S4 - Aha154x - Aha154x -
S4 - aic78u2 - aic78u2 -
S4 - aic78xx - aic78xx -
S3 - ALCXWDM - Service for Realtek AC97 Audio (WDM) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS
S4 - AliIde - AliIde -
S4 - amsint - amsint -
S4 - asc - asc -
S4 - asc3350p - asc3350p -
S4 - asc3550 - asc3550 -
S3 - AsyncMac - Stuurprogramma voor RAS asyncrone media - C:\WINDOWS\system32\DRIVERS\asyncmac.sys
R0 - atapi - Standaard IDE/ESDI-vasteschijfcontroller - C:\WINDOWS\system32\DRIVERS\atapi.sys
S4 - Atdisk - Atdisk -
S3 - Atmarpc - ATM ARP-client-protocol - C:\WINDOWS\system32\DRIVERS\atmarpc.sys
S3 - audstub - Audiostub-stuurprogramma - C:\WINDOWS\system32\DRIVERS\audstub.sys
S3 - AVFSFilter - AVFSFilter - C:\WINDOWS\system32\DRIVERS\avfsfilter.sys
R1 - Beep - Beep - C:\WINDOWS\system32\drivers\Beep.sys
S3 - catchme - catchme - \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys
S4 - cbidf2k - cbidf2k - C:\WINDOWS\system32\drivers\cbidf2k.sys
S3 - CCDECODE - Closed Caption-decoder - C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
S4 - cd20xrnt - cd20xrnt -
S1 - Cdaudio - Cdaudio - C:\WINDOWS\system32\drivers\Cdaudio.sys
R4 - Cdfs - Cdfs - C:\WINDOWS\system32\drivers\Cdfs.sys
R1 - Cdrom - Cd-rom-stuurprogramma - C:\WINDOWS\system32\DRIVERS\cdrom.sys
S1 - Changer - Changer -
S4 - CmdIde - CmdIde -
S4 - Cpqarray - Cpqarray -
S4 - dac960nt - dac960nt -
R0 - Disk - Stuurprogramma voor schijfstations - C:\WINDOWS\system32\DRIVERS\disk.sys
S4 - dmboot - dmboot - C:\WINDOWS\system32\drivers\dmboot.sys
S4 - dmio - dmio - C:\WINDOWS\system32\drivers\dmio.sys
S4 - dmload - dmload - C:\WINDOWS\system32\drivers\dmload.sys
S3 - DMusic - Microsoft Kernel DLS-synthesizer - C:\WINDOWS\system32\drivers\DMusic.sys
S4 - dpti2o - dpti2o -
S3 - drmkaud - Microsoft Kernel DRM-audiodecoder - C:\WINDOWS\system32\drivers\drmkaud.sys
R4 - Fastfat - Fastfat - C:\WINDOWS\system32\drivers\Fastfat.sys
R3 - Fdc - Stuurprogramma voor diskettestationcontroller - C:\WINDOWS\system32\DRIVERS\fdc.sys
S3 - FilterService - UVC Filter Service - C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
S1 - Fips - Fips - C:\WINDOWS\system32\drivers\Fips.sys
R3 - Flpydisk - Stuurprogramma voor diskettestation - C:\WINDOWS\system32\DRIVERS\flpydisk.sys
R0 - FltMgr - FltMgr - C:\WINDOWS\system32\drivers\fltmgr.sys
R0 - Ftdisk - Stuurprogramma voor Volumebeheer - C:\WINDOWS\system32\DRIVERS\ftdisk.sys
R3 - Gpc - Algemene pakketclassificeerder - C:\WINDOWS\system32\DRIVERS\msgpc.sys
R3 - hidusb - Microsoft HID Class-stuurprogramma - C:\WINDOWS\system32\DRIVERS\hidusb.sys
S3 - hitmanpro35 - Hitman Pro 3.5 Support Driver - \??\C:\WINDOWS\system32\drivers\hitmanpro35.sys
S4 - hpn - hpn -
S3 - HPZid412 - IEEE-1284.4 Driver HPZid412 - C:\WINDOWS\system32\DRIVERS\HPZid412.sys
S3 - HPZipr12 - Print Class Driver for IEEE-1284.4 HPZipr12 - C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
S3 - HPZius12 - USB to IEEE-1284.4 Translation Driver HPZius12 - C:\WINDOWS\system32\DRIVERS\HPZius12.sys
S3 - HTTP - HTTP - C:\WINDOWS\system32\Drivers\HTTP.sys
S1 - i2omgmt - i2omgmt -
S4 - i2omp - i2omp -
R1 - i8042prt - Stuurprogramma voor i8042-toetsenbord en PS/2-muispoort - C:\WINDOWS\system32\DRIVERS\i8042prt.sys
S3 - ialm - ialm - C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
R1 - Imapi - Filterstuurprogramma voor het branden van cd's - C:\WINDOWS\system32\DRIVERS\imapi.sys
S4 - ini910u - ini910u -
S4 - IntelIde - IntelIde -
S1 - intelppm - Intel GV3-processorstuurprogramma - C:\WINDOWS\system32\DRIVERS\intelppm.sys
S3 - ip6fw - IPv6 Windows Firewall Driver - C:\WINDOWS\system32\drivers\ip6fw.sys
S3 - IpFilterDriver - IP Traffic Filter Driver - C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
S3 - IpInIp - IP in IP Tunnel Driver - C:\WINDOWS\system32\DRIVERS\ipinip.sys
S3 - IpNat - IP Network Address Translator - C:\WINDOWS\system32\DRIVERS\ipnat.sys
S3 - IRENUM - IR Enumerator-service - C:\WINDOWS\system32\DRIVERS\irenum.sys
R0 - isapnp - PnP ISA/EISA Bus-stuurprogramma - C:\WINDOWS\system32\DRIVERS\isapnp.sys
R1 - Kbdclass - Stuurprogramma voor verschillende toetsenbordtypen - C:\WINDOWS\system32\DRIVERS\kbdclass.sys
S3 - kmixer - Microsoft Kernel Wave-audiomixer - C:\WINDOWS\system32\drivers\kmixer.sys
R0 - KSecDD - KSecDD - C:\WINDOWS\system32\drivers\KSecDD.sys
S1 - lbrtfdc - lbrtfdc -
S3 - LVPr2Mon - Logitech LVPr2Mon Driver - C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
S3 - LVRS - Logitech RightSound Filter Driver - C:\WINDOWS\system32\DRIVERS\lvrs.sys
S3 - LVUVC - Logitech Webcam 500(UVC) - C:\WINDOWS\system32\DRIVERS\lvuvc.sys
S1 - mnmdd - mnmdd - C:\WINDOWS\system32\drivers\mnmdd.sys
S3 - Modem - Modem - C:\WINDOWS\system32\drivers\Modem.sys
R1 - Mouclass - Stuurprogramma voor muistypen - C:\WINDOWS\system32\DRIVERS\mouclass.sys
R3 - mouhid - Stuurprogramma voor muis-HID - C:\WINDOWS\system32\DRIVERS\mouhid.sys
R0 - MountMgr - Koppelpuntbeheer - C:\WINDOWS\system32\drivers\MountMgr.sys
S4 - mraid35x - mraid35x -
S3 - MRxDAV - WebDav-client-redirector - C:\WINDOWS\system32\DRIVERS\mrxdav.sys
R1 - MRxSmb - MRXSMB - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
R1 - Msfs - Msfs - C:\WINDOWS\system32\drivers\Msfs.sys
S3 - MSKSSRV - Microsoft Streaming Service-proxy - C:\WINDOWS\system32\drivers\MSKSSRV.sys
S3 - MSPCLOCK - Microsoft Streaming Clock-proxy - C:\WINDOWS\system32\drivers\MSPCLOCK.sys
S3 - MSPQM - Microsoft Streaming Kwaliteitsbeheer Proxy - C:\WINDOWS\system32\drivers\MSPQM.sys
R3 - mssmbios - BIOS-stuurprogramma voor Microsoft Systeembeheer - C:\WINDOWS\system32\DRIVERS\mssmbios.sys
S3 - MSTEE - Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma - C:\WINDOWS\system32\drivers\MSTEE.sys
R0 - Mup - Mup - C:\WINDOWS\system32\drivers\Mup.sys
S3 - NABTSFEC - NABTS/FEC VBI Codec - C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
R0 - NDIS - NDIS-systeemstuurprogramma - C:\WINDOWS\system32\drivers\NDIS.sys
S3 - NdisIP - Microsoft TV/Video-verbinding - C:\WINDOWS\system32\DRIVERS\NdisIP.sys
R3 - NdisTapi - RAS NDIS TAPI-stuurprogramma - C:\WINDOWS\system32\DRIVERS\ndistapi.sys
R3 - Ndisuio - I/O-protocol van NDIS-gebruikermodus - C:\WINDOWS\system32\DRIVERS\ndisuio.sys
R3 - NdisWan - RAS NDIS WAN-stuurprogramma - C:\WINDOWS\system32\DRIVERS\ndiswan.sys
R3 - NDProxy - NDIS-proxy - C:\WINDOWS\system32\drivers\NDProxy.sys
R1 - NetBIOS - NetBIOS-interface - C:\WINDOWS\system32\DRIVERS\netbios.sys
