Vista starten en uitschakelen heel langzaam-Niet zeker wat te doen

**HistoryGirl** · #1 29 maart 2009, 08:59

Ten eerste Ik neem aan dat dit de juiste plaats om dit te zetten.

Ik ging naar het Configuratiescherm en Prestaties en vonden een paar problemen met de prestaties te zeggen:

Opstarten programma's waardoor Windows om langzaam te beginnen
Programma's worden veroorzaakt ramen af te sluiten langzaam

De details hiervan zijn:

Begin langzaam:

http://i7.photobucket.com/albums/y27...tartslowly.jpg

Afsluiten:

http://i7.photobucket.com/albums/y27...downslowly.jpg

Ik liep HijackThis en kreeg het volgende bericht:

http://i7.photobucket.com/albums/y27...rormessage.jpg

Dit is waarschijnlijk een hele domme vraag, maar hoe kan ik dit verhelpen? Als jullie mij zou kunnen wijzen in de goede richting, dat zou geweldig zijn.

**evilfantasy** · #2 29 maart 2009, 11:19

Met Vista heb je rechts klikt u op het HJT-pictogram en kies voor 'Run as Administrator'.

Heb je geen onderhoud gedaan laatste tijd? Schijfopruiming, defragmentatie?

**HistoryGirl** · #3 30 maart 2009, 10:11

Ja, ik heb ik heb schijfopruiming draaien en te defragmenteren's zou dat wat de problemen veroorzaakt?

Nieuwe HijackThis Log:

Citaat:

Logbestand van Trend Micro HijackThis v2.0.2
Scan saved at 18:25:00, op 30/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Draaiende processen:
C: \ Windows \ system32 \ taskeng.exe
C: \ Windows \ explorer.exe
C: \ Program Files \ ASUS Security Center \ ASUS Security Protect Manager \ Bin \ AsGHost.exe
C: \ Windows \ system32 \ taskeng.exe
C: \ Program Files \ ASUS \ ASUS Live Update \ ALU.exe
C: \ Windows \ ASScrPro.exe
C: \ Program Files \ Zone Labs \ ZoneAlarm \ zlclient.exe
C: \ Program Files \ Synaptics \ SynTP \ Syntpenh.exe
C: \ Program Files \ RocketDock \ RocketDock.exe
C: \ Program Files \ Windows Live \ Messenger \ msnmsgr.exe
C: \ Program Files \ Infineon \ Security Platform Software \ PSDrt.exe
C: \ Program Files \ Infineon \ Security Platform Software \ SpTna.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.co.uk/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.asus.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch =
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = *. lokale
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - (geen file)
O1 - Hosts::: 1 localhost
O2 - BHO: AcroIEHelperStub - (18DF081C-E8AD-4283-A596-FA578C2EBDC3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin voor Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - (3CA2F312-6F6E-4B53-A66E-4E65E497C8C0) - C: \ Program Files \ AVG \ AVG8 \ avgssie.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: (geen naam) - (5C255C8A-E604-49b4-9D64-90988571CECB) - (geen file)
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - (A057A204-BACC-4D26-9990-79A187E2698E) - C: \ PROGRA ~ 1 \ AVG \ AVG8 \ AVGTOO ~ 1.dll
O2 - BHO: (geen naam) - (AA58ED58-01DD-4d91-8333-CF10577473F7) - (geen file)
O2 - BHO: ASUS Security Protect Manager - (DF21F1DB-80C6-11D3-9483-B03D0EC10000) - C: \ Program Files \ ASUS Security Center \ ASUS Security Protect Manager \ Bin \ ItIEAddIn.dll
O3 - Toolbar: (geen naam) - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - (geen file)
O3 - Toolbar: AVG Security Toolbar - (A057A204-BACC-4D26-9990-79A187E2698E) - C: \ PROGRA ~ 1 \ AVG \ AVG8 \ AVGTOO ~ 1.dll
O4 - HKLM \ .. \ Run: [ASUS Screen Saver Protector] C: \ Windows \ ASScrPro.exe
O4 - HKLM \ .. \ Run: [IFXSPMGT] "C: \ Windows \ system32 \ ifxspmgt.exe / NotifyLogon
O4 - HKLM \ .. \ Run: [ZoneAlarm Client] "C: \ Program Files \ Zone Labs \ ZoneAlarm \ zlclient.exe"
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ Syntpenh.exe
O4 - HKCU \ .. \ Run: [RocketDock] "C: \ Program Files \ RocketDock \ RocketDock.exe"
O4 - HKCU \ .. \ Run: [msnmsgr] "C: \ Program Files \ Windows Live \ Messenger \ msnmsgr.exe" / achtergrond
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll, ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E & xporteren naar Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MICROS ~ 2 \ Office10 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ PROGRA ~ 1 \ Java \ JRE16 ~ 4.0_0 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ PROGRA ~ 1 \ Java \ JRE16 ~ 4.0_0 \ bin \ ssv.dll
O9 - Extra button: Blog This - (219C3416-8CB2-491a-A3C7-D9FCDDC9D600) - C: \ Program Files \ Windows Live \ Writer \ WriterBrowserExtension.dll
O9 - Extra 'Tools' MENUITEM: & Blog dit op Windows Live Writer - (219C3416-8CB2-491a-A3C7-D9FCDDC9D600) - C: \ Program Files \ Windows Live \ Writer \ WriterBrowserExtension.dll
O9 - Extra button: (geen naam) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) - C: \ Program Files \ Windows Live \ Common \ yinsthelper.dll
O18 - Protocol: linkscanner - (F274614C-63F8-47D5-A4D1-FBDDE494F8D1) - C: \ Program Files \ AVG \ AVG8 \ avgpp.dll
O20 - AppInit_DLLs: APSHook.dll, avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - (E31004D1-A431-41B8-826F-E902F9D95C81) - C: \ Windows \ System32 \ DreamScene.dll
O23 - Service: Apple Mobile Device - Apple Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Onbekende eigenaar - C: \ Program Files \ ATK Sneltoets \ ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Onbekende eigenaar - C: \ Program Files \ ATKGFNEX \ GFNEXSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C: \ Program Files \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, sro - C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgemc.exe
O23 - Service: AVG Free8 watchdog (avg8wd) - AVG Technologies CZ, sro - C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: Symantec Lic Netconnect service (CLTNetCnService) - Onbekende eigenaar - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe (file missing)
O23 - Service: Intel (R) PROSet / Wireless Event Log (EvtEng) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd - C: \ Program Files \ Common Files \ Macrovision Shared \ FLEXnet Publisher \ FNPLicensingService.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc - C: \ Program Files \ BinarySense \ HDDlife 3 \ hldasvc.exe
O23 - Service: Intel (R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C: \ Program Files \ Intel \ Intel Matrix Storage Manager \ Iaantmon.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C: \ Windows \ system32 \ ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C: \ Windows \ system32 \ ifxtcs.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \ PROGRA ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.exe
O23 - Service: NMIndexingService - Onbekende eigenaar - C: \ Program Files \ Common Files \ Ahead \ Lib \ NMIndexingService.exe (file missing)
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C: \ Windows \ system32 \ IfxPsdSv.exe
O23 - Service: ProtexisLicensing - Onbekende eigenaar - C: \ Windows \ system32 \ PSIService.exe
O23 - Service: Intel (R) PROSet / Wireless Registry Service (RegSrvc) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ Bin \ RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd - C: \ Program Files \ Spybot - Search & Destroy \ SDWinSec.exe
O23 - Service: spmgr - Unknown owner - C: \ Program Files \ ASUS \ NB Probe \ SPM \ spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc - C: \ Windows \ System32 \ StkCSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C: \ Windows \ System32 \ ZoneLabs \ vsmon.exe

--

**evilfantasy** · #4 30 maart 2009, 10:30

Open HijackThis en selecteer Doe een systeemscan alleen.

Plaats een vinkje naast de volgende items: (indien aanwezig)

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
O2 - BHO: (geen naam) - (5C255C8A-E604-49b4-9D64-90988571CECB) - (geen file)
O3 - Toolbar: (geen naam) - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - (geen file)

Belangrijk: Sluit alle vensters behalve HijackThis en klik op Fix gecontroleerd.

Afsluiten HijackThis.

----------

Download ComboFix © by subs uit een van de onderstaande links. Wees er zeker boven op te slaan op de Desktop.

Link # 1
Link # 2

** Opmerking: Het is belangrijk dat het is opgeslagen rechtstreeks op uw bureaublad

Sluit alle open web browsers. (Firefox, Internet Explorer, enz.) voordat u begint ComboFix.

Tijdelijk uitschakelen je antivirus, En eventuele antispyware real-time bescherming voordat het uitvoeren van een scan. Klik op deze link om een lijst van programma's die de veiligheid moeten worden uitgeschakeld en het uitschakelen van hen.

Dubbelklik op combofix.exe en volg de instructies.
Wanneer u klaar bent ComboFix zal een log voor je.
Post de ComboFix log in je volgende antwoord.

Belangrijk: Niet muisklik ComboFix het venster terwijl het draait. Dat kan leiden tot stilstand.

Vergeet niet om opnieuw inschakelen van uw antivirus-en antispyware-bescherming wanneer ComboFix is voltooid.

Als je problemen hebt met ComboFix gebruik, zie Hoe gebruik ComboFix

**HistoryGirl** · #5 30 maart 2009, 11:37

Allereerst bedankt voor de hulp en advies. Ik heb gedaan wat je zei HJT en dat is prima was. Maar ik heb gedaan als de link zegt over het uitschakelen van de AVG Resident Shield, maar ondanks dit, toen ik proberen en uit te voeren ComboFix het, dan nog zegt dat AVG anti-virus actief is, dus ik ben niet helemaal zeker waarom.

Wilt u voorstellen misschien opnieuw op te starten mijn systeem?

**evilfantasy** · #6 30 maart 2009, 13:39

AVG en Combofix hebben dat probleem. U voert gewoon ComboFix anyway. Als AVG probeert te blokkeren maar dan laat deze uitvoeren.

**HistoryGirl** · #7 30 maart 2009, 14:21

Recht ok allemaal gedaan. Meld u, zoals gevraagd.

Citaat:

ComboFix 09-03-29.04 - CHLOE 2009-03-30 21:54:30.1 - NTFSx86
Microsoft ® Windows Vista ™ Ultimate 6.0.6001.1.1252.1.1033.18.2046.967 [GMT 1:00]
Gestart vanuit: C: \ Users \ CHLOE \ Desktop \ ComboFix.exe
AV: AVG Anti-Virus Free * On-access scanning ingeschakeld * (Updated)
FW: ZoneAlarm Firewall ingeschakeld * *
* Gemaakt van een nieuw herstelpunt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

c: \ windows \ system32 \ acovcnt.exe

.
((((((((((((((((((((((((( Files Created from 2009-02-28 tot 2009-03-30 ))))))))))) ))))))))))))))))))))
.

