Archief - Trage PC + virus melding

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.

Bubba

Legacy Member
Hoi,

Zonet kreeg ik een link doorgestuurd in de zin van "Lol, *link*" van een vriend. Omdat dat wel vaker voorkomt klikte ik daar dus gewoon op en nu kreeg ik plots een melding van een virus en heb ik het gevoel dat alles een pak trager loopt.

Als ik bijvoorbeeld 9lives open, krijg ik eerst alle content, dan de kleur en pas dan springt alles 1 voor 1 naar de juiste plaats enzo.

De log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:27:17, on 16/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ISP Monitor\isp.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Xfire\xfire.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\conime.exe
C:\Users\Ben\Desktop\RapGet\rapget.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Ben\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7070
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISPMonitor] C:\Program Files\ISP Monitor\isp.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Users\Ben\Desktop\Nieuwe map\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [Google Update] "C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Netlog 24] "C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe"
O4 - HKCU\..\Run: [Netlog Music Tool] "C:\Program Files\Netlog Music Tool\NetlogMusicTool.exe"
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: GameSpot Download Manager.lnk = C:\Users\Ben\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: REALTEK RTL8185 Wireless LAN Utility.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldnl-be.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
O23 - Service: Network Store Interface-service (nsi) - Unknown owner - C:\Program Files\Common Files\\System\\smss.exe

--
End of file - 8812 bytes

Alvast bedankt,

BuBbA.

Juisterr

Legacy Member
Download Combofix naar je Bureaublad en gebruik het volgens deze handleiding.
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
  • Dubbelklik op Combofix.exe om het te starten.
  • Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
  • Klik op OK in het "NirCmd" venstertje.
  • Klik na afloop terug op Ja om het scannen op malware te starten.
  • Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
  • Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.
Post dit logje in je volgende antwoord

Bubba

Legacy Member
Hmm, tekst is blijkbaar te lang. :unsure:

ComboFix 09-01-19.01 - Ben 2009-01-19 19:03:31.1 - NTFSx86
Microsoft® Windows Vista&#8482; Home Premium 6.0.6001.1.1252.1.1043.18.2046.1092 [GMT 1:00]
Gestart vanuit: c:\users\Ben\Desktop\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Ben\AppData\Roaming\inst.exe

.
(((((((((((((((((((( Bestanden Gemaakt van 2008-12-19 to 2009-01-19 ))))))))))))))))))))))))))))))
.

2009-01-16 17:39 . 2009-01-18 21:27 <DIR> d--h----- C:\$AVG8.VAULT$
2009-01-16 17:18 . 2009-01-19 18:29 <DIR> d-------- c:\windows\System32\drivers\Avg
2009-01-16 17:18 . 2009-01-16 17:18 <DIR> d-------- c:\users\All Users\avg8
2009-01-16 17:18 . 2009-01-16 17:18 <DIR> d-------- c:\programdata\avg8
2009-01-16 17:18 . 2009-01-16 17:18 <DIR> d-------- c:\program files\AVG
2009-01-16 17:18 . 2009-01-16 17:20 325,128 --a------ c:\windows\System32\drivers\avgldx86.sys
2009-01-16 17:18 . 2009-01-16 17:18 107,272 --a------ c:\windows\System32\drivers\avgtdix.sys
2009-01-16 17:18 . 2009-01-16 17:18 12,552 --a------ c:\windows\System32\drivers\avgrkx86.sys
2009-01-16 17:18 . 2009-01-16 17:18 10,520 --a------ c:\windows\System32\avgrsstx.dll
2009-01-16 17:12 . 2009-01-16 17:12 1 --a------ c:\windows\z45ft7575f44.dat
2009-01-16 17:12 . 2009-01-16 17:12 1 ---h----- c:\windows\nlmark2.dat
2009-01-16 17:12 . 2009-01-16 17:12 1 ---h----- c:\windows\fm123.dat
2009-01-14 12:20 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-10 11:28 . 2009-01-18 22:52 <DIR> d-------- c:\users\Gast\Tracing
2009-01-09 19:36 . 2009-01-09 19:36 <DIR> d-------- c:\program files\Microsoft Sync Framework
2009-01-09 19:32 . 2009-01-19 18:59 <DIR> d-------- c:\users\Ben\Tracing
2009-01-09 19:30 . 2009-01-09 19:30 <DIR> d-------- c:\program files\Microsoft
2009-01-09 19:29 . 2009-01-09 19:29 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-01-09 19:27 . 2009-01-09 19:27 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-01-05 18:48 . 2009-01-05 18:48 <DIR> d-------- c:\users\Ben\AppData\Roaming\TomTom
2009-01-05 18:48 . 2009-01-05 18:48 <DIR> d-------- c:\users\All Users\TomTom
2009-01-05 18:48 . 2009-01-05 18:48 <DIR> d-------- c:\programdata\TomTom
2009-01-05 18:48 . 2009-01-05 18:48 <DIR> d-------- c:\program files\TomTom HOME 2
2009-01-05 18:32 . 2009-01-05 18:32 <DIR> d-------- c:\program files\TomTom DesktopSuite
2008-12-27 00:19 . 2008-12-27 00:19 556 --a------ c:\windows\eReg.dat
2008-12-27 00:17 . 2008-12-27 00:17 <DIR> d-------- c:\program files\EA Games