R1 - NetBT - NetBios over Tcpip - C:\WINDOWS\system32\DRIVERS\netbt.sys
R1 - Npfs - Npfs - C:\WINDOWS\system32\drivers\Npfs.sys
R4 - Ntfs - Ntfs - C:\WINDOWS\system32\drivers\Ntfs.sys
R1 - Null - Null - C:\WINDOWS\system32\drivers\Null.sys
S3 - NwlnkFlt - IPX Traffic Filter Driver - C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
S3 - NwlnkFwd - IPX Traffic Forwarder Driver - C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
S3 - Parport - Stuurprogramma voor parallelle poort - C:\WINDOWS\system32\DRIVERS\parport.sys
R0 - PartMgr - Partitiebeheer - C:\WINDOWS\system32\drivers\PartMgr.sys
S2 - ParVdm - ParVdm - C:\WINDOWS\system32\drivers\ParVdm.sys
R0 - PCI - PCI Bus-stuurprogramma - C:\WINDOWS\system32\DRIVERS\pci.sys
S1 - PCIDump - PCIDump -
R0 - PCIIde - PCIIde - C:\WINDOWS\system32\DRIVERS\pciide.sys
S4 - Pcmcia - Pcmcia - C:\WINDOWS\system32\drivers\Pcmcia.sys
S3 - PDCOMP - PDCOMP -
S3 - PDFRAME - PDFRAME -
S3 - PDRELI - PDRELI -
S3 - PDRFRAME - PDRFRAME -
S4 - perc2 - perc2 -
S4 - perc2hib - perc2hib -
R3 - PptpMiniport - WAN-minipoort (PPTP) - C:\WINDOWS\system32\DRIVERS\raspptp.sys
S1 - Processor - Stuurprogramma voor processor - C:\WINDOWS\system32\DRIVERS\processr.sys
R3 - PSched - QoS-pakketplanner - C:\WINDOWS\system32\DRIVERS\psched.sys
R3 - Ptilink - Stuurprogramma voor Directe parallelle verbinding - C:\WINDOWS\system32\DRIVERS\ptilink.sys
S4 - ql1080 - ql1080 -
S4 - Ql10wnt - Ql10wnt -
S4 - ql12160 - ql12160 -
S4 - ql1240 - ql1240 -
S4 - ql1280 - ql1280 -
R1 - RasAcd - Stuurprogramma voor Automatische verbinding voor RAS - C:\WINDOWS\system32\DRIVERS\rasacd.sys
R3 - Rasl2tp - WAN-minipoort (L2TP) - C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
R3 - RasPppoe - PPPOE-RAS-stuurprogramma - C:\WINDOWS\system32\DRIVERS\raspppoe.sys
R3 - Raspti - Direct Parallel - C:\WINDOWS\system32\DRIVERS\raspti.sys
R1 - Rdbss - Rdbss - C:\WINDOWS\system32\DRIVERS\rdbss.sys
R1 - RDPCDD - RDPCDD - C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
S3 - RDPWD - RDPWD - C:\WINDOWS\system32\drivers\RDPWD.sys
R1 - redbook - Stuurprogramma voor afspeelfilter van digitale cd-audio - C:\WINDOWS\system32\DRIVERS\redbook.sys
R3 - RTL8023xp - Realtek 10/100/1000 NIC Family all in one NDIS XP Driver - C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
S3 - rtl8139 - NT-stuurprogramma voor Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter - C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
S3 - Secdrv - Secdrv - C:\WINDOWS\system32\DRIVERS\secdrv.sys
S3 - serenum - Serenum Filter-stuurprogramma - C:\WINDOWS\system32\DRIVERS\serenum.sys
S1 - Serial - Stuurprogramma voor seriële poort - C:\WINDOWS\system32\DRIVERS\serial.sys
R0 - sfdrv01 - StarForce Protection Environment Driver (version 1.x) - C:\WINDOWS\system32\drivers\sfdrv01.sys
R0 - sfhlp02 - StarForce Protection Helper Driver (version 2.x) - C:\WINDOWS\system32\drivers\sfhlp02.sys
S1 - Sfloppy - Sfloppy - C:\WINDOWS\system32\drivers\Sfloppy.sys
R0 - sfsync02 - StarForce Protection Synchronization Driver (version 2.x) - C:\WINDOWS\system32\drivers\sfsync02.sys
S4 - Simbad - Simbad -
S3 - SLIP - BDA Slip De-Framer - C:\WINDOWS\system32\DRIVERS\SLIP.sys
S4 - Sparrow - Sparrow -
S3 - splitter - Microsoft Kernel-audiosplitsing - C:\WINDOWS\system32\drivers\splitter.sys
R0 - sr - Stuurprogramma voor systeemherstelfilter - C:\WINDOWS\system32\DRIVERS\sr.sys
R3 - Srv - SRV - C:\WINDOWS\system32\DRIVERS\srv.sys
S3 - ssadbus - SAMSUNG Android USB Composite Device driver (WDM) - C:\WINDOWS\system32\DRIVERS\ssadbus.sys
S3 - ssadmdfl - SAMSUNG Android USB Modem (Filter) - C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
S3 - ssadmdm - SAMSUNG Android USB Modem Drivers - C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
S3 - streamip - BDA IPSink - C:\WINDOWS\system32\DRIVERS\StreamIP.sys
R3 - swenum - Software Bus-stuurprogramma - C:\WINDOWS\system32\DRIVERS\swenum.sys
S3 - swmidi - Microsoft Kernel GS Wavetable-synthesizer - C:\WINDOWS\system32\drivers\swmidi.sys
S4 - symc810 - symc810 -
S4 - symc8xx - symc8xx -
S4 - sym_hi - sym_hi -
S4 - sym_u3 - sym_u3 -
S3 - sysaudio - Microsoft Kernel-systeemaudioapparaat - C:\WINDOWS\system32\drivers\sysaudio.sys
S1 - Tcpip - Stuurprogramma voor TCP/IP-protocol - C:\WINDOWS\system32\DRIVERS\tcpip.sys
S3 - TDPIPE - TDPIPE - C:\WINDOWS\system32\drivers\TDPIPE.sys
S3 - TDTCP - TDTCP - C:\WINDOWS\system32\drivers\TDTCP.sys
R1 - TermDD - Stuurprogramma voor terminal-apparaat - C:\WINDOWS\system32\DRIVERS\termdd.sys
S4 - TosIde - TosIde -
S4 - Udfs - Udfs - C:\WINDOWS\system32\drivers\Udfs.sys
S4 - ultra - ultra -
R3 - Update - Microcode Update-stuurprogramma - C:\WINDOWS\system32\DRIVERS\update.sys
S3 - usbaudio - Stuurprogramma voor USB-audio (WDM) - C:\WINDOWS\system32\drivers\usbaudio.sys
S3 - usbccgp - Microsoft generiek hoofd-USB-stuurprogramma - C:\WINDOWS\system32\DRIVERS\usbccgp.sys
R3 - usbehci - Microsoft USB 2.0 Enhanced Host Controller Miniport Driver - C:\WINDOWS\system32\DRIVERS\usbehci.sys
R3 - usbhub - USB2 Enabled Hub - C:\WINDOWS\system32\DRIVERS\usbhub.sys
S3 - usbprint - Microsoft USB PRINTER Class - C:\WINDOWS\system32\DRIVERS\usbprint.sys
S3 - usbscan - Stuurprogramma voor USB-scanner - C:\WINDOWS\system32\DRIVERS\usbscan.sys
R3 - usbstor - Stuurprogramma voor USB-massaopslag - C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
R3 - usbuhci - Microsoft USB Universal Host Controller Miniport Driver - C:\WINDOWS\system32\DRIVERS\usbuhci.sys
S3 - usbvideo - USB-videoapparaat (WDM) - C:\WINDOWS\system32\Drivers\usbvideo.sys
R1 - VgaSave - Grafische VGA-adapter. - C:\WINDOWS\system32\drivers\vga.sys
S4 - ViaIde - ViaIde -
R0 - VolSnap - VolSnap - C:\WINDOWS\system32\drivers\VolSnap.sys
S3 - Wanarp - RAS IP ARP-stuurprogramma - C:\WINDOWS\system32\DRIVERS\wanarp.sys
S3 - WDICA - WDICA -
S3 - wdmaud - Stuurprogramma voor Microsoft WINMM WDM-audiocompatibiliteit - C:\WINDOWS\system32\drivers\wdmaud.sys
S3 - WpdUsb - WpdUsb - C:\WINDOWS\system32\DRIVERS\wpdusb.sys
S4 - WS2IFSL - Windows Socket 2.0 Non-IFS-omgeving voor serviceproviderondersteuning - C:\WINDOWS\system32\drivers\ws2ifsl.sys
S3 - WSTCODEC - World Standard Teletext-codec - C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
R0 - WudfPf - Windows Driver Foundation - User-mode Driver Framework Platform Driver - C:\WINDOWS\system32\DRIVERS\WudfPf.sys
S3 - WudfRd - Windows Driver Foundation - User-mode Driver Framework Reflector - C:\WINDOWS\system32\DRIVERS\wudfrd.sys