2009-03-29 16:23. 2008-06-20 02:14 781.344 - a ------ c: \ windows \ system32 \ PresentationNative_v0300.dll
2009-03-29 16:23. 2008-06-20 02:14 622.080 - a ------ c: \ windows \ system32 \ icardagt.exe
2009-03-29 16:23. 2008-06-20 02:14 326.160 - a ------ c: \ windows \ system32 \ PresentationHost.exe
2009-03-29 16:23. 2008-06-20 02:14 105.016 - a ------ c: \ windows \ system32 \ PresentationCFFRasterizerNativ e_v0300.dll
2009-03-29 16:23. 2008-06-20 02:14 97.800 - a ------ c: \ windows \ system32 \ infocardapi.dll
2009-03-29 16:23. 2008-06-20 02:14 43.544 - a ------ c: \ windows \ system32 \ PresentationHostProxy.dll
2009-03-29 16:23. 2008-06-20 02:14 37.384 - a ------ c: \ windows \ system32 \ infocardcpl.cpl
2009-03-29 16:23. 2008-06-20 02:14 11.264 - a ------ c: \ windows \ system32 \ icardres.dll
2009-03-29 16:15. 2008-07-27 19:03 282.112 - a ------ c: \ windows \ system32 \ mscoree.dll
2009-03-29 16:15. 2008-07-27 19:03 96.760 - a ------ c: \ windows \ system32 \ dfshim.dll
2009-03-29 16:15. 2008-07-27 19:03 41.984 - a ------ c: \ windows \ system32 \ netfxperf.dll
2009-03-29 16:14. 2008-07-27 19:03 158.720 - a ------ c: \ windows \ system32 \ mscorier.dll
2009-03-29 16:14. 2008-07-27 19:03 83.968 - a ------ c: \ windows \ system32 \ mscories.dll
2009-03-29 13:52. 2009-03-29 13:53 <DIR> d -------- c: \ program files \ Defraggler
2009-03-29 13:26. 2008-02-23 05:38 170.496 - a ------ c: \ windows \ system32 \ tcpipcfg.dll
2009-03-29 13:26. 2008-02-23 03:41 22.528 - a ------ c: \ windows \ system32 \ netiougc.exe
2009-03-29 13:25. 2009-02-16 00:10 1.221.512 - a ------ c: \ windows \ system32 \ zpeng25.dll
2009-03-17 21:57. 2009-03-17 21:57 <DIR> d -------- c: \ program files \ Microsoft
2009-03-17 21:56. 2009-03-17 21:56 <DIR> d -------- c: \ windows \ PCHEALTH
2009-03-16 22:43. 2009-03-28 22:36 <DIR> d - h ----- C: \ $ $ AVG8.VAULT
2009-03-16 20:59. 2009-03-16 20:59 25 - a ------ c: \ windows \ cdplayer.ini
2009-03-14 00:34. 2008-12-05 05:32 428.544 - a ------ c: \ windows \ system32 \ EncDec.dll
2009-03-14 00:34. 2008-12-05 05:32 293.376 - a ------ c: \ windows \ system32 \ psisdecd.dll
2009-03-14 00:34. 2008-12-05 05:31 217.088 - a ------ c: \ windows \ system32 \ psisrndr.ax
2009-03-14 00:34. 2008-12-05 05:31 177.664 - a ------ c: \ windows \ system32 \ mpg2splt.ax
2009-03-14 00:34. 2008-12-05 05:31 80.896 - a ------ c: \ windows \ system32 \ MSNP.ax
2009-03-14 00:29. 2009-03-14 00:29 <DIR> d -------- C: \ ProgramData \ (00D89592-F643-4D8D-8f0f-AFAE0F14D4C3)
2009-03-14 00:29. 2009-03-14 00:29 <DIR> d -------- c: \ program files \ iTunes
2009-03-14 00:29. 2009-03-14 00:29 <DIR> d -------- c: \ program files \ iPod
2009-03-14 00:29. 2008-04-17 13:12 107.368 - a ------ c: \ windows \ system32 \ GEARAspi.dll
2009-03-14 00:29. 2009-01-15 13:19 23.848 - a ------ c: \ windows \ system32 \ drivers \ GEARAspiWDM.sys
2009-03-14 00:26. 2009-03-14 00:27 <DIR> d -------- c: \ program files \ QuickTime
2009-03-12 23:39. 2009-03-12 23:39 <DIR> d -------- C: \ ProgramData \ Kontiki
2009-03-12 23:39. 2009-03-12 23:39 <DIR> d -------- c: \ program files \ Kontiki
2009-03-12 23:39. 2009-03-12 23:39 <DIR> d -------- c: \ program files \ Channel4
2009-03-12 23:38. 2009-03-12 23:38 <DIR> d -------- C: \ ProgramData \ Channel4
2009-03-11 22:33. 2009-03-30 21:10 <DIR> d -------- C: \ Users \ CHLOE \ Tracing
2009-03-11 22:22. 2009-03-11 22:22 <DIR> d -------- c: \ program files \ Windows Live SkyDrive
2009-03-11 22:22. 2009-03-17 21:57 <DIR> d -------- c: \ program files \ Windows Live
2009-03-11 21:57. 2009-03-11 21:57 <DIR> d -------- c: \ program files \ common files \ Windows Live
2009-03-11 13:13. 2009-03-11 21:47 <DIR> d -------- c: \ program files \ Amazon
2009-03-11 13:13. 2009-03-11 13:13 107.272 - a ------ c: \ windows \ system32 \ drivers \ avgtdix.sys
2009-03-11 02:09. 2009-01-15 04:36 1.383.424 - a ------ c: \ windows \ system32 \ Mshtml.tlb
2009-03-11 02:09. 2009-01-15 07:11 827.392 - a ------ c: \ windows \ system32 \ wininet.dll
2009-03-11 02:05. 2008-12-16 04:29 8.147.456 - a ------ c: \ windows \ system32 \ wmploc.DLL
2009-03-11 02:05. 2008-12-16 06:31 7.680 - a ------ c: \ windows \ system32 \ spwmp.dll
2009-03-11 02:05. 2008-12-16 06:31 4.096 - a ------ c: \ windows \ system32 \ msdxm.ocx
2009-03-11 02:05. 2008-12-16 06:31 4.096 - a ------ c: \ windows \ system32 \ Dxmasf.dll
2009-03-11 02:03. 2008-12-16 03:42 288.768 - a ------ c: \ windows \ system32 \ drivers \ Srv.sys
2009-03-11 02:03. 2008-11-27 05:43 268.288 - a ------ c: \ windows \ system32 \ schannel.dll
2009-03-11 02:02. 2009-02-09 04:10 2.033.152 - a ------ c: \ windows \ system32 \ win32k.sys
2009-02-06 19:52. 2009-02-06 19:52 49.504 - a ------ c: \ windows \ system32 \ sirenacm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-30 21:07 350.195 --- ha-w c: \ windows \ system32 \ drivers \ vsconfig.xml
2009-03-30 21:07 --------- d --- aw C: \ WINDOWS \ TEMP
2009-03-29 14:42 --------- d ----- wc: \ ProgramData \ Spybot - Search & Destroy
2009-03-29 14:42 --------- d ----- wc: \ program files \ Spybot - Search & Destroy
2009-03-29 14:42 --------- d ----- wc: \ program files \ CCleaner
2009-03-19 16:48 --------- d ----- wc: \ users \ CHLOE \ AppData \ Roaming \ uTorrent
2009-03-16 19:58 --------- d ----- wc: \ program files \ common files \ Real
2009-03-13 23:29 --------- d ----- wc: \ ProgramData \ Apple Computer
2009-03-13 23:29 --------- d ----- wc: \ program files \ common files \ Apple
2009-03-13 23:27 --------- d ----- wc: \ program files \ Bonjour
2009-03-12 22:24 --------- d ----- wc: \ program files \ Google
2009-03-11 23:07 --------- d ----- wc: \ Program Files \ Microsoft Silverlight
2009-03-11 23:05 --------- d ----- wc: \ program files \ Windows Mail
2009-03-11 12:13 325.128 ---- aw c: \ windows \ system32 \ drivers \ avgldx86.sys
2009-03-11 11:52 --------- d ----- wc: \ WINDOWS \ AVG8
2009-02-15 23:11 293.528 ---- aw c: \ windows \ system32 \ drivers \ vsdatant.sys
2009-01-14 20:20 55.232 ---- aw C: \ Users \ CHLOE \ AppData \ Roaming \ GDIPFONTCACHEV1.DAT
2008-12-31 21:51 13.025 ---- aw C: \ Users \ CHLOE \ AppData \ Roaming \ nvModes.dat
2008-12-31 14:32 174 - sha-w c: \ program files \ desktop.ini
2008-11-19 15:31 81.920 ---- aw C: \ Users \ CHLOE \ AppData \ Roaming \ ezpinst.exe
2008-11-19 15:31 47.360 ---- aw C: \ Users \ CHLOE \ AppData \ Roaming \ pcouffin.sys
2007-05-31 18:23 77.160 ---- aw C: \ Users \ CHLOE \ dsetup.dll
2007-05-31 18:23 503.144 ---- aw C: \ Users \ CHLOE \ dxsetup.exe
2007-05-31 18:23 1.673.576 ---- aw C: \ Users \ CHLOE \ dsetup32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & legit default entries worden niet weergegeven
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"RocketDock" = "c: \ program files \ RocketDock \ RocketDock.exe" [2007-09-02 495616]
"msnmsgr" = "C: \ Program Files \ Windows Live \ Messenger \ msnmsgr.exe" [2009-02-06 3885408]
"WMPNSCFG" = "C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"ASUS Screen Saver Protector" = "c: \ windows \ ASScrPro.exe" [2007-05-15 33136]
"IFXSPMGT" = "c: \ windows \ system32 \ ifxspmgt.exe" [2007-02-26 677408]
"ZoneAlarm Client" = "C: \ Program Files \ Zone Labs \ ZoneAlarm \ zlclient.exe" [2009-02-16 981384]
"LVCOMSX" = "C: \ Program Files \ \ iTunes \ iTunesHelper.exe" [2007-03-01 857648]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ valuta entversion \ policies \ system]
"EnableUIADesktopToggle" = 0 (0x0)

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Windows]
"AppInit_DLLs" = APSHook.dll avgrsstx.dll

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ drivers32]
"msacm.ac3filter" = ac3filter.acm

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ Lsa]
Notification Packages REG_MULTI_SZ SceCli ASWLNPkg

[HKLM \ ~ \ startupfolder \ C: ^ ProgramData ^ Microsoft ^ Wind ows ^ Menu Start ^ Programma's ^ Opstarten ^ WinZip Quick Pick.lnk]
path = C: \ ProgramData \ Microsoft \ Windows \ Start Menu \ Programs \ Startup \ WinZip Quick Pick.lnk
backup = c: \ windows \ pss \ WinZip Quick Pick.lnk.CommonStartup
backupExtension =. CommonStartup

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ 4oD]
- a ------ 2007-04-23 12:23 1032640 C: \ Program Files \ Kontiki \ KHost.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Adobe Reader Speed Launcher]
- a ------ 2008-06-12 02:38 34672 d: \ program files \ Reader \ reader_sl.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ shared tools \ msconfig \ startupreg \ ASUS Camera ScreenSaver]
- a ------ 2007-05-15 05:12 37232 c: \ windows \ ASScrProlog.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ shared tools \ msconfig \ startupreg \ ATKMEDIA]
- a ------ 2006-11-02 16:27 61440 c: \ program files \ ASUS \ ATK Media \ DMedia.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ AVG8_TRAY]
- a ------ 2009-03-11 13:13 1601304 C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgtray.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ shared tools \ msconfig \ startupreg \ CognizanceTS]
-ra ------ 2003-12-21 22:11 17920 c: \ progra ~ 1 \ ASUSSE ~ 1 \ ASUSSE ~ 1 \ Bin \ ASTSVCC.dll

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ ehTray.exe]
- a ------ 2008-01-19 08:33 125952 c: \ windows \ htpatch.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ shared tools \ msconfig \ startupreg \ Google Update]
- a ---- t-2009-03-17 22:06 133104 C: \ Users \ CHLOE \ AppData \ Local \ Google \ Update \ GoogleU pdate.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ iTunesHelper]
- a ------ 2009-03-11 14:52 342312 c: \ program files \ \ ccRegVfy.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ msnmsgr]
- a ------ 2009-02-06 19:51 3885408 C: \ Program Files \ Windows Live \ Messenger \ msmsgs.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ NvCplDaemon]
- a ------ 2007-04-04 12:40 8429568 C: \ WINDOWS \ system32 \ NvMcTray.dll

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ NvMediaCenter]
- a ------ 2007-04-04 12:40 81920 c: \ windows \ system32 \ NvCpl.dll

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ shared tools \ msconfig \ startupreg \ iTunesHelper]
- a ------ 2007-04-04 12:40 86016 c: \ windows \ system32 \ nvsvc.dll

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ QuickTime Task]
- a ------ 2009-01-05 17:18 413696 c: \ program files \ Spyware Doctor \ pctsTray.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ shared tools \ msconfig \ startupreg \ RocketDock]
- a ------ 2007-09-02 13:58 495616 c: \ program files \ RocketDock \ RocketDock.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SpybotSD TeaTimer]
-rahs ---- 2009-03-05 16:07 2260480 C: \ Program Files \ Spybot - Search & Destroy \ WMPNSCFG.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SunJavaUpdateSched]
- a ------ 2008-06-10 04:27 144784 c: \ program files \ Java \ jre1.6.0_07 \ bin \ jusched.exe "