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-18 23:28 238,949 ----a-w c:\users\Ben\AppData\Roaming\nvModes.dat
2009-01-18 21:54 --------- d-----w c:\programdata\Microsoft Help
2009-01-16 18:51 --------- d-----w c:\program files\Combined Community Codec Pack
2009-01-15 11:12 --------- d-----w c:\programdata\Xfire
2009-01-14 13:17 --------- d-----w c:\program files\Windows Mail
2009-01-10 17:39 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-09 18:37 --------- d-----w c:\program files\Windows Live Toolbar
2009-01-09 18:37 --------- d-----w c:\program files\Windows Live
2008-12-29 05:06 --------- d-----w c:\users\Ben\AppData\Roaming\Xfire
2008-12-27 14:36 27,744 ----a-w c:\users\Gast\AppData\Roaming\nvModes.dat
2008-12-26 23:16 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-16 17:16 --------- d-----w c:\program files\Xfire
2008-12-11 20:37 42,320 ----a-w c:\windows\System32\xfcodec.dll
2008-12-10 17:05 --------- d-----w c:\program files\Microsoft Web Designer Tools
2008-12-10 17:04 --------- d-----w c:\program files\Microsoft Visual Studio 8
2008-12-10 16:52 --------- d-----w c:\program files\Microsoft Works
2008-12-09 23:06 --------- d-----w c:\program files\Java
2008-12-09 22:24 --------- d-----w c:\program files\Microsoft.NET
2008-12-09 22:18 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-12-09 21:54 --------- d-----w c:\program files\Common Files\Nero
2008-12-09 21:36 47,360 ----a-w c:\users\Ben\AppData\Roaming\pcouffin.sys
2008-12-09 21:36 --------- d-----w c:\users\Ben\AppData\Roaming\Vso
2008-12-08 19:39 --------- d-----w c:\users\Ben\AppData\Roaming\Microgaming
2008-12-04 23:31 308,584 ----a-w c:\windows\WLXPGSS.SCR
2008-12-02 21:37 49,480 ----a-w c:\windows\System32\sirenacm.dll
2008-11-30 10:00 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2008-11-29 20:15 --------- d-----w c:\program files\SystemRequirementsLab
2008-11-29 20:14 --------- d-----w c:\users\Ben\AppData\Roaming\SystemRequirementsLab
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2008-10-22 01:22 2,048 ----a-w c:\windows\System32\tzres.dll
2008-10-21 05:25 296,960 ----a-w c:\windows\System32\gdi32.dll
2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll
2008-06-28 21:03 3,080 ----a-w c:\users\Ben\CDBIDXL.DAT
2008-06-28 21:03 2,056 ----a-w c:\users\Ben\TDBIDXL.DAT
2008-06-28 20:51 4,414 ----a-w c:\users\Ben\NETRKDB.DAT
2008-06-28 20:51 2,264 ----a-w c:\users\Ben\NECDB.DAT
2008-04-15 22:33 174 --sha-w c:\program files\desktop.ini
2002-08-08 04:11 319,488 ----a-r c:\users\Ben\AppData\Roaming\MafiaSetup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ISPMonitor"="c:\program files\ISP Monitor\isp.exe" [2008-02-23 442704]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Google Update"="c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"CurseClient"="c:\program files\Curse\CurseClient.exe" [2008-10-10 4789760]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-11 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-11 8501792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-11 81920]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-10-30 102400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-09 136600]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-16 1601304]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-02-24 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=G