-- SERVICES --

S3 - ALG - Application Layer Gateway-service - C:\WINDOWS\System32\alg.exe
S3 - aspnet_state - ASP.NET-statusservice - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
S3 - CiSvc - Indexing-service - C:\WINDOWS\system32\cisvc.exe
S3 - ClipSrv - ClipBook - C:\WINDOWS\system32\clipsrv.exe
S4 - clr_optimization_v2.0.50727_32 - .NET Runtime Optimization Service v2.0.50727_X86 - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
S2 - clr_optimization_v4.0.30319_32 - Microsoft .NET Framework NGEN v4.0.30319_X86 - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S3 - COMSysApp - COM+-systeemtoepassing - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 - dmadmin - Logical Disk Manager Administrative-service - C:\WINDOWS\System32\dmadmin.exe /com
R2 - Eventlog - Event Log - C:\WINDOWS\system32\services.exe
S3 - FontCache3.0.0.0 - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
S2 - gupdate - Google Updateservice (gupdate) - C:\Program Files\Google\Update\GoogleUpdate.exe /svc
S3 - gupdatem - Google Update-service (gupdatem) - C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc
S3 - gusvc - Google Software Updater - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
S3 - HP Port Resolver - HP Port Resolver - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
S3 - idsvc - Windows CardSpace - "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
S3 - ImapiService - COM-service voor IMAPI cd-branders - C:\WINDOWS\system32\imapi.exe
S2 - LVPrcSrv - Process Monitor - "C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe"
S2 - McMPFSvc - McAfee Personal Firewall Service - "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc
S3 - mnmsrvc - NetMeeting Remote Desktop Sharing - C:\WINDOWS\System32\mnmsrvc.exe
S3 - MSDTC - Distributed Transaction Coordinator - C:\WINDOWS\System32\msdtc.exe
S3 - MSIServer - Windows Installer - C:\WINDOWS\system32\msiexec.exe /V
S3 - NBService - NBService - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
S4 - NetDDE - Network DDE - C:\WINDOWS\system32\netdde.exe
S4 - NetDDEdsdm - Network DDE DSDM - C:\WINDOWS\system32\netdde.exe
S3 - Netlogon - Net Logon - C:\WINDOWS\system32\lsass.exe
S3 - NtLmSsp - NT LM Security Support Provider - C:\WINDOWS\System32\lsass.exe
S3 - ose - Office Source Engine - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
R2 - PlugPlay - Plug and Play - C:\WINDOWS\system32\services.exe
S2 - Pml Driver HPZ12 - Pml Driver HPZ12 - C:\WINDOWS\system32\HPZipm12.exe
S2 - PnkBstrA - PnkBstrA - C:\WINDOWS\system32\PnkBstrA.exe
S2 - PolicyAgent - IPSEC-services - C:\WINDOWS\system32\lsass.exe
S2 - ProtectedStorage - Protected Storage - C:\WINDOWS\system32\lsass.exe
S3 - RDSessMgr - Helpsessiebeheer voor Extern bureaublad - C:\WINDOWS\system32\sessmgr.exe
S3 - RpcLocator - Remote Procedure Call (RPC) Locator - C:\WINDOWS\System32\locator.exe
S3 - RSVP - QoS RSVP - C:\WINDOWS\System32\rsvp.exe
S2 - SamSs - Security Accounts Manager - C:\WINDOWS\system32\lsass.exe
S3 - SCardSvr - Smart Card - C:\WINDOWS\System32\SCardSvr.exe
S2 - Spooler - Print Spooler - C:\WINDOWS\system32\spoolsv.exe
S3 - SwPrv - MS Software Shadow Copy Provider - C:\WINDOWS\System32\dllhost.exe /Processid:{F612F59C-B070-4B32-B89E-078F4D79DA5E}
S3 - SysmonLog - Performance Logs and Alerts - C:\WINDOWS\system32\smlogsvc.exe
S3 - TUWinStylerThemeSvc - TuneUp WinStyler Theme Service - "C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe"
S3 - UPS - Uninterruptible Power Supply - C:\WINDOWS\System32\ups.exe
S3 - VSS - Volume Shadow Copy - C:\WINDOWS\System32\vssvc.exe
S3 - WmiApSrv - WMI-prestatieadapter - C:\WINDOWS\System32\wbem\wmiapsrv.exe
S3 - WPFFontCache_v0400 - Windows Presentation Foundation Font Cache 4.0.0.0 - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe


--- SAFEBOOT MINIMAL SERVICES ---

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
{533C5B84-EC70-11D2-9505-00C04F79DEAF}


--- SAFEBOOT Network SERVICES ---

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
DnsCache
hitmanpro35
hitmanpro35.sys
HitmanPro35Crusader
McMPFSvc


--- BOOTEXECUTE regkey ---

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"BootExecute"= autocheck autochk *\0\0


--- PENDINGFILERENAMEOPERATIONS regkey ---

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
PendingFileRenameOperations key not found


--- WOW-CMDLINE regkeys ---

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW]
"cmdline" = %SystemRoot%\system32\ntvdm.exe
"cmdline" = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386


--- SVCHOST LocalService regkey ---

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] -- LocalService
only standard values found


--- SVCHOST NetworkService regkey ---

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] -- NetworkService
only standard values found


--- SVCHOST netsvcs regkey ---

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] -- netsvcs
WmdmPmSN -- C:\WINDOWS\system32\MsPMSNSv.dll


--- SVCHOST rpcss regkey ---

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] -- rpcss
only standard values found


--- SVCHOST imgsvc regkey ---

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] -- imgsvc
only standard values found


--- SVCHOST termsvcs regkey ---

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] -- termsvcs
only standard values found


--- SVCHOST HTTPFilter regkey ---

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] -- HTTPFilter
HTTPFilter -- %SystemRoot%\System32\w3ssl.dll


--- SVCHOST DcomLaunch regkey ---

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] -- DcomLaunch
only standard values found


--- SVCHOST eapsvcs regkey ---

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] -- eapsvcs
eaphost -- %SystemRoot%\System32\eapsvc.dll


--- SVCHOST dot3svc regkey ---

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] -- dot3svc
dot3svc -- %SystemRoot%\System32\dot3svc.dll


--- SVCHOST WudfServiceGroup regkey ---

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] -- WudfServiceGroup
WUDFSvc -- %SystemRoot%\System32\WUDFSvc.dll


--- DNS SERVER regkeys ---

no "NameServer" values found


--- HKCU SEARCHSCOPE ---




--- HKLM SEARCHSCOPE ---

DefaultScope= {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}

HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}
URL REG_SZ http://search.live.com/results.aspx?q={s...r:source?}

HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
URL REG_SZ http://www.google.com/search?q={searchTe...urceid=ie7

HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd21}
URL REG_SZ http://search.imesh.com//web?src=ieb&app...archTerms}

HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}
URL REG_SZ http://www.searchqu.com/web?src=ieb&appi...archTerms}


--- File associations ---

.BAT files: ("%1" %*)
.COM files: ("%1" %*)
.EXE files: ("%1" %*)
.HLP files: (%SystemRoot%\System32\winhlp32.exe %1)
.INF files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
.INI files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
.JS files: (%SystemRoot%\System32\WScript.exe "%1" %*)
.PIF files: ("%1" %*)
.REG files: (regedit.exe "%1")
.SCR files: ("%1" /S)
.TXT files: (%SystemRoot%\system32\NOTEPAD.EXE %1)
.VBS files: (%SystemRoot%\System32\WScript.exe "%1" %*)


--- STARTUP FOLDERS ---

C:\Documents and Settings\Administrator\Menu Start\Programma's\Opstarten\desktop.ini -- [84] -- [06-06-2011 22:17]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\desktop.ini -- [84] -- [06-06-2011 22:17]
C:\Documents and Settings\Default User\Menu Start\Programma's\Opstarten\desktop.ini -- [84] -- [06-06-2011 22:17]
C:\Documents and Settings\Default User\Menu Start\Programma's\Opstarten\desktop.ini -- [84] -- [06-06-2011 22:17]


--- TASK SCHEDULER JOBS ---

C:\WINDOWS\tasks\Easy Onderhoud.job -- [388] -- [25-11-2011 17:18]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -- [1038] -- [29-11-2011 19:51]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -- [1042] -- [29-11-2011 19:40]
C:\WINDOWS\tasks\User_Feed_Synchronization-{2992EF4F-425B-4F38-AD0F-B1B2C1441709}.job -- [454] -- [29-11-2011 19:11]