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ TkBellExe]
- a ------ 2009-03-16 20:58 198160 c: \ program files \ common files \ Real \ avgas.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ shared tools \ msconfig \ startupreg \ Windows Defender]
- a ------ 2008-01-19 08:38 1008184 C: \ Program Files \ Windows Defender \ MSASCui.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ WMPNSCFG]
- a ------ 2008-01-19 08:33 202240 c: \ program files \ Windows Media Player \ ctfmon.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ shared tools \ msconfig \ startupreg \ (0228e555-4f9c-4e35-a3ec-b109a192b4c2)]
- a ------ 2005-07-15 22:48 479232 c: \ program files \ Google \ Gmail Notifier \ gnotify.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ shared tools \ msconfig \ startupreg \ HotKeysCmds]
- a ------ 2007-02-15 10:07 4390912 C: \ WINDOWS \ hkcmd.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecFirewall]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ ZoneLabsFirewall]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo antonny \ DomainProfile]
"EnableFirewall" = 0 (0x0)

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo antonny \ FirewallRules]
"(71E74FA5-D1FA-4A82-9121-AE2CACB2ED04)" = Profile = Private | c: \ program files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"(2FE2345B-5C77-485E-9855-FC6024DE75EC)" = Profile = Private | c: \ program files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"(CC9CFD37-6799-47cf-9AEE-1063F21C5548)" = Profile = Private | c: \ program files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"(3D44E6E8-68F3-42F0-B97E-1081F1354874)" = UDP: C: \ Program Files \ LimeWire \ LimeWire.exe: LimeWire 4.12.15
"(B2393435-26B3-4482-A391-C964F3370D66)" = TCP: C: \ Program Files \ LimeWire \ LimeWire.exe: LimeWire 4.12.15
"(1B1039C9-3AEF-4B2E-85CA-DA79FB7CDBD3)" = Disabled: C: \ Program Files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"(F9EC3544-5A35-4D84-A067-E7167563791A)" = Disabled: C: \ Program Files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"(A9CE85F3-F9BA-4875-B169-9DEF59911C8A)" = Disabled: C: \ Program Files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"TCP Query User (0FAAFA32-F5A3-4C35-9AFD-A648E4B3016E) c: \ \ program files \ \ utorrent \ \ utorrent.exe" = UDP: c: \ program files \ utorrent \ utorrent.exe: uTorrent
"UDP Query User (CDC85196-C503-4F00-82DC-B95F8D021895) c: \ \ program files \ \ utorrent \ \ utorrent.exe" = TCP: c: \ program files \ utorrent \ utorrent.exe: uTorrent
"TCP Query User (5D761702-BEB7-4B94-B693-1A7EF8E441ED) c: \ \ program files \ \ easy webtv & radio \ \ easywebtv.exe" = UDP: c: \ program files \ easy webtv & radio \ easywebtv.exe : Web-TV \ Radio \ Media
"UDP Query User (A7E2F9B1-976E-49B1-960A-8FE671DECB26) c: \ \ program files \ \ easy webtv & radio \ \ easywebtv.exe" = TCP: c: \ program files \ easy webtv & radio \ easywebtv.exe : Web-TV \ Radio \ Media
"(978D57EE-8CEF-4E88-B3CC-472590D8A602)" = c: \ program files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"(038AD6DB-57BA-4294-B6BE-DC5AC329D87A)" = c: \ program files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"TCP Query User (20F3997A-2406-42BC-9A96-17DBA8717938) c: \ \ program files \ \ soulseek \ \ slsk.exe" = UDP: c: \ program files \ soulseek \ slsk.exe: SoulSeek
"UDP Query User (EBEDABDC-8DFA-4EA4-83A0-5D79C8A2BE45) c: \ \ program files \ \ soulseek \ \ slsk.exe" = TCP: c: \ program files \ soulseek \ slsk.exe: SoulSeek
"TCP Query User (A2D20908-089C-441b-B9C8-C8811AFCAB9E) c: \ \ program files \ \ limewire \ \ limewire.exe" = UDP: c: \ program files \ limewire \ limewire.exe: LimeWire
"UDP Query User (0B6B64F6-D6E9-4D1D-B83A-E6E85E360C05) c: \ \ program files \ \ limewire \ \ limewire.exe" = TCP: c: \ program files \ limewire \ limewire.exe: LimeWire
"(2E890455-237D-4ABA-BE37-B5E6E1862834)" = c: \ program files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"(DDAAC8F6-7557-495A-82B3-EBFF9330A2CC)" = c: \ program files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"(5131D757-BC24-44C9-8EA5-E268DFC6DCAC)" = c: \ program files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"TCP Query User (4C52E1A6-D998-41D5-8E99-27F21E3CA7CB) c: \ \ program files \ \ mozilla firefox \ \ firefox.exe" = UDP: c: \ program files \ mozilla firefox \ firefox.exe: Firefox
"UDP Query User (80235B6B-2462-4AC3-8A59-7534841DE76B) c: \ \ program files \ \ mozilla firefox \ \ firefox.exe" = TCP: c: \ program files \ mozilla firefox \ firefox.exe: Firefox
"TCP Query User (049DD1E6-8191-4983-A59D-240E79B46042) c: \ \ program files \ \ utorrent \ \ utorrent.exe" = UDP: c: \ program files \ utorrent \ utorrent.exe: uTorrent
"UDP Query User (9A00A32D-A675-4425-8F5E-1528AAB521FB) c: \ \ program files \ \ utorrent \ \ utorrent.exe" = TCP: c: \ program files \ utorrent \ utorrent.exe: uTorrent
"TCP Query User (348698D9-5A1D-4e1c-ac00-DBDC43BE0ACF) c: \ \ program files \ \ soulseek \ \ slsk.exe" = UDP: c: \ program files \ soulseek \ slsk.exe: SoulSeek
"UDP Query User (60AFF659-3A7C-488C-9CCA-0A8589DD32FA) c: \ \ program files \ \ soulseek \ \ slsk.exe" = TCP: c: \ program files \ soulseek \ slsk.exe: SoulSeek
"TCP Query User (3EF98A58-7B3C-42B1-8A5A-CF7DEF59C2A7) c: \ \ program files \ \ sopcast \ \ sopcast.exe" = UDP: c: \ program files \ sopcast \ sopcast.exe: SopCast Main Application
"UDP Query User (D8A0735D-6D19-4482-A90A-35A9D023DEBE) c: \ \ program files \ \ sopcast \ \ sopcast.exe" = TCP: c: \ program files \ sopcast \ sopcast.exe: SopCast Main Application
"TCP Query User (7B392C25-D64F-4897-B5CC-5C9B83106BB0) c: \ \ program files \ \ mozilla firefox \ \ firefox.exe" = UDP: c: \ program files \ mozilla firefox \ firefox.exe: Firefox
"UDP Query User (9990806D-9198-4760-93E7-C65D44E1FE8A) c: \ \ program files \ \ mozilla firefox \ \ firefox.exe" = TCP: c: \ program files \ mozilla firefox \ firefox.exe: Firefox
"TCP Query User (9998DAB7-D775-4620-A491-D752230551A3) c: \ \ program files \ \ Internet Explorer \ \ iexplore.exe" = UDP: C: \ Program Files \ Internet Explorer \ iexplore.exe: Internet Explorer
"UDP Query User (B9293167-A4DC-43ED-893B-B5B1B89F9988) c: \ \ program files \ \ Internet Explorer \ \ iexplore.exe" = TCP: C: \ Program Files \ Internet Explorer \ iexplore.exe: Internet Explorer
"TCP Query User (B04F6C2B-953A-469D-AFD8-4F3AE27A4941) c: \ \ users \ \ chloe \ \ AppData \ Roaming \ \ s opcast \ \ adv \ \ sopadver.exe" = UDP: C: \ Users \ chloe \ AppData \ Roaming \ sopcast \ adv \ sop adver.exe: sopadver.exe
"UDP Query User (914B6A2A-9A2A-43A8-B4EA-BB1EEDC476B5) c: \ \ users \ \ chloe \ \ AppData \ Roaming \ \ s opcast \ \ adv \ \ sopadver.exe" = TCP: C: \ Users \ chloe \ AppData \ Roaming \ sopcast \ adv \ sop adver.exe: sopadver.exe
"TCP Query User (69F8C35B-6614-4033-B40E-59012B10975A) c: \ \ Program Files \ \ BearFlix \ \ bearflix.exe" = UDP: C: \ Program Files \ BearFlix \ bearflix.exe: BearFlix
"UDP Query User (89ABF64F-F79E-456D-9136-82A8675A3E17) c: \ \ Program Files \ \ BearFlix \ \ bearflix.exe" = TCP: C: \ Program Files \ BearFlix \ bearflix.exe: BearFlix
"(8D76BC83-ABC9-406B-8945-366EA3B7074B)" = UDP: C: \ Program Files \ SmartFTP Client \ SmartFTP.exe: SmartFTP Client
"(9FC79C86-3E66-4A61-aa2A-FAB0C61E0453)" = TCP: C: \ Program Files \ SmartFTP Client \ SmartFTP.exe: SmartFTP Client
"TCP Query User (9FF9F89E-5323-45dB-89F0-BA37B84180EE) c: \ \ program files \ \ TvAnts \ \ tvants.exe" = UDP: c: \ program files \ TvAnts \ tvants.exe: TVAnts
"UDP Query User (C10505B7-BDD4-49BB-93E6-E73B8E6C4E33) c: \ \ program files \ \ TvAnts \ \ tvants.exe" = TCP: c: \ program files \ TvAnts \ tvants.exe: TVAnts
"TCP Query User (A9E241F3-D69C-4E67-938B-33C91AB576A1) c: \ \ program files \ \ TVUPlayer \ \ tvuplayer.exe" = UDP: c: \ program files \ TVUPlayer \ tvuplayer.exe: TVU Player Component
"UDP Query User (D3542B64-2CF9-4c20-B6CB-1D9096FF27EB) c: \ \ program files \ \ TVUPlayer \ \ tvuplayer.exe" = TCP: c: \ program files \ TVUPlayer \ tvuplayer.exe: TVU Player Component
"(F8B68D6E-3A24-4B31-8261-FB3CA92B5740)" = c: \ program files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"TCP Query User (4E95BA55-EDF5-491D-9059-F11FF353A128) c: \ \ users \ \ chloe \ \ AppData \ Roaming \ \ s opcast \ \ adv \ \ sopadver.exe" = UDP: C: \ Users \ chloe \ AppData \ Roaming \ sopcast \ adv \ sop adver.exe: sopadver.exe
"UDP Query User (55C79E39-F1AC-45C7-8F99-995A835F089A) c: \ \ users \ \ chloe \ \ AppData \ Roaming \ \ s opcast \ \ adv \ \ sopadver.exe" = TCP: C: \ Users \ chloe \ AppData \ Roaming \ sopcast \ adv \ sop adver.exe: sopadver.exe
"TCP Query User (A3EF2380-6740-4fd5-913E-D67F54A54B11) c: \ \ program files \ \ sopcast \ \ sopcast.exe" = UDP: c: \ program files \ sopcast \ sopcast.exe: SopCast Main Application
"UDP Query User (E9C164FD-CB41-4D08-9DBA-BDDB929D1C86) c: \ \ program files \ \ sopcast \ \ sopcast.exe" = TCP: c: \ program files \ sopcast \ sopcast.exe: SopCast Main Application
"TCP Query User (C1148110-2D5B-4810-8651-98FBFD3A6751) c: \ \ program files \ \ Internet Explorer \ \ iexplore.exe" = UDP: C: \ Program Files \ Internet Explorer \ iexplore.exe: Internet Explorer
"UDP Query User (F15683E5-A578-47EE-BEB1-4541978254F4) c: \ \ program files \ \ Internet Explorer \ \ iexplore.exe" = TCP: C: \ Program Files \ Internet Explorer \ iexplore.exe: Internet Explorer
"TCP Query User (CCA39E89-B85B-41BA-9A33-CA6DB37579E4) d: \ \ program files \ \ clue.exe" = UDP: d: \ program files \ clue.exe: Clue
"UDP Query User (39F3C83F-DCF0-43B4-B149-19F3630B3078) d: \ \ program files \ \ clue.exe" = TCP: d: \ program files \ clue.exe: Clue
"(01834D55-82B5-480D-BEFF-52EDB82BB8B5)" = c: \ program files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"(90ECB35B-6897-4166-A35A-04BC39978BA9)" = c: \ program files \ AVG \ AVG8 \ avgcc.exe / STARTUP: avgcc.exe / STARTUP
"(504F647E-1476-4948-AA42-DC1DF85CA9A8)" = c: \ program files \ AVG \ AVG8 \ avgupd.exe: avgupd.exe
"(CC411EBB-9ACA-4217-9994-ABB961E83B3C)" = UDP: C: \ Program Files \ uTorrent \ uTorrent.exe: μTorrent (TCP-In)
"(031AA3B5-F93B-4E4B-9ED7-66C6B9FFF3E8)" = TCP: C: \ Program Files \ uTorrent \ uTorrent.exe: μTorrent (UDP-In)
"(1D54F818-ABAC-418F-8F39-17EA7664FABE)" = UDP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour
"(3C9FFAF4-40EA-450F-A906-D34D3E2EFA72)" = TCP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour
"(6AC9F5D1-C3AC-4878-8740-8A3E10F857E2)" = UDP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes
"(77045B5E-EC2E-4749-AC23-32130CD39567)" = TCP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes
"(00BE12C0-42CB-4b64-AA07-80A45C05B97C)" = Disabled: UDP: c: \ program files \ Sports Interactive \ Football Manager 2008 \ fm.exe: Football Manager 2008
"(0A529C81-B8E4-4809-A54B-B5141A997A78)" = Disabled: TCP: c: \ program files \ Sports Interactive \ Football Manager 2008 \ fm.exe: Football Manager 2008