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-08 13:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISPMonitor]
--a------ 2008-02-23 17:59 442704 c:\program files\ISP Monitor\isp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2008-12-02 22:38 3882312 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-01-11 17:36 81920 c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
--a------ 2008-01-11 17:37 86016 c:\windows\System32\nvsvc.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1B1EBABD-003C-47A8-8154-775F2E791124}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{FF171B36-3DA6-4ED8-A20E-8D70BB1CB7DE}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{10634306-D8F4-4230-BD03-303CE007DC0F}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0D71C8E3-37A7-4286-B49E-75BB2728C4E6}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F5995D6B-E69A-4D70-96EB-BB631EF33915}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{53844FF5-97D4-43B0-AFB4-65E419CBA937}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B931CA8B-48CA-4931-9E60-83E4EA0BB80A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D2A35C8B-9DC0-48BD-8106-31F3B5B6631B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6F79FFC4-1B05-462F-9B59-E89324D55678}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{EE6F7951-9865-4852-A8A3-4BA5B44F68D5}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{E3A9C1F9-99FA-4482-ACBE-F4DC87E72F53}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"{21921DCA-2633-4BF0-99FE-B9A13CACC356}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F957ED8F-156E-4504-A584-9515A4E64EC2}"= c:\program files\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat:Command & Conquer 3 Tiberium Wars
"TCP Query User{E8884095-17FB-411E-A74B-455149A24F0D}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{269AC94D-97C9-49D9-9541-730AFFC9A32A}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{45469B8E-9F93-46BD-9ABA-D6C5C8D2D14D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7427A26A-AFFE-477B-907C-D6DFE172F5A0}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{1B2A92BB-7D91-492E-B6C6-2BF43F4EF50F}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{527F7155-E2D8-40AC-AEF1-1B5C6B18EC3F}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"{A2A9868B-E227-4421-BD62-BDCEDA9B847D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A1ECCBEF-1643-4ADB-8CD4-EF9837953700}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{46CBCD92-084F-4DF4-80DC-BB6DE8B4163A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{FE037742-CA9E-4878-96E0-56EE26E48E66}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2FB99EF8-5DAA-4A30-B249-FB41C9F17080}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{144FAFCB-344A-42F9-9D4B-2B1937D6ADF7}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{92C23BF7-DB0E-40EF-9418-99AD23374744}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{97669587-4C44-4F3B-9CE3-D300485F3A4A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{48E1DB54-CEAF-4816-A8A3-5DA929A1698D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{2456844E-19BC-47B7-894C-63D23314D6A9}c:\\program files\\foxit software\\pdf editor\\pdfedit.exe"= UDP:c:\program files\foxit software\pdf editor\pdfedit.exe:Foxit PDF Editor, the first REAL editor for PDF files!
"UDP Query User{FF89EF26-3D49-45A4-93ED-2BF725106426}c:\\program files\\foxit software\\pdf editor\\pdfedit.exe"= TCP:c:\program files\foxit software\pdf editor\pdfedit.exe:Foxit PDF Editor, the first REAL editor for PDF files!
"{78B2C646-7C8B-4520-9312-4C46F5A97FA2}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{E18F8FBC-9668-4F88-8465-943D4F9AA233}e:\\world of warcraft\\repair.exe"= UDP:e:\world of warcraft\repair.exe:Blizzard Repair Utility
"UDP Query User{A46EBB82-1C85-4AA4-A7B1-F131396F97FA}e:\\world of warcraft\\repair.exe"= TCP:e:\world of warcraft\repair.exe:Blizzard Repair Utility
"TCP Query User{63F2E3F3-7FF7-4023-907C-6710A8494FA2}c:\\program files\\steam\\steamapps\\chief_87\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\chief_87\counter-strike source\hl2.exe:hl2
"UDP Query User{574564D6-1784-4941-9000-1B0016BD5031}c:\\program files\\steam\\steamapps\\chief_87\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\chief_87\counter-strike source\hl2.exe:hl2
"{7FDE3878-41A2-47D2-8FDF-8E17BB3F95AA}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{FC0AA199-28B6-4012-85AA-3193332036BC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C636CA6D-9D36-471D-8DE3-69805D3F2031}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{5271EC22-CBB0-4792-BA39-E3C397DA1A2B}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{D8637E71-9154-437D-AD61-37EBDDA4D9C2}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{B5D21B54-260E-4BA4-8BDF-006E95AD5EB0}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{474D84E4-5CA6-411F-B5CA-D3F70F2AC1AC}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{47726063-6B2E-4E9F-8F8D-E8108BF535D7}c:\\users\\ben\\desktop\\peke23c\\race driver grid\\grid.exe"= UDP:c:\users\ben\desktop\peke23c\race driver grid\grid.exe:grid.exe
"UDP Query User{3A8D7D95-08EE-4081-B707-C1898F1D0B40}c:\\users\\ben\\desktop\\peke23c\\race driver grid\\grid.exe"= TCP:c:\users\ben\desktop\peke23c\race driver grid\grid.exe:grid.exe
"TCP Query User{666A8982-6C32-4948-9AE2-0662EF564871}c:\\users\\ben\\desktop\\peke23c\\race driver grid\\grid.exe"= UDP:c:\users\ben\desktop\peke23c\race driver grid\grid.exe:grid.exe
"UDP Query User{79EFC24D-C1AA-4799-96ED-BFF32E6DDA79}c:\\users\\ben\\desktop\\peke23c\\race driver grid\\grid.exe"= TCP:c:\users\ben\desktop\peke23c\race driver grid\grid.exe:grid.exe
"{7E5F984B-04C2-4627-B969-461769313203}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F16400CC-177E-49D1-9218-FD4F29D8BA68}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{EE76C940-2FAC-4804-B65D-7BC0B73EFC35}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{2711E11B-8756-4673-B826-F3384FEB771C}c:\\users\\ben\\appdata\\local\\octoshape\\octoshape streaming services\\octoshapeclient.exe"= UDP:c:\users\ben\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe:octoshapeclient.exe
"UDP Query User{3AF982ED-2D5F-49D5-A386-BF0A3E5CB35A}c:\\users\\ben\\appdata\\local\\octoshape\\octoshape streaming services\\octoshapeclient.exe"= TCP:c:\users\ben\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe:octoshapeclient.exe
"TCP Query User{7D1F38BE-7B1B-4B78-A433-371A9051634E}c:\\users\\ben\\appdata\\local\\octoshape\\octoshape streaming services\\octoshapeclient.exe"= UDP:c:\users\ben\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe:octoshapeclient.exe
"UDP Query User{26477532-2740-471D-8E52-22A364A52323}c:\\users\\ben\\appdata\\local\\octoshape\\octoshape streaming services\\octoshapeclient.exe"= TCP:c:\users\ben\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe:octoshapeclient.exe
"TCP Query User{4B29BEDB-C974-416D-963A-92CB32A2671B}c:\\program files\\ventsrv\\ventrilo_srv.exe"= UDP:c:\program files\ventsrv\ventrilo_srv.exe:ventrilo_srv
"UDP Query User{AC68DF34-13CF-4CF3-B2A4-618499FEE499}c:\\program files\\ventsrv\\ventrilo_srv.exe"= TCP:c:\program files\ventsrv\ventrilo_srv.exe:ventrilo_srv
"TCP Query User{26ABB8BB-3C74-44AE-A130-B46FF6BEDB0F}c:\\program files\\joost\\xulrunner\\tvprunner.exe"= UDP:c:\program files\joost\xulrunner\tvprunner.exe:tvprunner
"UDP Query User{2BEE874A-BF97-4BE9-8CE1-C7FEF02DAD8E}c:\\program files\\joost\\xulrunner\\tvprunner.exe"= TCP:c:\program files\joost\xulrunner\tvprunner.exe:tvprunner
"TCP Query User{3FBB5047-6A4B-4A9B-9923-F58A13920382}c:\\program files\\joost\\xulrunner\\tvprunner.exe"= UDP:c:\program files\joost\xulrunner\tvprunner.exe:tvprunner
"UDP Query User{922A0F87-EAB8-48D3-B0A6-DB7B553B72F9}c:\\program files\\joost\\xulrunner\\tvprunner.exe"= TCP:c:\program files\joost\xulrunner\tvprunner.exe:tvprunner
"TCP Query User{204ACCA1-3C4D-45BE-9389-0D67F23D8073}c:\\users\\ben\\desktop\\wotlk-beta-3.0.1-engb-downloader.exe"= UDP:c:\users\ben\desktop\wotlk-beta-3.0.1-engb-downloader.exe:wotlk-beta-3.0.1-engb-downloader.exe
"UDP Query User{FED8D981-9849-4CC4-BD58-9A53B8816C0C}c:\\users\\ben\\desktop\\wotlk-beta-3.0.1-engb-downloader.exe"= TCP:c:\users\ben\desktop\wotlk-beta-3.0.1-engb-downloader.exe:wotlk-beta-3.0.1-engb-downloader.exe
"TCP Query User{DD6EECAB-AF6A-486C-B7C1-D81E0635D565}e:\\world of warcraft\\wrath of the lich king beta\\wow.exe"= UDP:e:\world of warcraft\wrath of the lich king beta\wow.exe:World of Warcraft
"UDP Query User{565B6F9F-35C4-48B6-89BC-B0AD8C21FBB2}e:\\world of warcraft\\wrath of the lich king beta\\wow.exe"= TCP:e:\world of warcraft\wrath of the lich king beta\wow.exe:World of Warcraft
"TCP Query User{931FD869-D5A6-472F-BA9F-8616F630009C}c:\\program files\\zattoo\\zattood.exe"= UDP:c:\program files\zattoo\zattood.exe:zattood
"UDP Query User{33E32991-CECC-41BF-B1A0-1FBEBD039B02}c:\\program files\\zattoo\\zattood.exe"= TCP:c:\program files\zattoo\zattood.exe:zattood
"TCP Query User{A3A6C238-440F-4E22-830E-78CCE115ABF7}c:\\program files\\zattoo\\zattoo.exe"= UDP:c:\program files\zattoo\zattoo.exe:
"UDP Query User{247E66E2-FE3E-47B0-A28C-5FA327439B63}c:\\program files\\zattoo\\zattoo.exe"= TCP:c:\program files\zattoo\zattoo.exe:
"{DF17F4A6-D539-4A37-BEB1-BD3F8D382224}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4466A9C0-2574-425D-9E2F-D793A26C16E6}"= UDP:e:\program files\EA GAMES\The Battle for Middle-earth(tm)\game.dat:The Battle for Middle-earth (tm)
"{FF8B8FCB-DB77-4288-9781-08B88E07DA57}"= TCP:e:\program files\EA GAMES\The Battle for Middle-earth(tm)\game.dat:The Battle for Middle-earth (tm)
"TCP Query User{0F52CCAF-8167-48B3-8566-5BCB34702F36}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{E5AB9D6A-7ADA-4685-BAB4-E70BBB13C6CB}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"{40707ADD-DF71-4234-B4DC-5B01F290C52F}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0EE6B3ED-E34A-4E43-A249-3E56C0BE0CC0}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{080285FA-BAC9-46F7-A148-DD26290C6EC9}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D143175B-B640-4B94-A71B-4EE03F720D36}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8C409D66-CBD3-4BAD-B9BF-68AB0A88C281}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8F22E708-E8F1-49A8-8E13-B9F38E9B434D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{56D1281E-5242-4EEF-A15E-CFE94F036726}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CBD1504A-3E3B-4511-ACD0-058072697F6C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{ED2DC3A1-A164-4934-8AA5-B2670756AE22}"= UDP:c:\program files\Curse\CurseClient.exe:Curse Client
"{7030960D-D965-43FC-81D7-E7B4C05F4EB7}"= TCP:c:\program files\Curse\CurseClient.exe:Curse Client
"TCP Query User{7AC72748-4248-4FB0-8B76-399EF1A71F41}c:\\program files\\curse\\curseclient.exe"= UDP:c:\program files\curse\curseclient.exe:CurseClient
"UDP Query User{BB2E3BF3-C0F0-46B9-8185-DEF8587D7F7C}c:\\program files\\curse\\curseclient.exe"= TCP:c:\program files\curse\curseclient.exe:CurseClient
"{386FE79F-3693-4B36-B091-5A1E518CC049}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AD2CC126-CCF7-44CD-9D6A-CA3A8A10E06B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D4BB7454-EC60-4DC9-BE55-BC4F350201CC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{FB9C6632-267E-4A51-AFC7-642214B0ACCB}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{89223FA2-F7AC-4924-B38F-4AD9DA55CC3E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{846BE9D9-499B-4DEA-831F-7EB24CC4CA9E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6B6046E1-9535-4690-9D28-F350D4696053}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{45C3AD84-8647-4798-9D38-D05713C4A302}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2F403BCA-3195-4C94-8A46-B25311E16798}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7BC5282C-AE8D-450B-ACCD-50DAD6AA6AD6}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F005A939-16A0-469A-B039-DE11F2A43800}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6B24D4FA-C3DE-41B4-BC45-6E3D6A20F917}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F550993C-F6CD-4697-81F9-97C0DB5796E2}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1D4EE31A-99E3-4C7D-A584-CE480C6A9890}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F7DE074B-AE56-4A12-B733-BC92F0E6B5FE}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{48411215-189D-40B2-9444-2D5D3A40F8AE}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D89509E4-DDA3-424A-87A7-B7E6A9C28448}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{90AA7331-7241-4E29-8A42-D50BD6F35626}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D570EBA0-84C3-4EE1-814E-366E7542CEFE}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3D35BDE5-708B-4308-9FF4-43EC1E3BFF98}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{17E4C3E8-F961-4B3F-9D23-1AC56875337D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5AD6091E-A006-43CF-8EEC-3604EEA216BF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D111F747-CC64-4B7E-BEBB-45B591D3AA5E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8D14508C-4E21-45ED-AD2A-B384487DCD34}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8A03DDA5-1CCD-4B82-8E07-C8CB575D6521}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{55607725-C110-4719-B396-CB66FF807F88}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{10737D9F-7955-4498-ADDB-5BC042494860}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CF8177A0-F8A9-4724-A351-78E6553806AA}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{244BFDC9-EF29-4B1E-BA09-0753D445537B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{39C472B2-6C3D-4D4E-A219-A0AFCB6BFA91}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5C5E2B1F-F0C1-4D3B-894B-25B62E98C30C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{34ED0EB0-D06D-4154-B168-A47EE7AC1EF0}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5499FA75-10E2-4761-B6F5-A6C1DB118319}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