--- Created files ---

2011-11-30 14:54:45 -------- d-----w- [---] C:\WINDOWS\RegLooks
2011-11-29 19:47:25 -------- d-sh--w- [---] C:\RECYCLER
2011-11-29 19:47:25 -------- d-sh--w- [---] \RECYCLER
2011-11-29 19:42:11 -------- d-----w- [---] C:\WINDOWS\temp
2011-11-29 19:42:09 11057 ----a-w- [---] C:\ComboFix.txt
2011-11-29 19:42:09 11057 ----a-w- [---] \ComboFix.txt
2011-11-28 14:55:43 138496 -c--a-w-[7--] C:\WINDOWS\system32\dllcache\afd.sys
2011-11-28 14:53:09 98816 ----a-w- [---] C:\WINDOWS\sed.exe
2011-11-28 14:53:09 80412 ----a-w- [---] C:\WINDOWS\grep.exe
2011-11-28 14:53:09 68096 ----a-w- [---] C:\WINDOWS\zip.exe
2011-11-28 14:53:09 60416 ----a-w- [---] C:\WINDOWS\NIRCMD.exe
2011-11-28 14:53:09 518144 ----a-w- [---] C:\WINDOWS\SWREG.exe
2011-11-28 14:53:09 406528 ----a-w- [---] C:\WINDOWS\SWSC.exe
2011-11-28 14:53:09 256000 ----a-w- [---] C:\WINDOWS\PEV.exe
2011-11-28 14:53:09 212480 ----a-w- [---] C:\WINDOWS\SWXCACLS.exe
2011-11-28 14:53:09 208896 ----a-w- [---] C:\WINDOWS\MBR.exe
2011-11-28 14:53:05 -------- d-----w- [---] C:\WINDOWS\ERDNT
2011-11-28 14:52:59 -------- d-----w- [---] C:\Qoobox
2011-11-28 14:52:59 -------- d-----w- [---] \Qoobox
2011-11-27 17:51:06 -------- d-sh--w- [---] C:\Documents and Settings\Administrator\IETldCache
2011-11-27 17:49:00 188 --sh--w- [---] C:\Documents and Settings\Administrator\ntuser.ini
2011-11-27 17:48:58 62 --sha-w- [---] C:\Documents and Settings\Administrator\Application Data\desktop.ini
2011-11-27 17:48:57 786432 ---ha-w- [---] C:\Documents and Settings\Administrator\NTUSER.DAT
2011-11-27 17:48:57 77824 ---ha-w- [---] C:\Documents and Settings\Administrator\NTUSER.DAT.LOG
2011-11-27 17:48:57 -------- d-sh--w- [---] C:\Documents and Settings\Administrator\Cookies
2011-11-27 17:48:57 -------- d-s---w- [---] C:\Documents and Settings\Administrator\Application Data\Microsoft
2011-11-27 17:48:57 -------- d--h--w- [---] C:\Documents and Settings\Administrator\Sjablonen
2011-11-27 17:48:57 -------- d--h--w- [---] C:\Documents and Settings\Administrator\Onlangs geopend
2011-11-27 17:48:57 -------- d--h--w- [---] C:\Documents and Settings\Administrator\Netwerkprinteromgeving
2011-11-27 17:48:57 -------- d--h--w- [---] C:\Documents and Settings\Administrator\NetHood
2011-11-27 17:48:57 -------- d--h--w- [---] C:\Documents and Settings\Administrator\Local Settings
2011-11-27 17:48:57 -------- d--h--r- [---] C:\Documents and Settings\Administrator\SendTo
2011-11-27 17:48:57 -------- d--h--r- [---] C:\Documents and Settings\Administrator\Application Data
2011-11-27 17:48:57 -------- d-----w- [---] C:\Documents and Settings\Administrator\Mijn documenten
2011-11-27 17:48:57 -------- d-----w- [---] C:\Documents and Settings\Administrator\Favorieten
2011-11-27 17:48:57 -------- d-----w- [---] C:\Documents and Settings\Administrator\Bureaublad
2011-11-27 17:48:57 -------- d-----r- [---] C:\Documents and Settings\Administrator\Menu Start
2011-11-27 17:26:39 376422 ----a-w- [---] C:\WINDOWS\ntbtlog.txt
2011-11-27 10:43:43 524 ----a-w- [---] C:\WINDOWS\system32\.crusader
2011-11-27 10:07:55 -------- d-----w- [---] C:\Program Files\PC Tools Security
2011-11-25 15:22:12 -------- d-----w- [---] C:\Program Files\Spybot - Search & Destroy
2011-11-25 14:41:46 -------- d-----w- [---] C:\Program Files\Citrix
2011-11-18 18:08:27 -------- d-----w- [---] C:\Program Files\Common Files\DirectX
2011-11-18 17:50:47 1491992 ----a-w- [7--] C:\WINDOWS\system32\D3DCompiler_38.dll
2011-11-18 17:50:46 467984 ----a-w- [7--] C:\WINDOWS\system32\d3dx10_38.dll
2011-11-18 17:50:46 3850760 ----a-w- [7--] C:\WINDOWS\system32\D3DX9_38.dll
2011-11-18 17:50:42 462864 ----a-w- [7--] C:\WINDOWS\system32\d3dx10_37.dll
2011-11-18 17:50:42 1420824 ----a-w- [7--] C:\WINDOWS\system32\D3DCompiler_37.dll
2011-11-18 17:50:41 3786760 ----a-w- [7--] C:\WINDOWS\system32\D3DX9_37.dll
2011-11-18 17:50:38 444776 ----a-w- [7--] C:\WINDOWS\system32\d3dx10_36.dll
2011-11-18 17:50:38 3734536 ----a-w- [7--] C:\WINDOWS\system32\d3dx9_36.dll
2011-11-18 17:50:38 1374232 ----a-w- [7--] C:\WINDOWS\system32\D3DCompiler_36.dll
2011-11-18 17:50:35 444776 ----a-w- [7--] C:\WINDOWS\system32\d3dx10_35.dll
2011-11-18 17:50:35 1358192 ----a-w- [7--] C:\WINDOWS\system32\D3DCompiler_35.dll
2011-11-18 17:50:34 3727720 ----a-w- [7--] C:\WINDOWS\system32\d3dx9_35.dll
2011-11-18 17:48:51 -------- d-----w- [---] C:\WINDOWS\Logs
2011-11-18 17:47:29 2793768 ----a-w- [7--] C:\WINDOWS\system32\pbsvc.exe
2011-11-18 17:37:45 -------- d-----w- [---] C:\Program Files\Ubisoft
2011-11-16 18:25:11 414368 ----a-w- [7--] C:\WINDOWS\system32\FlashPlayerCPLApp.cpl