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo antonny \ PublicProfile]
"EnableFirewall" = 0 (0x0)

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo antonny \ StandardProfile]
"EnableFirewall" = 0 (0x0)

R1 AvgLdx86; AVG Free AVI Loader Driver x86; c: \ windows \ system32 \ drivers \ avgldx86.sys [2008-12-24 325128]
R1 AvgTdiX; AVG8 Network Redirector; c: \ windows \ system32 \ drivers \ avgtdix.sys [2009-03-11 107272]
R1 ItSDisk; ItSDisk c: \ windows \ system32 \ drivers \ itsdis k.sys [2006-05-16 23496]
R1 PersonalSecureDrive; PersonalSecureDrive c: \ windows \ system32 \ drivers \ psd.sys [2007-01-23 39080]
R2 ASBroker; Logon Session Broker; c: \ windows \ system32 \ svchost.exe-k Cognizance [2008-08-07 21504]
R2 ASChannel; Local Communication Channel; c: \ windows \ system32 \ svchost.exe-k Cognizance [2008-08-07 21504]
R2 avg8emc; AVG Free8 E-mail Scanner; c: \ progra ~ 1 \ AVG \ AVG8 \ avgcc.exe / STARTUP [2009-03-11 903960]
R2 avg8wd; AVG Free8 WatchDog; c: \ progra ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe [2009-03-11 298264]
R2 HDDlife HDD Access service; HDDlife HDD Access-service: c: \ program files \ BinarySense \ HDDlife 3 \ hldasvc.exe [2007-08-09 816376]
R2 SBSDWSCService; SBSD Security Center Service; c: \ program files \ Spybot - Search & Destroy \ SDWinSec.exe [2007-07-15 1153368]
R2 StkSSrv; Syntek AVStream USB2.0 WebCam Service; c: \ windows \ system32 \ StkCSrv.exe [2007-02-07 24576]
R3 AtcL001; NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; c: \ windows \ system32 \ drivers \ s atl01v32.sy [2007-03-15 48128]
R3 StkCMini; Syntek AVStream USB2.0 1.3M Webcam; c: \ windows \ system32 \ drivers \ StkCMini.sys [2007-02-13 1245056]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ svchost]
bthsvcs REG_MULTI_SZ BthServ
Kennis REG_MULTI_SZ ASBroker ASChannel

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ explorer \ mountpoints2 \ E]
\ shell \ AutoRun \ command - E: \ Start.exe

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ explorer \ mountpoints2 \ H]
\ shell \ AutoRun \ command - H: \ LaunchU3.exe

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ mountpoints2 \ (1a4a90a1-32d4-11dc-aa3d-001bfc03310e)]
\ shell \ AutoRun \ command - H: \ LaunchU3.exe

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ mountpoints2 \ (c1865685-0291-11dc-b943-806e6f6e6963)]
\ shell \ AutoRun \ command - E: \ Autorun.exe
.
Inhoud van de 'Geplande taken' map

2009-01-11 C: \ WINDOWS \ Tasks \ Defrag Job # 00.job
- C: \ program files \ DiskTrix \ UltimateDefrag \ UDefrag.exe []

2009-03-26 C: \ WINDOWS \ Tasks \ GoogleUpdateTaskUserS-1-5-21-3600620296-2450975610-132854369-1000.job
- C: \ Users \ CHLOE \ AppData \ Local \ Google \ Update \ GoogleU pdate.exe [2009-03-17 22:06]

2009-03-30 C: \ WINDOWS \ Tasks \ User_Feed_Synchronization-(5963E371-2796-42F4-9A54-042DA9F406BC). Baan
- C: \ windows \ system32 \ msfeedssync.exe [2008-01-19 08:33]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp: / / www.google.co.uk/
uInternet Instellingen, ProxyOverride = *. lokale
IE: E & xporteren naar Microsoft Excel - c: \ progra ~ 1 \ MICROS ~ 2 \ Office10 \ EXCEL.EXE/3000
FF - profilepath - C: \ Users \ CHLOE \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-bestanden \ ppnzryw9.default \
FF - prefs.js: browser.search.defaulturl - hxxp: / / search.conduit.com / ResultsExt.aspx? Ctid = CT1178131 & SearchSource = 3 & q =
FF - prefs.js: browser.search.selectedEngine - Zoeken op het web
FF - prefs.js: browser.startup.homepage - hxxp: / / www.google.co.uk/
FF - component: C: \ Program Files \ AVG \ AVG8 \ Firefox \ componenten \ avgssff.dll
FF - component: C: \ Program Files \ AVG \ AVG8 \ ToolbarFF \ componenten \ vmAVGConnector. Dll
FF - component: C: \ Program Files \ Real \ RealPlayer \ browserrecord \ componenten \ NPR pbrowserrecordplugin.dll
FF - component: C: \ Users \ CHLOE \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-bestanden \ ppnzryw9.default \ extensions \ (463F6CA5-EE3C-4be1-B7E6-7FEE11953374) \ platform \ WINDOWS \ componenten \ FoxyTunes. dll
FF - plugin: C: \ Program Files \ Mozilla Firefox \ plugins \ np-mswmp.dll
FF - plugin: C: \ Users \ CHLOE \ AppData \ Local \ Google \ Update \ 1.2.141 .5 \ npGoogleOneClick7.dll
FF - plugin: d: \ program files \ Reader \ browser \ nppdf32.dll

---- FIREFOX BELEIDSVORMEN ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.08); user_pref (general.useragent.extra.zencast, Creative ZENcast v2.00.07.

************************************************** ************************

CatchMe 0.3.1375 W2K/XP/Vista - rootkit / stealth malware detector, Gmer, http://www.gmer.net
Rootkit scan 2009-03-30 22:08:49
Windows 6.0.6001 Service Pack 1 NTFS

het scannen van verborgen processen ...

het scannen van verborgen autostart items ...

het scannen van verborgen bestanden ...

scannen is voltooid
verborgen bestanden: 0

************************************************** ************************
.
--------------------- DLLs Geladen Onder Running Processes ---------------------

- - - - - - -> "Lsass.exe" (696)
c: \ program files \ ASUS Security Center \ ASUS Security Protect Manager \ Bin \ ASWLNPkg.dll
c: \ program files \ ASUS Security Center \ ASUS Security Protect Manager \ Bin \ ItMsg.dll

- - - - - - -> 'Explorer.exe' (5000)
c: \ program files \ RocketDock \ RocketDock.dll
c: \ program files \ ASUS Security Center \ ASUS Security Protect Manager \ Bin \ SFSShell.dll
c: \ program files \ ASUS Security Center \ ASUS Security Protect Manager \ Bin \ ItMsg.dll
.
------------------------ Other Running Processes ----------------------- --
.
c: \ windows \ system32 \ audiodg.exe
c: \ windows \ system32 \ ZoneLabs \ vsmon.exe
c: \ windows \ system32 \ wlanext.exe
c: \ program files \ ATK Sneltoets \ ASLDRSrv.exe
c: \ program files \ ATKGFNEX \ GFNEXSrv.exe
c: \ program files \ ASUS Security Center \ ASUS Security Protect Manager \ Bin \ asghost.exe
c: \ program files \ ATK Sneltoets \ HControl.exe
c: \ program files \ ATKOSD2 \ ATKOSD2.exe
C: \ Program Files \ Wireless Console 2 \ wcourier.exe
C: \ Program Files \ ASUS \ Splendid \ ACMON.exe
c: \ program files \ P4G \ BatteryLife.exe
c: \ windows \ system32 \ ACEngSvr.exe
c: \ program files \ ATK Sneltoets \ ATKOSD.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ Symantec \ LiveUpdate \ AluSchedulerSvc.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ EvtEng.exe
c: \ progra ~ 1 \ AVG \ AVG8 \ avgrsx.exe
c: \ progra ~ 1 \ AVG \ AVG8 \ avgnsx.exe
C: \ Program Files \ Intel \ Intel Matrix Storage Manager \ IAANTmon.exe
c: \ windows \ system32 \ IFXTCS.exe
C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
c: \ windows \ system32 \ IfxPsdSv.exe
c: \ windows \ system32 \ PSIService.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ RegSrvc.exe
c: \ program files \ ASUS \ NB Probe \ SPM \ spmgr.exe
C: \ Program Files \ AVG \ AVG8 \ avgcsrvx.exe
c: \ windows \ system32 \ IfxUAGUI.exe
c: \ program files \ Infineon \ Security Platform Software \ PSDrt.exe
c: \ program files \ Infineon \ Security Platform Software \ SpTNA.exe
c: \ windows \ system32 \ rundll32.exe
.
************************************************** ************************
.
Voltooingstijd: 2009-03-30 22:16:25 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-30 21:15:12

Pre-Run: 38800285696 bytes vrij
Post-Run: 38307028992 bytes vrij

Actueel = 1 Default = 1 is mislukt = 0 LastKnownGood = 41 sets = 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18, 19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35, 36,37,38,39,40,41
354 --- EOF --- 2009-03-29 15:30:34

Nog een korte vraag firefox lijkt te werken een beetje trager dan normaal en toen ik het dicht neer en ga naar het opstarten van een tijdje later. Het opent met een bericht waarin staat firefox is momenteel actief, maar reageert niet. Sluit alle versies voordat je het opnieuw probeert of iets in die richting. Zou dit log geven / show enige reden voor dit? Sorry als thats een domme vraag.

**evilfantasy** · #8 30 maart 2009, 15:17

Verwijder deze bestanden / mappen, als volgt:

1. Ga naar Start > Rennen > Type Notepad.exe en klik op OK Kladblok te openen.
Het moet worden Kladblok, Wordpad niet.
2. Kopieer de tekst in de onderstaande code vak door alle tekst en drukken Ctrl + C

Code:

Killall:: Register:: [-HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecAntiVirus] [-HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecFirewall] [-HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ mountpoints2 \ E] [-HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ mountpoints2 \ (c1865685-0291-11dc-b943-806e6f6e6963)] Firefox:: FF - prefs.js: browser.search.defaulturl - hxxp: / / search.conduit.com / ResultsExt.aspx? ctid = CT1178131 & SearchSource = 3 & q = FF - prefs.js: browser.search.selectedEngine - Zoeken op het web

3. Ga naar het Kladblok-venster en klik op Bewerken > Plakken
4. Klik vervolgens op Bestand > Redden
5. Geef het bestand de naam CFScript.txt - Sla het bestand op uw bureaublad
6. Vervolgens sleept u de CFScript (houd de linker muisknop te slepen, terwijl het bestand) en de daling van het (laat de linker muisknop) in ComboFix.exe zoals je kunt zien in het screenshot hieronder. Belangrijk: Voer deze instructie zorgvuldig!