Bubba

Legacy Member
"{194B05F5-AA1A-4015-B496-1858D9FD749E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{86124AD6-AB60-42EC-9010-B0DD0269C328}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{27718B13-DE2F-4AB8-BD61-B31D10CA9D4D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{EAD927FB-107F-404A-9D3D-B9514D249B7B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{43774843-891A-4C32-B075-EB7F01E4E5D6}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{FE894180-9106-43C6-A7DE-BA2BED6142A7}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9474196E-07D9-4CE7-871D-1C658BD2D862}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{797CB541-5E29-4676-B3C0-77B4D396426B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{86F2B564-0ED9-4709-B278-F3357686E2B5}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0227EE9B-D7AB-48CB-B464-971208F5E273}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9937688C-755E-46BB-96D5-C8ED71A76FF5}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{372510CB-156C-4E7B-A298-10082E2C9957}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1EF462C7-9D42-4AC4-B604-B018F9CE99E8}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2676D369-F303-43A8-B968-A56C63263E0E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{77FE7B72-6973-4BA2-87B2-BB36DCA4C17E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{931F10F4-9946-4411-A81F-D058D81950CD}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B17869D3-E8DE-42D0-BB61-E0506987090A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E2AC7FE3-CBD0-403A-9AE4-F63A9AB65CE2}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0C77AAE0-C992-40F8-A91F-18DAFC24B28A}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{8B53CC05-9FE3-43A7-A573-503107A17EC8}"= UDP:c:\program files\Common Files\System\smss.exe:smss
"{9F09E62E-D9C6-49FF-B106-C51BB89B6541}"= TCP:c:\program files\Common Files\System\smss.exe:smss
"{333C37C8-67D8-43FE-9382-477DB805FA22}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{E352DCB6-A9E7-4761-9E7F-67BBAD37A716}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{71F71241-BD6F-4E75-BEB6-048B6C0191A9}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [2009-01-16 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2009-01-16 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-01-16 107272]
R3 b57nd60x;%SvcDispName%;c:\windows\System32\drivers\b57nd60x.sys [2008-04-15 179712]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [2007-03-28 43008]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-16 298264]
R4 ISPMonitorSrv;ISP Monitor;c:\program files\ISP Monitor\ISPMonitorSrv.exe [2007-08-22 36864]
R4 Network Store Interface-service (nsi);Network Store Interface-service (nsi);c:\program files\Common Files\System\smss.exe [2009-01-16 7424]
R4 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]