--- Modified files ---

2011-11-30 14:55:35 77824 ---ha-w- [---] C:\Documents and Settings\Administrator\NTUSER.DAT.LOG
2011-11-30 14:53:51 0 ----a-w- [---] C:\WINDOWS\0.log
2011-11-30 14:53:50 376422 ----a-w- [---] C:\WINDOWS\ntbtlog.txt
2011-11-30 14:51:39 2048 --s-a-w- [---] C:\WINDOWS\bootstat.dat
2011-11-29 19:47:46 188 --sh--w- [---] C:\Documents and Settings\Administrator\ntuser.ini
2011-11-29 19:47:46 1679730 ----a-w- [---] C:\WINDOWS\WindowsUpdate.log
2011-11-29 19:47:45 786432 ---ha-w- [---] C:\Documents and Settings\Administrator\NTUSER.DAT
2011-11-29 19:42:09 11057 ----a-w- [---] C:\ComboFix.txt
2011-11-29 19:39:00 227 ----a-w- [---] C:\WINDOWS\system.ini
2011-11-29 19:13:46 98304 ----a-w- [---] C:\WINDOWS\system32\CmdLineExt.dll
2011-11-29 19:09:54 6 ---ha-w- [---] C:\WINDOWS\Tasks\SA.DAT
2011-11-29 19:09:54 32494 ----a-w- [---] C:\WINDOWS\SchedLgU.Txt
2011-11-29 19:09:53 216 ----a-w- [---] C:\WINDOWS\wiadebug.log
2011-11-29 18:56:23 569261 ----a-w- [---] C:\WINDOWS\setupapi.log
2011-11-29 18:53:28 50 ----a-w- [---] C:\WINDOWS\wiaservc.log
2011-11-29 18:51:13 1038 ----a-w- [---] C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2011-11-29 18:40:10 1042 ----a-w- [---] C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2011-11-29 18:11:42 454 ---ha-w- [---] C:\WINDOWS\Tasks\User_Feed_Synchronization-{2992EF4F-425B-4F38-AD0F-B1B2C1441709}.job
2011-11-28 15:59:41 69 ----a-w- [---] C:\WINDOWS\NeroDigital.ini
2011-11-27 10:45:20 23624 ----a-w- [7--] C:\WINDOWS\system32\drivers\hitmanpro35.sys
2011-11-27 10:43:43 524 ----a-w- [---] C:\WINDOWS\system32\.crusader
2011-11-27 10:09:15 812426 ----a-w- [---] C:\WINDOWS\system32\drivers\Cat.DB
2011-11-26 19:44:13 69632 ----a-w- [---] C:\WINDOWS\system32\HPZipm12.exe
2011-11-26 17:53:11 350230 -c--a-w- [---] C:\WINDOWS\DirectX.log
2011-11-26 17:52:32 1313 -c--a-w- [---] C:\WINDOWS\DXError.log
2011-11-25 16:18:35 388 ----a-w- [---] C:\WINDOWS\Tasks\Easy Onderhoud.job
2011-11-18 17:47:58 139152 ----a-w- [7--] C:\WINDOWS\system32\drivers\PnkBstrK.sys
2011-11-18 17:47:29 2793768 ----a-w- [7--] C:\WINDOWS\system32\pbsvc.exe
2011-11-16 18:25:11 414368 ----a-w- [7--] C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2011-11-16 16:34:09 202583 ----a-w- [---] C:\WINDOWS\setupact.log
2011-11-11 11:09:04 466986 ----a-w- [---] C:\WINDOWS\comsetup.log
2011-11-11 11:09:04 313895 ----a-w- [---] C:\WINDOWS\iis6.log
2011-11-11 11:09:04 282912 ----a-w- [---] C:\WINDOWS\ntdtcsetup.log
2011-11-11 11:09:03 986637 ----a-w- [---] C:\WINDOWS\ocgen.log
2011-11-11 11:09:03 76683 ----a-w- [---] C:\WINDOWS\ocmsn.log
2011-11-11 11:09:03 2008476 ----a-w- [---] C:\WINDOWS\FaxSetup.log
2011-11-11 11:09:03 1393 ----a-w- [---] C:\WINDOWS\imsins.log
2011-11-11 11:09:03 13782 ----a-w- [---] C:\WINDOWS\KB2641690.log
2011-11-11 11:09:03 100790 ----a-w- [---] C:\WINDOWS\msgsocm.log
2011-11-11 11:08:56 259506 ----a-w- [---] C:\WINDOWS\updspapi.log
2011-11-09 08:53:21 1374 ----a-w- [---] C:\WINDOWS\imsins.BAK
2011-11-09 08:53:20 12808 ----a-w- [---] C:\WINDOWS\KB2544893-v2.log
2011-11-09 08:49:18 50295240 ----a-w- [7--] C:\WINDOWS\system32\MRT.exe
2011-11-04 14:18:06 319 ----a-w- [---] C:\WINDOWS\game.ini
2011-11-04 13:40:08 0 ----a-w- [---] C:\WINDOWS\setuperr.log
2011-10-30 08:29:17 83262 ----a-w- [---] C:\WINDOWS\system32\perfc009.dat
2011-10-30 08:29:17 566098 ----a-w- [---] C:\WINDOWS\system32\perfh013.dat
2011-10-30 08:29:17 492614 ----a-w- [---] C:\WINDOWS\system32\perfh009.dat
2011-10-30 08:29:17 1265630 ----a-w- [---] C:\WINDOWS\system32\PerfStringBackup.INI
2011-10-30 08:29:17 105786 ----a-w- [---] C:\WINDOWS\system32\perfc013.dat
2011-10-23 10:00:14 112993 ----a-w- [---] C:\WINDOWS\hpoins11.dat
2011-10-23 09:12:02 69970 ----a-w- [---] C:\WINDOWS\hpoins05.dat
2011-10-23 09:11:34 522 ----a-w- [---] C:\WINDOWS\win.ini
2011-10-12 16:49:35 189792 ----a-w- [---] C:\WINDOWS\system32\FNTCACHE.DAT
2011-10-12 16:46:25 136371 ----a-w- [---] C:\WINDOWS\KB2586448-IE8.log
2011-10-12 16:41:24 123285 ----a-w- [---] C:\WINDOWS\KB2564958.log
2011-10-12 16:39:31 8530 ----a-w- [---] C:\WINDOWS\KB2592799.log
2011-10-12 16:25:40 15600 ----a-w- [---] C:\WINDOWS\KB2567053.log
2011-10-10 14:22:51 692736 -c--a-w- [7--] C:\WINDOWS\system32\dllcache\inetcomm.dll
2011-10-10 14:22:51 692736 ----a-w- [7-8] C:\WINDOWS\system32\inetcomm.dll
2011-10-03 08:31:35 5971456 -c--a-w- [7--] C:\WINDOWS\system32\dllcache\mshtml.dll
2011-10-03 08:31:35 5971456 ----a-w- [7-8] C:\WINDOWS\system32\mshtml.dll
2011-09-28 07:06:45 602624 -c--a-w- [7--] C:\WINDOWS\system32\dllcache\crypt32.dll
2011-09-28 07:06:45 602624 ----a-w- [7-8] C:\WINDOWS\system32\crypt32.dll
2011-09-26 09:41:44 23040 -c--a-w- [7--] C:\WINDOWS\system32\dllcache\oleaccrc.dll
2011-09-26 09:41:44 23040 ----a-w- [7-8] C:\WINDOWS\system32\oleaccrc.dll
2011-09-26 09:41:20 220160 -c--a-w- [7--] C:\WINDOWS\system32\dllcache\oleacc.dll
2011-09-26 09:41:20 220160 ----a-w- [7-8] C:\WINDOWS\system32\oleacc.dll
2011-09-20 20:24:03 13487 -c--a-w- [---] C:\WINDOWS\KB2616676-v2.log
2011-09-14 20:42:31 15495 ----a-w- [---] C:\WINDOWS\KB2616676.log
2011-09-14 20:37:43 8683 -c--a-w- [---] C:\WINDOWS\KB2570947.log
2011-09-07 17:15:40 3279 -c--a-w- [---] C:\WINDOWS\KB2607712.log
2011-09-06 14:09:57 1859072 -c--a-w- [7--] C:\WINDOWS\system32\dllcache\win32k.sys

Scan completed: wo 30-11-2011 15:55:57,18
FINISHED

[miekiemoes]

Hoi,

Download systemlook: http://jpshortstuff.247fixes.com/SystemLook.exe
Plaats het op je bureaublad.
Start systemlook en kopieer en plak het volgende erin:

:filefind
ipsec.sys

Klik op de Look knop om de scan te starten.
Daarna zal kladblok openen. Kopieer en plak de inhoud ervan in je volgende post.

[daan2404]

(30-11-2011 17:36)miekiemoes schreef:  Hoi,

Download systemlook: http://jpshortstuff.247fixes.com/SystemLook.exe
Plaats het op je bureaublad.
Start systemlook en kopieer en plak het volgende erin:

:filefind
ipsec.sys

Klik op de Look knop om de scan te starten.
Daarna zal kladblok openen. Kopieer en plak de inhoud ervan in je volgende post.

Hallo, ten eerste bedankt voor je hulp!
hierbij het rapport van systemlook;

SystemLook 30.07.11 by jpshortstuff
Log created at 20:05 on 30/11/2011 by Administrator
Administrator - Elevation successful

========== filefind ==========

Searching for "ipsec.sys"
C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys -----c- 74752 bytes [19:26 07/06/2011] [06:14 04/08/2004] 64537AA5C003A6AFEEE1DF819062D0D1
C:\WINDOWS\$NtUninstallKB911280_0$\ipsec.sys -----c- 57984 bytes [14:47 07/06/2011] [12:00 11/09/2002] 1C4802409CFD4A7051F458B744CFCAA5
C:\WINDOWS\ServicePackFiles\i386\ipsec.sys -----c- 75264 bytes [06:14 04/08/2004] [19:19 13/04/2008] 23C74D75E36E7158768DD63D92789A91
C:\WINDOWS\system32\dllcache\ipsec.sys --a--c- 75264 bytes [12:00 11/09/2002] [19:19 13/04/2008] 23C74D75E36E7158768DD63D92789A91

-= EOF =-

[miekiemoes]

Hoi,

Ga naar de volgende map:

C:\Windows\system32\dllcache

Zoek daar het bestand ipsec.sys

Kopieer & plak dat bestand naar de C:\Windows\system32\drivers - map

Indien je die mappen niet kan zien, doe het volgende om ze zichtbaar te maken:
http://www.mivercon.be/forum/thread-185.html

Nadat je die ipsec.sys naar je C:\Windows\system32\drivers map gekopieerd hebt, herstart je pc.

Laat me weten of dit je internet teruggeeft.

Indien niet, dan is dit een teken dat de gerelateerde service in het register ook verwijderd werd.
Om dit terug te herstellen, download het volgend registerbestand:
  ipsec_restore_XPSP3.zip (Grootte: 574 bytes / Aantal keer gedownload: 1)
Pak het uit en plaats het op je bureaublad.
Dubbelklik op ipsec_restore_XPSP3.reg om die te laten toevoegen tot het register.
Klik ok.