ComboFix zal beginnen uit te voeren, volg de instructies.
Na een reboot (in geval er gevraagd om opnieuw op te starten), zal een log voor je.
Post dat log (Combofix.txt) in je volgende antwoord.

Opmerking: Niet muisklik ComboFix het venster terwijl het draait. Dat kan ertoe leiden dat uw systeem te bevriezen

----------

Download de Norton Removal Tool (SymNRT) op uw bureaublad.

Gedownloade Sluit alle geopende browsers, ook opslaan elk werk, omdat dit kan vereisen een herstart.

Ga naar uw bureaublad en dubbelklik op het hulpprogramma voor het verwijderen en klik op Setup.
Eenmaal geopend, klik Volgende
Accepteer de licentieovereenkomst en klik op Volgende
Typ de letters / cijfers die u ziet in het tekstvak en klik op Volgende.
Klik vervolgens op Volgende en het instrument weergegeven.
Eenmaal klaar herstart de PC.
Verwijderen Nortonremoval instrument van uw bureaublad.

----------

Uw Java is verouderd.

Oudere versies hebben kwetsbaarheden die kwaadaardige sites kunt gebruiken om uw systeem te infecteren.

Installeer eerst de nieuwe Sun Java Runtime Environment

Zorg dat u alle browservensters sluiten voordat u begint met de installatie.

Verwijder de oude versie (s)

Downloaden JavaRa

Unzip het bestand en open de JavaRa.exe
Klik op Verwijder de oudere versies
JavaRa zal zoeken naar en verwijderen van alle verouderde versie van Java en verwijderen die zijn gevonden.
Klik op Aanvullende taken
Plaats een vinkje naast Verwijder Nutteloze JRE Files en klik op Gaan
Afsluiten JavaRa
Verwijder de JavaRa bestanden van de Desktop

Aanvullende Opmerking: De Java Quick Starter (JQS.exe) voegt een dienst aan de verbetering van de initiële opstarttijd van Java-applets en-toepassingen. Het uitschakelen van de JQS dienst als u niet wilt gebruiken, ga dan naar Start> Configuratiescherm> Java> Geavanceerd> Diversen en unvink het vakje voor Java Quick Starter. Klik op OK en herstart uw computer.

----------

Downloaden ATF Cleaner door Atribune naar uw bureaublad.

Alternatieve download link

Opmerking: Vista-gebruikers moeten Run as administrator

Onder Main: Selecteer bestanden om te verwijderen kiezen: Alles selecteren.
Klik op de Lege Geselecteerde knop.
Als je gebruik maakt van Firefox-browser klik Firefox aan de boven-en kies: Alles selecteren
Klik op de Lege Geselecteerde knop.
Als u wenst te houden je opgeslagen wachtwoorden klikt u op Nee op de prompt.
Als je gebruik maakt van Opera browser klik Opera aan de boven-en kies: Alles selecteren
Klik op de Lege Geselecteerde knop.
Als u wenst te houden je opgeslagen wachtwoorden klikt u op Nee op de prompt.
Klik op Afsluiten op het hoofdmenu af te sluiten van het programma.

Merk op dat uw systeem draait langzamer voor een reboot of twee na hebben gebruikt dit instrument dus niet in paniek te raken.

Belangrijk: Start de computer opnieuw op voordat u verdergaat.

----------

Hoe wordt de computer draait nu?

**HistoryGirl** · #9 31 maart 2009, 09:25

Nieuwe ComboFix Log:

ComboFix 09-03-29.04 - CHLOE 2009-03-31 16:37:20.2 - NTFSx86
Microsoft ® Windows Vista ™ Ultimate 6.0.6001.1.1252.1.1033.18.2046.1173 [GMT 1:00]
Gestart vanuit: C: \ Users \ CHLOE \ Desktop \ ComboFix.exe
Command switches used:: C: \ Users \ CHLOE \ Desktop \ CFScript.txt
AV: AVG Anti-Virus Free * On-access scanning ingeschakeld * (Updated)
FW: ZoneAlarm Firewall ingeschakeld * *
* Gemaakt van een nieuw herstelpunt
.

((((((((((((((((((((((((( Bestanden Gemaakt van 2009-02-28 tot 2009-03-31 ))))))))))) ))))))))))))))))))))
.