--- Andere Services/Drivers In Geheugen ---

*Deregistered* - sptd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b3d44a0-dcd0-11dc-86a1-001b24a56a64}]
\shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2cc83448-e187-11dc-be48-001b24a56a64}]
\shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ccf219b-de34-11dc-939f-001b24a56a64}]
\shell\AutoRun\command - 0

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e21a214-8105-11dd-83c1-001b24a56a64}]
\shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81b43c8e-4a92-11dd-be5b-001b24a56a64}]
\shell\AutoRun\command - H:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81b43c8f-4a92-11dd-be5b-001b24a56a64}]
\shell\AutoRun\command - I:\m.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae9b009a-db45-11dc-9397-001b24a56a64}]
\shell\AutoRun\command - H:\SETUP.EXE
\shell\configure\command - H:\SETUP.EXE
\shell\install\command - H:\SETUP.EXE
.
Inhoud van de 'Gedeelde Taken' map

2009-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1399714840-792615147-188904351-1000.job
- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-02 20:28]
.
- - - - ORPHANS VERWIJDERD - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-ccleaner - c:\users\Ben\Desktop\Nieuwe map\CCleaner\CCleaner.exe
HKCU-Run-Netlog 24 - c:\program files\Netlog 24\Notifier\Netlog24Notifier.exe
HKCU-Run-Netlog Music Tool - c:\program files\Netlog Music Tool\NetlogMusicTool.exe
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
HKLM-Run-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\Ad-Watch.exe
MSConfigStartUp-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Nero\Lib\NeroCheck.exe
MSConfigStartUp-Skytel - Skytel.exe


.
------- Bijkomende Scan -------
.uInternet Settings,ProxyServer = http=127.0.0.1:7070
uInternet Settings,ProxyOverride = *.local;<local>
IE: Add to Windows &Live Favorites - Add to Windows Live Favorites
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe
FF - ProfilePath - c:\users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\yt5bw92e.default\
FF - prefs.js: browser.startup.homepage - hxxp://https://www.beyondgaming.be/forumshttp://mail.google.com/mail/?shva=1#inbox|http://www.skn.org.uk/sk/e107_plugins/forum/forum.php
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 7070
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npff_gdm.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Ben\AppData\Local\Google\Update\1.2.133.33\npGoogleOneClick7.dll
.**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-19 19:05:38
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2009-01-19 19:08:09
ComboFix-quarantined-files.txt 2009-01-19 18:08:07

Pre-Run: 16.564.338.688 bytes beschikbaar
Post-Run: 16,844,959,744 bytes beschikbaar

349 --- E O F --- 2009-01-19 17:33:12

Juisterr

Legacy Member
wil je dit bestand
c:\windows\z45ft7575f44.dat even laten onderzoeken bij virustotal aub.

Ga eens naar VirusTotal - Free Online Virus and Malware Scan
Plak daar in de balk naast bladeren het volgende:
c:\windows\z45ft7575f44.dat


Druk daarna op "Bestand verzenden" en wacht de resultaten af.
Bewaar deze resultaten
Doe dat ook met onderstaande twee aub.


c:\windows\nlmark2.dat
c:\windows\fm123.dat



Als je dat gedaan hebt.



Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:


  • File::
    I:\m.exe

    [-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{81b43c8f-4a92-11dd-be5b-001b24a56a64}]


Sla dit op op je Bureaublad als CFScript.txt


Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

CFScriptB-4.gif


Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

Bubba

Legacy Member
Combofix zei:
ComboFix 09-01-21.02 - Ben 2009-01-22 23:25:45.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.2046.1066 [GMT 1:00]
Gestart vanuit: C:\Users\Ben\Desktop\ComboFix.exe
gebruikte Opdracht switches :: C:\Users\Ben\Desktop\CFScript.txt
* Nieuw herstelpunt werd aangemaakt

FILE ::
I:\m.exe
.

(((((((((((((((((((( Bestanden Gemaakt van 2008-12-22 to 2009-01-22 ))))))))))))))))))))))))))))))
.