Herstart je pc opnieuw. <== belangrijk!

Laat me weten of je internet dan terug werkt na het herstarten van de pc.

[daan2404]

(30-11-2011 21:21)miekiemoes schreef:  Hoi,

Ga naar de volgende map:

C:\Windows\system32\dllcache

Zoek daar het bestand ipsec.sys

Kopieer & plak dat bestand naar de C:\Windows\system32\drivers - map

Indien je die mappen niet kan zien, doe het volgende om ze zichtbaar te maken:
http://www.mivercon.be/forum/thread-185.html

Nadat je die ipsec.sys naar je C:\Windows\system32\drivers map gekopieerd hebt, herstart je pc.

Laat me weten of dit je internet teruggeeft.

Indien niet, dan is dit een teken dat de gerelateerde service in het register ook verwijderd werd.
Om dit terug te herstellen, download het volgend registerbestand:
Pak het uit en plaats het op je bureaublad.
Dubbelklik op ipsec_restore_XPSP3.reg om die te laten toevoegen tot het register.
Klik ok.

Herstart je pc opnieuw. <== belangrijk!

Laat me weten of je internet dan terug werkt na het herstarten van de pc.

Hoi,
Alles precies gedaan zoals jij zei... helaas.. geen internet (LAN verbinding staat ook niet in configuratie-netwerkverbindingen??!)
weet het echt niet meer...


HELP!

[miekiemoes]

Kan je even de voorgaande stap met systemlook herhalen? Post de nieuwe log in je volgende post.

[daan2404]

(30-11-2011 22:00)miekiemoes schreef:  Kan je even de voorgaande stap met systemlook herhalen? Post de nieuwe log in je volgende post.

ok, ga ik doen!

[daan2404]

(30-11-2011 22:03)daan2404 schreef:  

(30-11-2011 22:00)miekiemoes schreef:  Kan je even de voorgaande stap met systemlook herhalen? Post de nieuwe log in je volgende post.

ok, ga ik doen!

SystemLook 30.07.11 by jpshortstuff
Log created at 21:03 on 30/11/2011 by oscar
Administrator - Elevation successful

========== filefind ==========

Searching for "ipsec.sys"
C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys -----c- 74752 bytes [19:26 07/06/2011] [06:14 04/08/2004] 64537AA5C003A6AFEEE1DF819062D0D1
C:\WINDOWS\$NtUninstallKB911280_0$\ipsec.sys -----c- 57984 bytes [14:47 07/06/2011] [12:00 11/09/2002] 1C4802409CFD4A7051F458B744CFCAA5
C:\WINDOWS\ServicePackFiles\i386\ipsec.sys -----c- 75264 bytes [06:14 04/08/2004] [19:19 13/04/2008] 23C74D75E36E7158768DD63D92789A91
C:\WINDOWS\system32\dllcache\ipsec.sys --a--c- 75264 bytes [12:00 11/09/2002] [19:19 13/04/2008] 23C74D75E36E7158768DD63D92789A91
C:\WINDOWS\system32\drivers\ipsec.sys --a---- 75264 bytes [19:29 30/11/2011] [19:19 13/04/2008] 23C74D75E36E7158768DD63D92789A91

-= EOF =-

[miekiemoes]

Je hebt eerder ook al een paar keer Combofix gedraait zie ik.
Kan je even de voorgaande logs van Combofix uploaden voor me? Upload die naar hier: http://www.bleepingcomputer.com/submit-m...?channel=8
Dit zodat ik kan zien wat het al eerder heeft verwijderd.
De laatste staat op je C:\ De voorgaande logs zouden ergens in de C:\Qoobox map moeten staan of C:\Qoobox\quarantine met de naam Combofix2.txt & Combofix3.txt

[daan2404]

(30-11-2011 22:12)miekiemoes schreef:  Je hebt eerder ook al een paar keer Combofix gedraait zie ik.
Kan je even de voorgaande logs van Combofix uploaden voor me? Upload die naar hier: http://www.bleepingcomputer.com/submit-m...?channel=8
Dit zodat ik kan zien wat het al eerder heeft verwijderd.
De laatste staat op je C:\ De voorgaande logs zouden ergens in de C:\Qoobox map moeten staan of C:\Qoobox\quarantine met de naam Combofix2.txt & Combofix3.txt

ok. Ik hoop dat ik het goed gedaan heb... zijn 4 rapporten en een extra, ivm quarantaine..
groetjes,

[miekiemoes]

Blijkbaar was je afd.sys ook eerder besmet zoals ik uit je vorige Combofix log kan lezen.
Combofix heeft deze hersteld, doch vraag ik me af of dit met de correcte versie is gedaan.

Kan je even systemlook opnieuw uitvoeren, maar deze keer, in het veld plak je:

:filefind
afd.sys

[daan2404]

(30-11-2011 22:32)miekiemoes schreef:  Blijkbaar was je afd.sys ook eerder besmet zoals ik uit je vorige Combofix log kan lezen.
Combofix heeft deze hersteld, doch vraag ik me af of dit met de correcte versie is gedaan.

Kan je even systemlook opnieuw uitvoeren, maar deze keer, in het veld plak je:

:filefind
afd.sys

ok, komt ie:

SystemLook 30.07.11 by jpshortstuff
Log created at 21:35 on 30/11/2011 by oscar
Administrator - Elevation successful