2009-03-31 17:15. 2009-03-31 17:15 45.056 - a ------ c: \ windows \ system32 \ acovcnt.exe
2009-03-30 22:26. 2009-03-30 22:26 <DIR> d -------- c: \ program files \ MediaMonkey
2009-03-29 16:23. 2008-06-20 02:14 781.344 - a ------ c: \ windows \ system32 \ PresentationNative_v0300.dll
2009-03-29 16:23. 2008-06-20 02:14 622.080 - a ------ c: \ windows \ system32 \ icardagt.exe
2009-03-29 16:23. 2008-06-20 02:14 326.160 - a ------ c: \ windows \ system32 \ PresentationHost.exe
2009-03-29 16:23. 2008-06-20 02:14 105.016 - a ------ c: \ windows \ system32 \ PresentationCFFRasterizerNativ e_v0300.dll
2009-03-29 16:23. 2008-06-20 02:14 97.800 - a ------ c: \ windows \ system32 \ infocardapi.dll
2009-03-29 16:23. 2008-06-20 02:14 43.544 - a ------ c: \ windows \ system32 \ PresentationHostProxy.dll
2009-03-29 16:23. 2008-06-20 02:14 37.384 - a ------ c: \ windows \ system32 \ infocardcpl.cpl
2009-03-29 16:23. 2008-06-20 02:14 11.264 - a ------ c: \ windows \ system32 \ icardres.dll
2009-03-29 16:15. 2008-07-27 19:03 282.112 - a ------ c: \ windows \ system32 \ mscoree.dll
2009-03-29 16:15. 2008-07-27 19:03 96.760 - a ------ c: \ windows \ system32 \ dfshim.dll
2009-03-29 16:15. 2008-07-27 19:03 41.984 - a ------ c: \ windows \ system32 \ netfxperf.dll
2009-03-29 16:14. 2008-07-27 19:03 158.720 - a ------ c: \ windows \ system32 \ mscorier.dll
2009-03-29 16:14. 2008-07-27 19:03 83.968 - a ------ c: \ windows \ system32 \ mscories.dll
2009-03-29 13:52. 2009-03-29 13:53 <DIR> d -------- c: \ program files \ Defraggler
2009-03-29 13:26. 2008-02-23 05:38 170.496 - a ------ c: \ windows \ system32 \ tcpipcfg.dll
2009-03-29 13:26. 2008-02-23 03:41 22.528 - a ------ c: \ windows \ system32 \ netiougc.exe
2009-03-29 13:25. 2009-02-16 00:10 1.221.512 - a ------ c: \ windows \ system32 \ zpeng25.dll
2009-03-17 21:57. 2009-03-17 21:57 <DIR> d -------- c: \ program files \ Microsoft
2009-03-17 21:56. 2009-03-17 21:56 <DIR> d -------- c: \ windows \ PCHEALTH
2009-03-16 22:43. 2009-03-28 22:36 <DIR> d - h ----- C: \ $ $ AVG8.VAULT
2009-03-16 20:59. 2009-03-16 20:59 25 - a ------ c: \ windows \ cdplayer.ini
2009-03-14 00:34. 2008-12-05 05:32 428.544 - a ------ c: \ windows \ system32 \ EncDec.dll
2009-03-14 00:34. 2008-12-05 05:32 293.376 - a ------ c: \ windows \ system32 \ psisdecd.dll
2009-03-14 00:34. 2008-12-05 05:31 217.088 - a ------ c: \ windows \ system32 \ psisrndr.ax
2009-03-14 00:34. 2008-12-05 05:31 177.664 - a ------ c: \ windows \ system32 \ mpg2splt.ax
2009-03-14 00:34. 2008-12-05 05:31 80.896 - a ------ c: \ windows \ system32 \ MSNP.ax
2009-03-14 00:29. 2009-03-14 00:29 <DIR> d -------- C: \ ProgramData \ (00D89592-F643-4D8D-8f0f-AFAE0F14D4C3)
2009-03-14 00:29. 2009-03-14 00:29 <DIR> d -------- c: \ program files \ iTunes
2009-03-14 00:29. 2009-03-14 00:29 <DIR> d -------- c: \ program files \ iPod
2009-03-14 00:29. 2008-04-17 13:12 107.368 - a ------ c: \ windows \ system32 \ GEARAspi.dll
2009-03-14 00:29. 2009-01-15 13:19 23.848 - a ------ c: \ windows \ system32 \ drivers \ GEARAspiWDM.sys
2009-03-14 00:26. 2009-03-14 00:27 <DIR> d -------- c: \ program files \ QuickTime
2009-03-12 23:39. 2009-03-12 23:39 <DIR> d -------- C: \ ProgramData \ Kontiki
2009-03-12 23:39. 2009-03-12 23:39 <DIR> d -------- c: \ program files \ Kontiki
2009-03-12 23:39. 2009-03-12 23:39 <DIR> d -------- c: \ program files \ Channel4
2009-03-12 23:38. 2009-03-12 23:38 <DIR> d -------- C: \ ProgramData \ Channel4
2009-03-11 22:33. 2009-03-31 17:16 <DIR> d -------- C: \ Users \ CHLOE \ Tracing
2009-03-11 22:22. 2009-03-11 22:22 <DIR> d -------- c: \ program files \ Windows Live SkyDrive
2009-03-11 22:22. 2009-03-17 21:57 <DIR> d -------- c: \ program files \ Windows Live
2009-03-11 21:57. 2009-03-11 21:57 <DIR> d -------- c: \ program files \ common files \ Windows Live
2009-03-11 13:13. 2009-03-11 21:47 <DIR> d -------- c: \ program files \ Amazon
2009-03-11 13:13. 2009-03-11 13:13 107.272 - a ------ c: \ windows \ system32 \ drivers \ avgtdix.sys
2009-03-11 02:09. 2009-01-15 04:36 1.383.424 - a ------ c: \ windows \ system32 \ Mshtml.tlb
2009-03-11 02:09. 2009-01-15 07:11 827.392 - a ------ c: \ windows \ system32 \ wininet.dll
2009-03-11 02:05. 2008-12-16 04:29 8.147.456 - a ------ c: \ windows \ system32 \ wmploc.DLL
2009-03-11 02:05. 2008-12-16 06:31 7.680 - a ------ c: \ windows \ system32 \ spwmp.dll
2009-03-11 02:05. 2008-12-16 06:31 4.096 - a ------ c: \ windows \ system32 \ msdxm.ocx
2009-03-11 02:05. 2008-12-16 06:31 4.096 - a ------ c: \ windows \ system32 \ Dxmasf.dll
2009-03-11 02:03. 2008-12-16 03:42 288.768 - a ------ c: \ windows \ system32 \ drivers \ Srv.sys
2009-03-11 02:03. 2008-11-27 05:43 268.288 - a ------ c: \ windows \ system32 \ schannel.dll
2009-03-11 02:02. 2009-02-09 04:10 2.033.152 - a ------ c: \ windows \ system32 \ win32k.sys
2009-02-06 19:52. 2009-02-06 19:52 49.504 - a ------ c: \ windows \ system32 \ sirenacm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-31 16:15 --------- d --- aw C: \ WINDOWS \ TEMP
2009-03-31 16:14 350.195 --- ha-w c: \ windows \ system32 \ drivers \ vsconfig.xml
2009-03-29 14:42 --------- d ----- wc: \ ProgramData \ Spybot - Search & Destroy
2009-03-29 14:42 --------- d ----- wc: \ program files \ Spybot - Search & Destroy
2009-03-29 14:42 --------- d ----- wc: \ program files \ CCleaner
2009-03-19 16:48 --------- d ----- wc: \ users \ CHLOE \ AppData \ Roaming \ uTorrent
2009-03-16 19:58 --------- d ----- wc: \ program files \ common files \ Real
2009-03-13 23:29 --------- d ----- wc: \ ProgramData \ Apple Computer
2009-03-13 23:29 --------- d ----- wc: \ program files \ common files \ Apple
2009-03-13 23:27 --------- d ----- wc: \ program files \ Bonjour
2009-03-12 22:24 --------- d ----- wc: \ program files \ Google
2009-03-11 23:07 --------- d ----- wc: \ Program Files \ Microsoft Silverlight
2009-03-11 23:05 --------- d ----- wc: \ program files \ Windows Mail
2009-03-11 12:13 325.128 ---- aw c: \ windows \ system32 \ drivers \ avgldx86.sys
2009-03-11 11:52 --------- d ----- wc: \ WINDOWS \ AVG8
2009-02-15 23:11 293.528 ---- aw c: \ windows \ system32 \ drivers \ vsdatant.sys
2009-01-14 20:20 55.232 ---- aw C: \ Users \ CHLOE \ AppData \ Roaming \ GDIPFONTCACHEV1.DAT
2008-12-31 21:51 13.025 ---- aw C: \ Users \ CHLOE \ AppData \ Roaming \ nvModes.dat
2008-12-31 14:32 174 - sha-w c: \ program files \ desktop.ini
2008-11-19 15:31 81.920 ---- aw C: \ Users \ CHLOE \ AppData \ Roaming \ ezpinst.exe
2008-11-19 15:31 47.360 ---- aw C: \ Users \ CHLOE \ AppData \ Roaming \ pcouffin.sys
2007-05-31 18:23 77.160 ---- aw C: \ Users \ CHLOE \ dsetup.dll
2007-05-31 18:23 503.144 ---- aw C: \ Users \ CHLOE \ dxsetup.exe
2007-05-31 18:23 1.673.576 ---- aw C: \ Users \ CHLOE \ dsetup32.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-03-30_22.13.33.29 )))))))))) )))))))))))))))))))))))))))))))
.
+ 2009-03-31 16:14:31 2.048 - sha-w c: \ windows \ ServiceProfiles \ LocalService \ AppData \ lo cal \ lastalive0.dat
+ 2009-03-31 16:14:31 2.048 - sha-w c: \ windows \ ServiceProfiles \ LocalService \ AppData \ lo cal \ lastalive1.dat
- 2009-03-30 21:07:56 1.048.576 - sha-w c: \ windows \ ServiceProfiles \ LocalService \ NTUSER.DAT
+ 2009-03-31 16:15:44 1.048.576 - sha-w c: \ windows \ ServiceProfiles \ LocalService \ NTUSER.DAT
- 2009-03-30 21:07:56 1.048.576 - sha-w c: \ windows \ ServiceProfiles \ NetworkService \ NTUSER.D AT
+ 2009-03-31 16:15:44 1.048.576 - sha-w c: \ windows \ ServiceProfiles \ NetworkService \ NTUSER.D AT
- 2009-03-30 21:07:06 16.384 - sha-w c: \ windows \ system32 \ config \ systemprofile \ AppData \ L okale \ Microsoft \ Windows \ History \ History.IE5 \ index.d op
+ 2009-03-31 16:14:35 16.384 - sha-w c: \ windows \ system32 \ config \ systemprofile \ AppData \ L okale \ Microsoft \ Windows \ History \ History.IE5 \ index.d op
- 2009-03-30 21:07:06 32.768 - sha-w c: \ windows \ system32 \ config \ systemprofile \ AppData \ L okale \ Microsoft \ Windows \ Temporary Internet Files \ Content.IE5 \ index.dat
+ 2009-03-31 16:14:35 32.768 - sha-w c: \ windows \ system32 \ config \ systemprofile \ AppData \ L okale \ Microsoft \ Windows \ Temporary Internet Files \ Content.IE5 \ index.dat
- 2009-03-30 21:07:06 16.384 - sha-w c: \ windows \ system32 \ config \ systemprofile \ AppData \ R oaming \ Microsoft \ Windows \ Cookies \ index.dat
+ 2009-03-31 16:14:35 16.384 - sha-w c: \ windows \ system32 \ config \ systemprofile \ AppData \ R oaming \ Microsoft \ Windows \ Cookies \ index.dat
- 2009-03-30 19:05:35 126.818 ---- aw c: \ windows \ system32 \ perfc007.dat
+ 2009-03-31 15:21:23 126.818 ---- aw c: \ windows \ system32 \ perfc007.dat
- 2009-03-30 19:05:35 119.076 ---- aw c: \ windows \ system32 \ Perfc009.dat
+ 2009-03-31 15:21:23 119.076 ---- aw c: \ windows \ system32 \ Perfc009.dat
- 2009-03-30 19:05:35 127.578 ---- aw c: \ windows \ system32 \ perfc00C.dat
+ 2009-03-31 15:21:23 127.578 ---- aw c: \ windows \ system32 \ perfc00C.dat
- 2009-03-30 19:05:35 124.352 ---- aw c: \ windows \ system32 \ perfc010.dat
+ 2009-03-31 15:21:23 124.352 ---- aw c: \ windows \ system32 \ perfc010.dat
- 2009-03-30 19:05:35 130.866 ---- aw c: \ windows \ system32 \ perfc013.dat
+ 2009-03-31 15:21:23 130.866 ---- aw c: \ windows \ system32 \ perfc013.dat
- 2009-03-30 19:05:35 130.272 ---- aw c: \ windows \ system32 \ perfc019.dat
+ 2009-03-31 15:21:23 130.272 ---- aw c: \ windows \ system32 \ perfc019.dat
- 2009-03-30 19:05:35 620.942 ---- aw c: \ windows \ system32 \ perfh007.dat
+ 2009-03-31 15:21:23 620.942 ---- aw c: \ windows \ system32 \ perfh007.dat
- 2009-03-30 19:05:35 644.794 ---- aw c: \ windows \ system32 \ Perfh009.dat
+ 2009-03-31 15:21:23 644.794 ---- aw c: \ windows \ system32 \ Perfh009.dat
- 2009-03-30 19:05:35 672.380 ---- aw c: \ windows \ system32 \ perfh00C.dat
+ 2009-03-31 15:21:23 672.380 ---- aw c: \ windows \ system32 \ perfh00C.dat
- 2009-03-30 19:05:35 666.234 ---- aw c: \ windows \ system32 \ perfh010.dat
+ 2009-03-31 15:21:23 666.234 ---- aw c: \ windows \ system32 \ perfh010.dat
- 2009-03-30 19:05:35 669.852 ---- aw c: \ windows \ system32 \ perfh013.dat
+ 2009-03-31 15:21:23 669.852 ---- aw c: \ windows \ system32 \ perfh013.dat
- 2009-03-30 19:05:35 657.990 ---- aw c: \ windows \ system32 \ perfh019.dat
+ 2009-03-31 15:21:23 657.990 ---- aw c: \ windows \ system32 \ perfh019.dat
- 2009-03-30 19:03:55 17.414 ---- aw C: \ WINDOWS \ System32 \ WDI \ (86432a0b-3c7d-4ddf-a89c-172faa90485d) \ S-1-5-21-3600620296-2450975610 - 132854369-1000_UserData.bin
+ 2009-03-31 16:17:14 18.026 ---- aw C: \ WINDOWS \ System32 \ WDI \ (86432a0b-3c7d-4ddf-a89c-172faa90485d) \ S-1-5-21-3600620296-2450975610 - 132854369-1000_UserData.bin
- 2009-03-30 19:03:55 81.750 ---- aw C: \ WINDOWS \ System32 \ WDI \ BootPerformanceDiagnostics _SystemData.bin
+ 2009-03-31 16:17:14 81.884 ---- aw C: \ WINDOWS \ System32 \ WDI \ BootPerformanceDiagnostics _SystemData.bin
- 2009-03-30 19:03:54 68.204 ---- aw C: \ WINDOWS \ System32 \ WDI \ ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2009-03-31 15:15:30 68.346 ---- aw C: \ WINDOWS \ System32 \ WDI \ ShutdownPerformanceDiagnos tics_SystemData.bin
.
- Snapshot teruggezet naar huidige datum --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & legit default entries worden niet weergegeven
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"RocketDock" = "c: \ program files \ RocketDock \ RocketDock.exe" [2007-09-02 495616]
"msnmsgr" = "C: \ Program Files \ Windows Live \ Messenger \ msnmsgr.exe" [2009-02-06 3885408]
"WMPNSCFG" = "C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"ASUS Screen Saver Protector" = "c: \ windows \ ASScrPro.exe" [2007-05-15 33136]
"IFXSPMGT" = "c: \ windows \ system32 \ ifxspmgt.exe" [2007-02-26 677408]
"ZoneAlarm Client" = "C: \ Program Files \ Zone Labs \ ZoneAlarm \ zlclient.exe" [2009-02-16 981384]
"LVCOMSX" = "C: \ Program Files \ \ iTunes \ iTunesHelper.exe" [2007-03-01 857648]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ valuta entversion \ policies \ system]
"EnableUIADesktopToggle" = 0 (0x0)

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Windows]
"AppInit_DLLs" = APSHook.dll avgrsstx.dll

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ drivers32]
"msacm.ac3filter" = ac3filter.acm

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ Lsa]
Notification Packages REG_MULTI_SZ SceCli ASWLNPkg

[HKLM \ ~ \ startupfolder \ C: ^ ProgramData ^ Microsoft ^ Wind ows ^ Menu Start ^ Programma's ^ Opstarten ^ WinZip Quick Pick.lnk]
path = C: \ ProgramData \ Microsoft \ Windows \ Start Menu \ Programs \ Startup \ WinZip Quick Pick.lnk
backup = c: \ windows \ pss \ WinZip Quick Pick.lnk.CommonStartup
backupExtension =. CommonStartup

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ 4oD]
- a ------ 2007-04-23 12:23 1032640 C: \ Program Files \ Kontiki \ KHost.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Adobe Reader Speed Launcher]
- a ------ 2008-06-12 02:38 34672 d: \ program files \ Reader \ reader_sl.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ shared tools \ msconfig \ startupreg \ ASUS Camera ScreenSaver]
- a ------ 2007-05-15 05:12 37232 c: \ windows \ ASScrProlog.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ shared tools \ msconfig \ startupreg \ ATKMEDIA]
- a ------ 2006-11-02 16:27 61440 c: \ program files \ ASUS \ ATK Media \ DMedia.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ AVG8_TRAY]
- a ------ 2009-03-11 13:13 1601304 C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgtray.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ shared tools \ msconfig \ startupreg \ CognizanceTS]
-ra ------ 2003-12-21 22:11 17920 c: \ progra ~ 1 \ ASUSSE ~ 1 \ ASUSSE ~ 1 \ Bin \ ASTSVCC.dll

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ ehTray.exe]
- a ------ 2008-01-19 08:33 125952 c: \ windows \ htpatch.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ shared tools \ msconfig \ startupreg \ Google Update]
- a ---- t-2009-03-17 22:06 133104 C: \ Users \ CHLOE \ AppData \ Local \ Google \ Update \ GoogleU pdate.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ iTunesHelper]
- a ------ 2009-03-11 14:52 342312 c: \ program files \ \ ccRegVfy.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ msnmsgr]
- a ------ 2009-02-06 19:51 3885408 C: \ Program Files \ Windows Live \ Messenger \ msmsgs.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ NvCplDaemon]
- a ------ 2007-04-04 12:40 8429568 C: \ WINDOWS \ system32 \ NvMcTray.dll

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ NvMediaCenter]
- a ------ 2007-04-04 12:40 81920 c: \ windows \ system32 \ NvCpl.dll

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ shared tools \ msconfig \ startupreg \ iTunesHelper]
- a ------ 2007-04-04 12:40 86016 c: \ windows \ system32 \ nvsvc.dll