2009-01-20 12:40 . 2009-01-20 12:40 <DIR> d--h----- C:\Users\All Users\CanonBJ
2009-01-20 12:40 . 2009-01-20 12:40 <DIR> d--h----- C:\ProgramData\CanonBJ
2009-01-16 17:39 . 2009-01-22 21:42 <DIR> d--h----- C:\$AVG8.VAULT$
2009-01-16 17:18 . 2009-01-22 13:27 <DIR> d-------- C:\Windows\System32\drivers\Avg
2009-01-16 17:18 . 2009-01-21 06:07 <DIR> d-------- C:\Users\All Users\avg8
2009-01-16 17:18 . 2009-01-21 06:07 <DIR> d-------- C:\ProgramData\avg8
2009-01-16 17:18 . 2009-01-16 17:18 <DIR> d-------- C:\Program Files\AVG
2009-01-16 17:18 . 2009-01-16 17:20 325,128 --a------ C:\Windows\System32\drivers\avgldx86.sys
2009-01-16 17:18 . 2009-01-16 17:18 107,272 --a------ C:\Windows\System32\drivers\avgtdix.sys
2009-01-16 17:18 . 2009-01-16 17:18 12,552 --a------ C:\Windows\System32\drivers\avgrkx86.sys
2009-01-16 17:18 . 2009-01-16 17:18 10,520 --a------ C:\Windows\System32\avgrsstx.dll
2009-01-16 17:12 . 2009-01-16 17:12 1 --a------ C:\Windows\z45ft7575f44.dat
2009-01-16 17:12 . 2009-01-16 17:12 1 ---h----- C:\Windows\nlmark2.dat
2009-01-16 17:12 . 2009-01-16 17:12 1 ---h----- C:\Windows\fm123.dat
2009-01-15 09:37 . 2009-01-15 09:37 42,320 --a------ C:\Windows\System32\xfcodec.dll
2009-01-14 12:20 . 2008-12-16 03:42 288,768 --a------ C:\Windows\System32\drivers\srv.sys
2009-01-10 11:28 . 2009-01-22 17:56 <DIR> d-------- C:\Users\Gast\Tracing
2009-01-09 19:36 . 2009-01-09 19:36 <DIR> d-------- C:\Program Files\Microsoft Sync Framework
2009-01-09 19:32 . 2009-01-22 20:56 <DIR> d-------- C:\Users\Ben\Tracing
2009-01-09 19:30 . 2009-01-09 19:30 <DIR> d-------- C:\Program Files\Microsoft
2009-01-09 19:29 . 2009-01-09 19:29 <DIR> d-------- C:\Program Files\Windows Live SkyDrive
2009-01-09 19:27 . 2009-01-09 19:27 <DIR> d-------- C:\Program Files\Common Files\Windows Live
2009-01-05 18:48 . 2009-01-05 18:48 <DIR> d-------- C:\Users\Ben\AppData\Roaming\TomTom
2009-01-05 18:48 . 2009-01-05 18:48 <DIR> d-------- C:\Users\All Users\TomTom
2009-01-05 18:48 . 2009-01-05 18:48 <DIR> d-------- C:\ProgramData\TomTom
2009-01-05 18:48 . 2009-01-05 18:48 <DIR> d-------- C:\Program Files\TomTom HOME 2
2009-01-05 18:32 . 2009-01-05 18:32 <DIR> d-------- C:\Program Files\TomTom DesktopSuite
2008-12-27 00:19 . 2008-12-27 00:19 556 --a------ C:\Windows\eReg.dat
2008-12-27 00:17 . 2008-12-27 00:17 <DIR> d-------- C:\Program Files\EA Games

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-22 17:58 --------- d-----w C:\ProgramData\Xfire
2009-01-22 16:58 --------- d-----w C:\ProgramData\Microsoft Help
2009-01-22 16:07 27,744 ----a-w C:\Users\Gast\AppData\Roaming\nvModes.dat
2009-01-21 13:45 --------- d-----w C:\Program Files\Xfire
2009-01-21 05:09 --------- d-----w C:\Users\Ben\AppData\Roaming\Xfire
2009-01-18 23:28 238,949 ----a-w C:\Users\Ben\AppData\Roaming\nvModes.dat
2009-01-16 18:51 --------- d-----w C:\Program Files\Combined Community Codec Pack
2009-01-14 13:17 --------- d-----w C:\Program Files\Windows Mail
2009-01-10 17:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2009-01-09 18:37 --------- d-----w C:\Program Files\Windows Live Toolbar
2009-01-09 18:37 --------- d-----w C:\Program Files\Windows Live
2008-12-26 23:16 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-12-10 17:05 --------- d-----w C:\Program Files\Microsoft Web Designer Tools
2008-12-10 17:04 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-12-10 16:52 --------- d-----w C:\Program Files\Microsoft Works
2008-12-09 23:06 --------- d-----w C:\Program Files\Java
2008-12-09 22:24 --------- d-----w C:\Program Files\Microsoft.NET
2008-12-09 22:18 410,984 ----a-w C:\Windows\System32\deploytk.dll
2008-12-09 21:54 --------- d-----w C:\Program Files\Common Files\Nero
2008-12-09 21:36 47,360 ----a-w C:\Users\Ben\AppData\Roaming\pcouffin.sys
2008-12-09 21:36 --------- d-----w C:\Users\Ben\AppData\Roaming\Vso
2008-12-08 19:39 --------- d-----w C:\Users\Ben\AppData\Roaming\Microgaming
2008-12-04 23:31 308,584 ----a-w C:\Windows\WLXPGSS.SCR
2008-12-02 21:37 49,480 ----a-w C:\Windows\System32\sirenacm.dll
2008-11-30 10:00 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-11-29 20:15 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-11-29 20:14 --------- d-----w C:\Users\Ben\AppData\Roaming\SystemRequirementsLab
2008-11-01 03:44 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-10-29 06:29 2,927,104 ----a-w C:\Windows\explorer.exe
2008-10-22 03:57 241,152 ----a-w C:\Windows\System32\PortableDeviceApi.dll
2008-10-22 01:22 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-06-28 21:03 3,080 ----a-w C:\Users\Ben\CDBIDXL.DAT
2008-06-28 21:03 2,056 ----a-w C:\Users\Ben\TDBIDXL.DAT
2008-06-28 20:51 4,414 ----a-w C:\Users\Ben\NETRKDB.DAT
2008-06-28 20:51 2,264 ----a-w C:\Users\Ben\NECDB.DAT
2008-04-15 22:33 174 --sha-w C:\Program Files\desktop.ini
2002-08-08 04:11 319,488 ----a-r C:\Users\Ben\AppData\Roaming\MafiaSetup.exe
.