========== filefind ==========

Searching for "afd.sys"
C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys --a--c- 138496 bytes [22:42 15/06/2011] [13:25 16/02/2011] 8D499B1276012EB907E7A9E0F4D8FDA4
C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys --a--c- 138496 bytes [15:07 16/10/2008] [15:07 16/10/2008] 38D7B715504DA4741DF35E3594FE2099
C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys --a---- 138496 bytes [16:23 12/10/2011] [13:41 17/08/2011] F6B7B1ECD7B41736BDB6FF4B092BCB79
C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys --a--c- 138368 bytes [10:44 20/06/2008] [10:44 20/06/2008] D99DDFFB33DEACDCF20717CB520379F6
C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys --a--c- 138496 bytes [11:40 20/06/2008] [11:40 20/06/2008] E3049B90FE06F3F740B7CFDA44995E2C
C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys --a--c- 138496 bytes [11:48 20/06/2008] [11:48 20/06/2008] D6EE6014241D034E63C49A50CB2B442A
C:\WINDOWS\$hf_mig$\KB956803\SP2QFE\afd.sys --a--c- 138368 bytes [16:23 07/06/2011] [09:48 14/08/2008] 6A0397376853E604DE8E1E7A87FC08AC
C:\WINDOWS\$hf_mig$\KB956803\SP3GDR\afd.sys --a--c- 138496 bytes [16:23 07/06/2011] [10:04 14/08/2008] 7E775010EF291DA96AD17CA4B17137D7
C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys --a--c- 138496 bytes [16:23 07/06/2011] [10:34 14/08/2008] 4D43E74F2A1239D53929B82600F1971C
C:\WINDOWS\$NtServicePackUninstall$\afd.sys -----c- 138368 bytes [19:26 07/06/2011] [09:51 14/08/2008] 55E6E1C51B6D30E54335750955453702
C:\WINDOWS\$NtUninstallKB2503665$\afd.sys -----c- 138496 bytes [00:02 16/06/2011] [14:43 16/10/2008] 7618D5218F2A614672EC61A80D854A37
C:\WINDOWS\$NtUninstallKB2509553$\afd.sys -----c- 138496 bytes [06:04 08/06/2011] [10:04 14/08/2008] 7E775010EF291DA96AD17CA4B17137D7
C:\WINDOWS\$NtUninstallKB2592799$\afd.sys -----c- 138496 bytes [16:39 12/10/2011] [13:22 16/02/2011] 355556D9E580915118CD7EF736653A89
C:\WINDOWS\$NtUninstallKB951748$\afd.sys -----c- 138112 bytes [19:47 07/06/2011] [19:19 13/04/2008] 322D0E36693D6E24A2398BEE62A268CD
C:\WINDOWS\$NtUninstallKB951748_0$\afd.sys -----c- 138496 bytes [16:34 07/06/2011] [06:14 04/08/2004] 5AC495F4CB807B2B98AD2AD591E6D92E
C:\WINDOWS\$NtUninstallKB956803$\afd.sys -----c- 138496 bytes [19:49 07/06/2011] [11:40 20/06/2008] E3049B90FE06F3F740B7CFDA44995E2C
C:\WINDOWS\$NtUninstallKB956803_0$\afd.sys -----c- 138368 bytes [16:35 07/06/2011] [10:44 20/06/2008] 944CA435BFCFC82CC1ED9E3A7D731AA9
C:\WINDOWS\ServicePackFiles\i386\afd.sys -----c- 138112 bytes [06:14 04/08/2004] [19:19 13/04/2008] 322D0E36693D6E24A2398BEE62A268CD
C:\WINDOWS\system32\dllcache\afd.sys --a--c- 138496 bytes [14:55 28/11/2011] [13:49 17/08/2011] 1E44BC1E83D8FD2305F8D452DB109CF9
C:\WINDOWS\system32\drivers\afd.sys --a---- 138496 bytes [14:55 28/11/2011] [13:49 17/08/2011] 1E44BC1E83D8FD2305F8D452DB109CF9

-= EOF =-

[miekiemoes]

Hmm. Ik ben er hier niet zo zeker van of de afd.sys die combofix heeft hersteld naar de dllcache en drivers map wel de correcte is. Ook is het me hier niet helemaal duidelijk vanwaar precies Combofix het heeft hersteld, want geen enkele van de MD5 komt overeen met hetgeen die hersteld geweest is.
Daarom raad ik je aan om volgende KB (updatepack) van Windows opnieuw te installeren: http://www.microsoft.com/downloads/nl-nl...laylang=nl
WindowsXP-KB2592799-x86-NLD.exe is daar te downloaden
Dit is een beveiligingspatch voor de afd.sys, dus zowiezo plaatst het de correcte/laatste afd.sys terug.

Herstart daarna je pc.

[miekiemoes]

Heb net even met mijn XP SP3 vergeleken en jouw versie van afd.sys lijkt toch correct te zijn hoor. Dus die stap met het opnieuw installeren van die servicepack is eigenlijk niet meer nodig.

Doe wel even het volgende...

Open kladblok en kopieer en plak het volgende vetgedrukte erin:


@echo off
if exist %SystemDrive%\Netwerk.txt del %SystemDrive%\Netwerk.txt
cmd /c sc qc dhcp >>%SystemDrive%\Netwerk.txt
cmd /c sc queryex dhcp >>%SystemDrive%\Netwerk.txt
cmd /c sc qc TCPIP >>%SystemDrive%\Netwerk.txt
cmd /c sc queryex TCPIP >>%SystemDrive%\Netwerk.txt
cmd /c sc qc Afd >>%SystemDrive%\Netwerk.txt
cmd /c sc queryex Afd >>%SystemDrive%\Netwerk.txt
cmd /c sc qc NetBT >>%SystemDrive%\Netwerk.txt
cmd /c sc queryex NetBT >>%SystemDrive%\Netwerk.txt
cmd /c sc qc NetBIOS >>%SystemDrive%\Netwerk.txt
cmd /c sc queryex NetBIOS >>%SystemDrive%\Netwerk.txt
cmd /c sc qc Lmhosts >>%SystemDrive%\Netwerk.txt
cmd /c sc queryex Lmhosts >>%SystemDrive%\Netwerk.txt
cmd /c sc qc Dnscache >>%SystemDrive%\Netwerk.txt
cmd /c sc queryex Dnscache >>%SystemDrive%\Netwerk.txt
cmd /c sc qc PolicyAgent >>%SystemDrive%\Netwerk.txt
cmd /c sc queryex PolicyAgent >>%SystemDrive%\Netwerk.txt
cmd /c sc qc RPCSS >>%SystemDrive%\Netwerk.txt
cmd /c sc queryex RPCSS >>%SystemDrive%\Netwerk.txt
start notepad %SystemDrive%\Netwerk.txt
exit


Sla dit op als look.bat , kies om op te slaan als *alle bestanden en plaats het op je bureaublad.
Zo zal het er dan moeten uitzien:
Dubbelklik erop en kladblok zal openen met wat tekst erin.
Kopieer en plak dit in je volgende post.

Dus, je hebt nog steeds geen internet verbinding via deze PC? Je voert dus alle stappen via andere PC uit? (dus logs overplaatsen van logs etc? )

[daan2404]

(30-11-2011 23:02)miekiemoes schreef:  Hmm. Ik ben er hier niet zo zeker van of de afd.sys die combofix heeft hersteld naar de dllcache en drivers map wel de correcte is. Ook is het me hier niet helemaal duidelijk vanwaar precies Combofix het heeft hersteld, want geen enkele van de MD5 komt overeen met hetgeen die hersteld geweest is.
Daarom raad ik je aan om volgende KB (updatepack) van Windows opnieuw te installeren: http://www.microsoft.com/downloads/nl-nl...laylang=nl
WindowsXP-KB2592799-x86-NLD.exe is daar te downloaden
Dit is een beveiligingspatch voor de afd.sys, dus zowiezo plaatst het de correcte/laatste afd.sys terug.

Herstart daarna je pc.

ok. hij is bezig....

[miekiemoes]

Zie voorgaand bericht, die mag eigenlijk geannuleerd worden. Trouwens, wanneer je de laatste correcte versie hebt, dan zal er toch geen "voortgang" zijn in de installatie ervan (zo te zien - want ben het momenteel zelf aan het installeren op mn testpc)

Voer ook even de stappen uit in het voorgaand bericht hier.

[daan2404]

(30-11-2011 23:21)daan2404 schreef:  

(30-11-2011 23:02)miekiemoes schreef:  Hmm. Ik ben er hier niet zo zeker van of de afd.sys die combofix heeft hersteld naar de dllcache en drivers map wel de correcte is. Ook is het me hier niet helemaal duidelijk vanwaar precies Combofix het heeft hersteld, want geen enkele van de MD5 komt overeen met hetgeen die hersteld geweest is.
Daarom raad ik je aan om volgende KB (updatepack) van Windows opnieuw te installeren: http://www.microsoft.com/downloads/nl-nl...laylang=nl
WindowsXP-KB2592799-x86-NLD.exe is daar te downloaden
Dit is een beveiligingspatch voor de afd.sys, dus zowiezo plaatst het de correcte/laatste afd.sys terug.

Herstart daarna je pc.

ok. hij is bezig....

nog steeds niet.....?

[miekiemoes]

Zie dit bericht:

http://www.mivercon.be/forum/thread-1121...l#pid41600