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ QuickTime Task]
- a ------ 2009-01-05 17:18 413696 c: \ program files \ Spyware Doctor \ pctsTray.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ shared tools \ msconfig \ startupreg \ RocketDock]
- a ------ 2007-09-02 13:58 495616 c: \ program files \ RocketDock \ RocketDock.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SpybotSD TeaTimer]
-rahs ---- 2009-03-05 16:07 2260480 C: \ Program Files \ Spybot - Search & Destroy \ WMPNSCFG.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SunJavaUpdateSched]
- a ------ 2008-06-10 04:27 144784 c: \ program files \ Java \ jre1.6.0_07 \ bin \ jusched.exe "

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ TkBellExe]
- a ------ 2009-03-16 20:58 198160 c: \ program files \ common files \ Real \ avgas.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ shared tools \ msconfig \ startupreg \ Windows Defender]
- a ------ 2008-01-19 08:38 1008184 C: \ Program Files \ Windows Defender \ MSASCui.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ WMPNSCFG]
- a ------ 2008-01-19 08:33 202240 c: \ program files \ Windows Media Player \ ctfmon.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ shared tools \ msconfig \ startupreg \ (0228e555-4f9c-4e35-a3ec-b109a192b4c2)]
- a ------ 2005-07-15 22:48 479232 c: \ program files \ Google \ Gmail Notifier \ gnotify.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ shared tools \ msconfig \ startupreg \ HotKeysCmds]
- a ------ 2007-02-15 10:07 4390912 C: \ WINDOWS \ hkcmd.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ ZoneLabsFirewall]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo antonny \ DomainProfile]
"EnableFirewall" = 0 (0x0)

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo antonny \ FirewallRules]
"(71E74FA5-D1FA-4A82-9121-AE2CACB2ED04)" = Profile = Private | c: \ program files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"(2FE2345B-5C77-485E-9855-FC6024DE75EC)" = Profile = Private | c: \ program files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"(CC9CFD37-6799-47cf-9AEE-1063F21C5548)" = Profile = Private | c: \ program files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"(3D44E6E8-68F3-42F0-B97E-1081F1354874)" = UDP: C: \ Program Files \ LimeWire \ LimeWire.exe: LimeWire 4.12.15
"(B2393435-26B3-4482-A391-C964F3370D66)" = TCP: C: \ Program Files \ LimeWire \ LimeWire.exe: LimeWire 4.12.15
"(1B1039C9-3AEF-4B2E-85CA-DA79FB7CDBD3)" = Disabled: C: \ Program Files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"(F9EC3544-5A35-4D84-A067-E7167563791A)" = Disabled: C: \ Program Files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"(A9CE85F3-F9BA-4875-B169-9DEF59911C8A)" = Disabled: C: \ Program Files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"TCP Query User (0FAAFA32-F5A3-4C35-9AFD-A648E4B3016E) c: \ \ program files \ \ utorrent \ \ utorrent.exe" = UDP: c: \ program files \ utorrent \ utorrent.exe: uTorrent
"UDP Query User (CDC85196-C503-4F00-82DC-B95F8D021895) c: \ \ program files \ \ utorrent \ \ utorrent.exe" = TCP: c: \ program files \ utorrent \ utorrent.exe: uTorrent
"TCP Query User (5D761702-BEB7-4B94-B693-1A7EF8E441ED) c: \ \ program files \ \ easy webtv & radio \ \ easywebtv.exe" = UDP: c: \ program files \ easy webtv & radio \ easywebtv.exe : Web-TV \ Radio \ Media
"UDP Query User (A7E2F9B1-976E-49B1-960A-8FE671DECB26) c: \ \ program files \ \ easy webtv & radio \ \ easywebtv.exe" = TCP: c: \ program files \ easy webtv & radio \ easywebtv.exe : Web-TV \ Radio \ Media
"(978D57EE-8CEF-4E88-B3CC-472590D8A602)" = c: \ program files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"(038AD6DB-57BA-4294-B6BE-DC5AC329D87A)" = c: \ program files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"TCP Query User (20F3997A-2406-42BC-9A96-17DBA8717938) c: \ \ program files \ \ soulseek \ \ slsk.exe" = UDP: c: \ program files \ soulseek \ slsk.exe: SoulSeek
"UDP Query User (EBEDABDC-8DFA-4EA4-83A0-5D79C8A2BE45) c: \ \ program files \ \ soulseek \ \ slsk.exe" = TCP: c: \ program files \ soulseek \ slsk.exe: SoulSeek
"TCP Query User (A2D20908-089C-441b-B9C8-C8811AFCAB9E) c: \ \ program files \ \ limewire \ \ limewire.exe" = UDP: c: \ program files \ limewire \ limewire.exe: LimeWire
"UDP Query User (0B6B64F6-D6E9-4D1D-B83A-E6E85E360C05) c: \ \ program files \ \ limewire \ \ limewire.exe" = TCP: c: \ program files \ limewire \ limewire.exe: LimeWire
"(2E890455-237D-4ABA-BE37-B5E6E1862834)" = c: \ program files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"(DDAAC8F6-7557-495A-82B3-EBFF9330A2CC)" = c: \ program files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"(5131D757-BC24-44C9-8EA5-E268DFC6DCAC)" = c: \ program files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"TCP Query User (4C52E1A6-D998-41D5-8E99-27F21E3CA7CB) c: \ \ program files \ \ mozilla firefox \ \ firefox.exe" = UDP: c: \ program files \ mozilla firefox \ firefox.exe: Firefox
"UDP Query User (80235B6B-2462-4AC3-8A59-7534841DE76B) c: \ \ program files \ \ mozilla firefox \ \ firefox.exe" = TCP: c: \ program files \ mozilla firefox \ firefox.exe: Firefox
"TCP Query User (049DD1E6-8191-4983-A59D-240E79B46042) c: \ \ program files \ \ utorrent \ \ utorrent.exe" = UDP: c: \ program files \ utorrent \ utorrent.exe: uTorrent
"UDP Query User (9A00A32D-A675-4425-8F5E-1528AAB521FB) c: \ \ program files \ \ utorrent \ \ utorrent.exe" = TCP: c: \ program files \ utorrent \ utorrent.exe: uTorrent
"TCP Query User (348698D9-5A1D-4e1c-ac00-DBDC43BE0ACF) c: \ \ program files \ \ soulseek \ \ slsk.exe" = UDP: c: \ program files \ soulseek \ slsk.exe: SoulSeek
"UDP Query User (60AFF659-3A7C-488C-9CCA-0A8589DD32FA) c: \ \ program files \ \ soulseek \ \ slsk.exe" = TCP: c: \ program files \ soulseek \ slsk.exe: SoulSeek
"TCP Query User (3EF98A58-7B3C-42B1-8A5A-CF7DEF59C2A7) c: \ \ program files \ \ sopcast \ \ sopcast.exe" = UDP: c: \ program files \ sopcast \ sopcast.exe: SopCast Main Application
"UDP Query User (D8A0735D-6D19-4482-A90A-35A9D023DEBE) c: \ \ program files \ \ sopcast \ \ sopcast.exe" = TCP: c: \ program files \ sopcast \ sopcast.exe: SopCast Main Application
"TCP Query User (7B392C25-D64F-4897-B5CC-5C9B83106BB0) c: \ \ program files \ \ mozilla firefox \ \ firefox.exe" = UDP: c: \ program files \ mozilla firefox \ firefox.exe: Firefox
"UDP Query User (9990806D-9198-4760-93E7-C65D44E1FE8A) c: \ \ program files \ \ mozilla firefox \ \ firefox.exe" = TCP: c: \ program files \ mozilla firefox \ firefox.exe: Firefox
"TCP Query User (9998DAB7-D775-4620-A491-D752230551A3) c: \ \ program files \ \ Internet Explorer \ \ iexplore.exe" = UDP: C: \ Program Files \ Internet Explorer \ iexplore.exe: Internet Explorer
"UDP Query User (B9293167-A4DC-43ED-893B-B5B1B89F9988) c: \ \ program files \ \ Internet Explorer \ \ iexplore.exe" = TCP: C: \ Program Files \ Internet Explorer \ iexplore.exe: Internet Explorer
"TCP Query User (B04F6C2B-953A-469D-AFD8-4F3AE27A4941) c: \ \ users \ \ chloe \ \ AppData \ Roaming \ \ s opcast \ \ adv \ \ sopadver.exe" = UDP: C: \ Users \ chloe \ AppData \ Roaming \ sopcast \ adv \ sop adver.exe: sopadver.exe
"UDP Query User (914B6A2A-9A2A-43A8-B4EA-BB1EEDC476B5) c: \ \ users \ \ chloe \ \ AppData \ Roaming \ \ s opcast \ \ adv \ \ sopadver.exe" = TCP: C: \ Users \ chloe \ AppData \ Roaming \ sopcast \ adv \ sop adver.exe: sopadver.exe
"TCP Query User (69F8C35B-6614-4033-B40E-59012B10975A) c: \ \ Program Files \ \ BearFlix \ \ bearflix.exe" = UDP: C: \ Program Files \ BearFlix \ bearflix.exe: BearFlix
"UDP Query User (89ABF64F-F79E-456D-9136-82A8675A3E17) c: \ \ Program Files \ \ BearFlix \ \ bearflix.exe" = TCP: C: \ Program Files \ BearFlix \ bearflix.exe: BearFlix
"(8D76BC83-ABC9-406B-8945-366EA3B7074B)" = UDP: C: \ Program Files \ SmartFTP Client \ SmartFTP.exe: SmartFTP Client
"(9FC79C86-3E66-4A61-aa2A-FAB0C61E0453)" = TCP: C: \ Program Files \ SmartFTP Client \ SmartFTP.exe: SmartFTP Client
"TCP Query User (9FF9F89E-5323-45dB-89F0-BA37B84180EE) c: \ \ program files \ \ TvAnts \ \ tvants.exe" = UDP: c: \ program files \ TvAnts \ tvants.exe: TVAnts
"UDP Query User (C10505B7-BDD4-49BB-93E6-E73B8E6C4E33) c: \ \ program files \ \ TvAnts \ \ tvants.exe" = TCP: c: \ program files \ TvAnts \ tvants.exe: TVAnts
"TCP Query User (A9E241F3-D69C-4E67-938B-33C91AB576A1) c: \ \ program files \ \ TVUPlayer \ \ tvuplayer.exe" = UDP: c: \ program files \ TVUPlayer \ tvuplayer.exe: TVU Player Component
"UDP Query User (D3542B64-2CF9-4c20-B6CB-1D9096FF27EB) c: \ \ program files \ \ TVUPlayer \ \ tvuplayer.exe" = TCP: c: \ program files \ TVUPlayer \ tvuplayer.exe: TVU Player Component
"(F8B68D6E-3A24-4B31-8261-FB3CA92B5740)" = c: \ program files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"TCP Query User (4E95BA55-EDF5-491D-9059-F11FF353A128) c: \ \ users \ \ chloe \ \ AppData \ Roaming \ \ s opcast \ \ adv \ \ sopadver.exe" = UDP: C: \ Users \ chloe \ AppData \ Roaming \ sopcast \ adv \ sop adver.exe: sopadver.exe
"UDP Query User (55C79E39-F1AC-45C7-8F99-995A835F089A) c: \ \ users \ \ chloe \ \ AppData \ Roaming \ \ s opcast \ \ adv \ \ sopadver.exe" = TCP: C: \ Users \ chloe \ AppData \ Roaming \ sopcast \ adv \ sop adver.exe: sopadver.exe
"TCP Query User (A3EF2380-6740-4fd5-913E-D67F54A54B11) c: \ \ program files \ \ sopcast \ \ sopcast.exe" = UDP: c: \ program files \ sopcast \ sopcast.exe: SopCast Main Application
"UDP Query User (E9C164FD-CB41-4D08-9DBA-BDDB929D1C86) c: \ \ program files \ \ sopcast \ \ sopcast.exe" = TCP: c: \ program files \ sopcast \ sopcast.exe: SopCast Main Application
"TCP Query User (C1148110-2D5B-4810-8651-98FBFD3A6751) c: \ \ program files \ \ Internet Explorer \ \ iexplore.exe" = UDP: C: \ Program Files \ Internet Explorer \ iexplore.exe: Internet Explorer
"UDP Query User (F15683E5-A578-47EE-BEB1-4541978254F4) c: \ \ program files \ \ Internet Explorer \ \ iexplore.exe" = TCP: C: \ Program Files \ Internet Explorer \ iexplore.exe: Internet Explorer
"TCP Query User (CCA39E89-B85B-41BA-9A33-CA6DB37579E4) d: \ \ program files \ \ clue.exe" = UDP: d: \ program files \ clue.exe: Clue
"UDP Query User (39F3C83F-DCF0-43B4-B149-19F3630B3078) d: \ \ program files \ \ clue.exe" = TCP: d: \ program files \ clue.exe: Clue
"(01834D55-82B5-480D-BEFF-52EDB82BB8B5)" = c: \ program files \ Windows Live \ Messenger \ livecall.exe: Windows Live Messenger (Phone)
"(90ECB35B-6897-4166-A35A-04BC39978BA9)" = c: \ program files \ AVG \ AVG8 \ avgcc.exe / STARTUP: avgcc.exe / STARTUP
"(504F647E-1476-4948-AA42-DC1DF85CA9A8)" = c: \ program files \ AVG \ AVG8 \ avgupd.exe: avgupd.exe
"(CC411EBB-9ACA-4217-9994-ABB961E83B3C)" = UDP: C: \ Program Files \ uTorrent \ uTorrent.exe: μTorrent (TCP-In)
"(031AA3B5-F93B-4E4B-9ED7-66C6B9FFF3E8)" = TCP: C: \ Program Files \ uTorrent \ uTorrent.exe: μTorrent (UDP-In)
"(1D54F818-ABAC-418F-8F39-17EA7664FABE)" = UDP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour
"(3C9FFAF4-40EA-450F-A906-D34D3E2EFA72)" = TCP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour
"(6AC9F5D1-C3AC-4878-8740-8A3E10F857E2)" = UDP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes
"(77045B5E-EC2E-4749-AC23-32130CD39567)" = TCP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes
"(00BE12C0-42CB-4b64-AA07-80A45C05B97C)" = Disabled: UDP: c: \ program files \ Sports Interactive \ Football Manager 2008 \ fm.exe: Football Manager 2008
"(0A529C81-B8E4-4809-A54B-B5141A997A78)" = Disabled: TCP: c: \ program files \ Sports Interactive \ Football Manager 2008 \ fm.exe: Football Manager 2008