((((((((((((((((((((((((((((( snapshot@2009-01-19_19.06.08,06 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-18 21:54:11 1,165,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-01-22 16:58:12 1,165,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2009-01-18 21:54:11 20,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-01-22 16:58:12 20,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-01-18 21:54:11 159,504 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-01-22 16:58:12 159,504 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2009-01-18 21:54:11 184,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-01-22 16:58:12 184,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-01-18 21:54:11 217,864 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-01-22 16:58:12 217,864 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-01-18 21:54:11 18,704 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-01-22 16:58:12 18,704 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-01-18 21:54:11 35,088 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-01-22 16:58:12 35,088 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-01-18 21:54:11 845,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-01-22 16:58:12 845,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-01-18 21:54:11 922,384 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-01-22 16:58:12 922,384 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-01-18 21:54:11 272,648 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-01-22 16:58:12 272,648 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-01-18 21:54:11 888,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-01-22 16:58:12 888,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-01-18 21:54:11 1,172,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-01-22 16:58:12 1,172,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-01-19 17:27:54 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-01-22 16:55:08 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-01-19 17:27:54 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-01-22 16:55:08 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-01-19 17:44:41 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-01-22 17:12:04 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-01-22 17:12:04 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-01-19 17:38:18 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-22 12:35:24 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-19 17:38:18 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-22 12:35:24 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-19 17:38:18 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-22 12:35:24 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-19 17:30:17 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-01-22 16:56:04 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2009-01-19 17:27:54 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-22 16:55:21 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-19 17:27:54 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-22 16:55:21 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-19 17:27:54 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-22 16:55:21 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-19 18:02:22 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2009-01-22 22:24:58 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2009-01-22 22:24:58 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
- 2009-01-19 17:32:28 109,456 ----a-w C:\Windows\System32\perfc009.dat
+ 2009-01-22 18:52:06 109,456 ----a-w C:\Windows\System32\perfc009.dat
- 2009-01-19 17:32:28 138,108 ----a-w C:\Windows\System32\perfc013.dat
+ 2009-01-22 18:52:07 138,108 ----a-w C:\Windows\System32\perfc013.dat
- 2009-01-19 17:32:28 618,142 ----a-w C:\Windows\System32\perfh009.dat
+ 2009-01-22 18:52:07 618,142 ----a-w C:\Windows\System32\perfh009.dat
- 2009-01-19 17:32:28 15,396 ----a-w C:\Windows\System32\perfh013.dat
+ 2009-01-22 18:52:07 15,396 ----a-w C:\Windows\System32\perfh013.dat
- 2009-01-19 17:29:51 16,320 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1399714840-792615147-188904351-1000_UserData.bin
+ 2009-01-22 05:08:41 16,710 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1399714840-792615147-188904351-1000_UserData.bin
- 2009-01-17 11:12:33 6,794 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1399714840-792615147-188904351-501_UserData.bin
+ 2009-01-22 16:57:01 7,258 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1399714840-792615147-188904351-501_UserData.bin
- 2009-01-19 17:29:51 112,442 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-01-22 16:57:01 113,986 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-01-19 17:29:50 53,512 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-01-22 16:56:58 55,106 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot teruggezet naar huidige datum --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 08:33 1233920]
"ISPMonitor"="C:\Program Files\ISP Monitor\isp.exe" [2008-02-23 17:59 442704]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 08:33 125952]
"Google Update"="C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-02 20:28 133104]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 13:11 490952]
"CurseClient"="C:\Program Files\Curse\CurseClient.exe" [2008-10-10 20:56 4789760]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 11:12 234856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-01-11 17:37 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-01-11 17:20 8501792]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-01-11 17:36 81920]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-10-30 10:56 102400]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 01:04 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-12-09 23:18 136600]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2009-01-16 17:18 1601304]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2008-02-24 02:36:54 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=G

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-08 13:11 490952 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISPMonitor]
--a------ 2008-02-23 17:59 442704 C:\Program Files\ISP Monitor\isp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2008-12-02 22:38 3882312 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-01-11 17:36 81920 C:\Windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
--a------ 2008-01-11 17:37 86016 C:\Windows\System32\nvsvc.dll