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo antonny \ PublicProfile]
"EnableFirewall" = 0 (0x0)

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo antonny \ StandardProfile]
"EnableFirewall" = 0 (0x0)

R1 AvgLdx86; AVG Free AVI Loader Driver x86; c: \ windows \ system32 \ drivers \ avgldx86.sys [2008-12-24 325128]
R1 AvgTdiX; AVG8 Network Redirector; c: \ windows \ system32 \ drivers \ avgtdix.sys [2009-03-11 107272]
R1 ItSDisk; ItSDisk c: \ windows \ system32 \ drivers \ itsdis k.sys [2006-05-16 23496]
R1 PersonalSecureDrive; PersonalSecureDrive c: \ windows \ system32 \ drivers \ psd.sys [2007-01-23 39080]
R2 ASBroker; Logon Session Broker; c: \ windows \ system32 \ svchost.exe-k Cognizance [2008-08-07 21504]
R2 ASChannel; Local Communication Channel; c: \ windows \ system32 \ svchost.exe-k Cognizance [2008-08-07 21504]
R2 avg8emc; AVG Free8 E-mail Scanner; c: \ progra ~ 1 \ AVG \ AVG8 \ avgcc.exe / STARTUP [2009-03-11 903960]
R2 avg8wd; AVG Free8 WatchDog; c: \ progra ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe [2009-03-11 298264]
R2 HDDlife HDD Access service; HDDlife HDD Access-service: c: \ program files \ BinarySense \ HDDlife 3 \ hldasvc.exe [2007-08-09 816376]
R2 SBSDWSCService; SBSD Security Center Service; c: \ program files \ Spybot - Search & Destroy \ SDWinSec.exe [2007-07-15 1153368]
R2 StkSSrv; Syntek AVStream USB2.0 WebCam Service; c: \ windows \ system32 \ StkCSrv.exe [2007-02-07 24576]
R3 AtcL001; NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; c: \ windows \ system32 \ drivers \ s atl01v32.sy [2007-03-15 48128]
R3 StkCMini; Syntek AVStream USB2.0 1.3M Webcam; c: \ windows \ system32 \ drivers \ StkCMini.sys [2007-02-13 1245056]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ svchost]
bthsvcs REG_MULTI_SZ BthServ
Kennis REG_MULTI_SZ ASBroker ASChannel

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ explorer \ mountpoints2 \ H]
\ shell \ AutoRun \ command - H: \ LaunchU3.exe

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ mountpoints2 \ (1a4a90a1-32d4-11dc-aa3d-001bfc03310e)]
\ shell \ AutoRun \ command - H: \ LaunchU3.exe
.
Inhoud van de 'Geplande taken' map

2009-01-11 C: \ WINDOWS \ Tasks \ Defrag Job # 00.job
- C: \ program files \ DiskTrix \ UltimateDefrag \ UDefrag.exe []

2009-03-26 C: \ WINDOWS \ Tasks \ GoogleUpdateTaskUserS-1-5-21-3600620296-2450975610-132854369-1000.job
- C: \ Users \ CHLOE \ AppData \ Local \ Google \ Update \ GoogleU pdate.exe [2009-03-17 22:06]

2009-03-30 C: \ WINDOWS \ Tasks \ User_Feed_Synchronization-(5963E371-2796-42F4-9A54-042DA9F406BC). Baan
- C: \ windows \ system32 \ msfeedssync.exe [2008-01-19 08:33]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp: / / www.google.co.uk/
uInternet Instellingen, ProxyOverride = *. lokale
IE: E & xporteren naar Microsoft Excel - c: \ progra ~ 1 \ MICROS ~ 2 \ Office10 \ EXCEL.EXE/3000
FF - profilepath - C: \ Users \ CHLOE \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-bestanden \ ppnzryw9.default \
FF - prefs.js: browser.search.defaulturl - hxxp: / / search.conduit.com / ResultsExt.aspx? Ctid = CT1178131 & SearchSource = 3 & q =
FF - prefs.js: browser.search.selectedEngine - Zoeken op het web
FF - prefs.js: browser.startup.homepage - hxxp: / / www.google.co.uk/
FF - component: C: \ Program Files \ AVG \ AVG8 \ Firefox \ componenten \ avgssff.dll
FF - component: C: \ Program Files \ AVG \ AVG8 \ ToolbarFF \ componenten \ vmAVGConnector. Dll
FF - component: C: \ Program Files \ Real \ RealPlayer \ browserrecord \ componenten \ NPR pbrowserrecordplugin.dll
FF - component: C: \ Users \ CHLOE \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-bestanden \ ppnzryw9.default \ extensions \ (463F6CA5-EE3C-4be1-B7E6-7FEE11953374) \ platform \ WINDOWS \ componenten \ FoxyTunes. dll
FF - plugin: C: \ Program Files \ Mozilla Firefox \ plugins \ np-mswmp.dll
FF - plugin: C: \ Users \ CHLOE \ AppData \ Local \ Google \ Update \ 1.2.141 .5 \ npGoogleOneClick7.dll
FF - plugin: d: \ program files \ Reader \ browser \ nppdf32.dll

---- FIREFOX BELEIDSVORMEN ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.08); user_pref (general.useragent.extra.zencast, Creative ZENcast v2.00.07.

************************************************** ************************

CatchMe 0.3.1375 W2K/XP/Vista - rootkit / stealth malware detector, Gmer, http://www.gmer.net
Rootkit scan 2009-03-31 17:16:10
Windows 6.0.6001 Service Pack 1 NTFS

het scannen van verborgen processen ...

"10ûÿét0ûÿ3ö9sHu [1166747253] 0x75636F44
"10ûÿét0ûÿ3ö9sHu [1166747253] 0x6F6D6D6F
het scannen van verborgen autostart items ...

het scannen van verborgen bestanden ...

scannen is voltooid
verborgen bestanden: 0

************************************************** ************************
.
--------------------- DLLs Geladen Onder Running Processes ---------------------

- - - - - - -> "Lsass.exe" (704)
c: \ program files \ ASUS Security Center \ ASUS Security Protect Manager \ Bin \ ASWLNPkg.dll
c: \ program files \ ASUS Security Center \ ASUS Security Protect Manager \ Bin \ ItMsg.dll

- - - - - - -> 'Explorer.exe' (3304)
c: \ program files \ RocketDock \ RocketDock.dll
c: \ program files \ ASUS Security Center \ ASUS Security Protect Manager \ Bin \ SFSShell.dll
c: \ program files \ ASUS Security Center \ ASUS Security Protect Manager \ Bin \ ItMsg.dll
.
------------------------ Other Running Processes ----------------------- --
.
c: \ windows \ system32 \ audiodg.exe
c: \ windows \ system32 \ ZoneLabs \ vsmon.exe
c: \ windows \ system32 \ wlanext.exe
c: \ program files \ ATK Sneltoets \ ASLDRSrv.exe
c: \ program files \ ATKGFNEX \ GFNEXSrv.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ Symantec \ LiveUpdate \ AluSchedulerSvc.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ EvtEng.exe
c: \ progra ~ 1 \ AVG \ AVG8 \ avgrsx.exe
c: \ progra ~ 1 \ AVG \ AVG8 \ avgnsx.exe
C: \ Program Files \ Intel \ Intel Matrix Storage Manager \ IAANTmon.exe
c: \ windows \ system32 \ IFXTCS.exe
C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
c: \ windows \ system32 \ IfxPsdSv.exe
c: \ windows \ system32 \ PSIService.exe
C: \ Program Files \ Intel \ Wireless \ Bin \ RegSrvc.exe
c: \ program files \ ASUS \ NB Probe \ SPM \ spmgr.exe
C: \ Program Files \ AVG \ AVG8 \ avgcsrvx.exe
c: \ program files \ ASUS Security Center \ ASUS Security Protect Manager \ Bin \ asghost.exe
c: \ program files \ ATK Sneltoets \ HControl.exe
c: \ program files \ ATKOSD2 \ ATKOSD2.exe
C: \ Program Files \ Wireless Console 2 \ wcourier.exe
C: \ Program Files \ ASUS \ Splendid \ ACMON.exe
c: \ program files \ P4G \ BatteryLife.exe
c: \ windows \ system32 \ ACEngSvr.exe
c: \ program files \ ATK Sneltoets \ ATKOSD.exe
c: \ windows \ system32 \ IfxUAGUI.exe
c: \ program files \ Infineon \ Security Platform Software \ PSDrt.exe
c: \ program files \ Infineon \ Security Platform Software \ SpTNA.exe
c: \ windows \ system32 \ wbem \ WMIADAP.exe
c: \ windows \ system32 \ Dllhost.exe
.
************************************************** ************************
.
Voltooingstijd: 2009-03-31 17:23:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-31 16:23:16
ComboFix2.txt 2009-03-30 21:16:26

Pre-Run: 39213060096 bytes vrij
Post-Run: 38632595456 bytes vrij

Actueel = 1 Default = 1 is mislukt = 0 LastKnownGood = 41 sets = 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18, 19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35, 36,37,38,39,40,41
396 --- EOF --- 2009-03-29 15:30:34

**HistoryGirl** · #10 31 maart 2009, 09:48

Ten aanzien van de verwijdering van Norton heb ik nooit geïnstalleerd noorden van hier, dus waarom is Symantec vermeld?

Gelijkaardige Draden
Draad	Thread Starter	Forum	Antwoorden	Last Post
Grafische kaart probleem kan stoppen Vista normaal kan worden gestart.	Jonmal	Algemeen Hardware Chat	1	5 november 2009 11:21
XP Running Langzaam, Niet malware ...	mbonwick	Windows besturingssystemen	3	24 augustus 2009 07:52
Dell Laptop - Problemen met starten van Windows - Handhaaft afsluiten	jazker	Laptops, Mobiles & PDA's	4	25 mrt 2009 06:59
Waarom doet McAfee scant zo langzaam?	stevescholes	Virus, spyware & Security	3	29 dec 2008 15:48
Mijn Vista bevriest kort na het starten.	Jyan29	Algemeen Hardware Chat	2	30 nov 2008 16:40