Bubba

Legacy Member
Combifix Vervolg zei:
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1B1EBABD-003C-47A8-8154-775F2E791124}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{FF171B36-3DA6-4ED8-A20E-8D70BB1CB7DE}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{10634306-D8F4-4230-BD03-303CE007DC0F}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0D71C8E3-37A7-4286-B49E-75BB2728C4E6}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F5995D6B-E69A-4D70-96EB-BB631EF33915}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{53844FF5-97D4-43B0-AFB4-65E419CBA937}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B931CA8B-48CA-4931-9E60-83E4EA0BB80A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D2A35C8B-9DC0-48BD-8106-31F3B5B6631B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6F79FFC4-1B05-462F-9B59-E89324D55678}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{EE6F7951-9865-4852-A8A3-4BA5B44F68D5}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{E3A9C1F9-99FA-4482-ACBE-F4DC87E72F53}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"{21921DCA-2633-4BF0-99FE-B9A13CACC356}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F957ED8F-156E-4504-A584-9515A4E64EC2}"= C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat:Command & Conquer 3 Tiberium Wars
"TCP Query User{E8884095-17FB-411E-A74B-455149A24F0D}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{269AC94D-97C9-49D9-9541-730AFFC9A32A}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{45469B8E-9F93-46BD-9ABA-D6C5C8D2D14D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7427A26A-AFFE-477B-907C-D6DFE172F5A0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{1B2A92BB-7D91-492E-B6C6-2BF43F4EF50F}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{527F7155-E2D8-40AC-AEF1-1B5C6B18EC3F}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{A2A9868B-E227-4421-BD62-BDCEDA9B847D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A1ECCBEF-1643-4ADB-8CD4-EF9837953700}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{46CBCD92-084F-4DF4-80DC-BB6DE8B4163A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{FE037742-CA9E-4878-96E0-56EE26E48E66}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2FB99EF8-5DAA-4A30-B249-FB41C9F17080}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{144FAFCB-344A-42F9-9D4B-2B1937D6ADF7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{92C23BF7-DB0E-40EF-9418-99AD23374744}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{97669587-4C44-4F3B-9CE3-D300485F3A4A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{48E1DB54-CEAF-4816-A8A3-5DA929A1698D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{2456844E-19BC-47B7-894C-63D23314D6A9}C:\\program files\\foxit software\\pdf editor\\pdfedit.exe"= UDP:C:\program files\foxit software\pdf editor\pdfedit.exe:Foxit PDF Editor, the first REAL editor for PDF files!
"UDP Query User{FF89EF26-3D49-45A4-93ED-2BF725106426}C:\\program files\\foxit software\\pdf editor\\pdfedit.exe"= TCP:C:\program files\foxit software\pdf editor\pdfedit.exe:Foxit PDF Editor, the first REAL editor for PDF files!
"{78B2C646-7C8B-4520-9312-4C46F5A97FA2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{E18F8FBC-9668-4F88-8465-943D4F9AA233}E:\\world of warcraft\\repair.exe"= UDP:E:\world of warcraft\repair.exe:Blizzard Repair Utility
"UDP Query User{A46EBB82-1C85-4AA4-A7B1-F131396F97FA}E:\\world of warcraft\\repair.exe"= TCP:E:\world of warcraft\repair.exe:Blizzard Repair Utility
"TCP Query User{63F2E3F3-7FF7-4023-907C-6710A8494FA2}C:\\program files\\steam\\steamapps\\chief_87\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\chief_87\counter-strike source\hl2.exe:hl2
"UDP Query User{574564D6-1784-4941-9000-1B0016BD5031}C:\\program files\\steam\\steamapps\\chief_87\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\chief_87\counter-strike source\hl2.exe:hl2
"{7FDE3878-41A2-47D2-8FDF-8E17BB3F95AA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{FC0AA199-28B6-4012-85AA-3193332036BC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C636CA6D-9D36-471D-8DE3-69805D3F2031}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{5271EC22-CBB0-4792-BA39-E3C397DA1A2B}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{D8637E71-9154-437D-AD61-37EBDDA4D9C2}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{B5D21B54-260E-4BA4-8BDF-006E95AD5EB0}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{474D84E4-5CA6-411F-B5CA-D3F70F2AC1AC}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{47726063-6B2E-4E9F-8F8D-E8108BF535D7}C:\\users\\ben\\desktop\\peke23c\\race driver grid\\grid.exe"= UDP:C:\users\ben\desktop\peke23c\race driver grid\grid.exe:grid.exe
"UDP Query User{3A8D7D95-08EE-4081-B707-C1898F1D0B40}C:\\users\\ben\\desktop\\peke23c\\race driver grid\\grid.exe"= TCP:C:\users\ben\desktop\peke23c\race driver grid\grid.exe:grid.exe
"TCP Query User{666A8982-6C32-4948-9AE2-0662EF564871}C:\\users\\ben\\desktop\\peke23c\\race driver grid\\grid.exe"= UDP:C:\users\ben\desktop\peke23c\race driver grid\grid.exe:grid.exe
"UDP Query User{79EFC24D-C1AA-4799-96ED-BFF32E6DDA79}C:\\users\\ben\\desktop\\peke23c\\race driver grid\\grid.exe"= TCP:C:\users\ben\desktop\peke23c\race driver grid\grid.exe:grid.exe
"{7E5F984B-04C2-4627-B969-461769313203}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F16400CC-177E-49D1-9218-FD4F29D8BA68}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{EE76C940-2FAC-4804-B65D-7BC0B73EFC35}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{2711E11B-8756-4673-B826-F3384FEB771C}C:\\users\\ben\\appdata\\local\\octoshape\\octoshape streaming services\\octoshapeclient.exe"= UDP:C:\users\ben\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe:octoshapeclient.exe
"UDP Query User{3AF982ED-2D5F-49D5-A386-BF0A3E5CB35A}C:\\users\\ben\\appdata\\local\\octoshape\\octoshape streaming services\\octoshapeclient.exe"= TCP:C:\users\ben\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe:octoshapeclient.exe
"TCP Query User{7D1F38BE-7B1B-4B78-A433-371A9051634E}C:\\users\\ben\\appdata\\local\\octoshape\\octoshape streaming services\\octoshapeclient.exe"= UDP:C:\users\ben\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe:octoshapeclient.exe
"UDP Query User{26477532-2740-471D-8E52-22A364A52323}C:\\users\\ben\\appdata\\local\\octoshape\\octoshape streaming services\\octoshapeclient.exe"= TCP:C:\users\ben\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe:octoshapeclient.exe
"TCP Query User{4B29BEDB-C974-416D-963A-92CB32A2671B}C:\\program files\\ventsrv\\ventrilo_srv.exe"= UDP:C:\program files\ventsrv\ventrilo_srv.exe:ventrilo_srv
"UDP Query User{AC68DF34-13CF-4CF3-B2A4-618499FEE499}C:\\program files\\ventsrv\\ventrilo_srv.exe"= TCP:C:\program files\ventsrv\ventrilo_srv.exe:ventrilo_srv
"TCP Query User{26ABB8BB-3C74-44AE-A130-B46FF6BEDB0F}C:\\program files\\joost\\xulrunner\\tvprunner.exe"= UDP:C:\program files\joost\xulrunner\tvprunner.exe:tvprunner
"UDP Query User{2BEE874A-BF97-4BE9-8CE1-C7FEF02DAD8E}C:\\program files\\joost\\xulrunner\\tvprunner.exe"= TCP:C:\program files\joost\xulrunner\tvprunner.exe:tvprunner
"TCP Query User{3FBB5047-6A4B-4A9B-9923-F58A13920382}C:\\program files\\joost\\xulrunner\\tvprunner.exe"= UDP:C:\program files\joost\xulrunner\tvprunner.exe:tvprunner
"UDP Query User{922A0F87-EAB8-48D3-B0A6-DB7B553B72F9}C:\\program files\\joost\\xulrunner\\tvprunner.exe"= TCP:C:\program files\joost\xulrunner\tvprunner.exe:tvprunner
"TCP Query User{204ACCA1-3C4D-45BE-9389-0D67F23D8073}C:\\users\\ben\\desktop\\wotlk-beta-3.0.1-engb-downloader.exe"= UDP:C:\users\ben\desktop\wotlk-beta-3.0.1-engb-downloader.exe:wotlk-beta-3.0.1-engb-downloader.exe
"UDP Query User{FED8D981-9849-4CC4-BD58-9A53B8816C0C}C:\\users\\ben\\desktop\\wotlk-beta-3.0.1-engb-downloader.exe"= TCP:C:\users\ben\desktop\wotlk-beta-3.0.1-engb-downloader.exe:wotlk-beta-3.0.1-engb-downloader.exe
"TCP Query User{DD6EECAB-AF6A-486C-B7C1-D81E0635D565}E:\\world of warcraft\\wrath of the lich king beta\\wow.exe"= UDP:E:\world of warcraft\wrath of the lich king beta\wow.exe:World of Warcraft
"UDP Query User{565B6F9F-35C4-48B6-89BC-B0AD8C21FBB2}E:\\world of warcraft\\wrath of the lich king beta\\wow.exe"= TCP:E:\world of warcraft\wrath of the lich king beta\wow.exe:World of Warcraft
"TCP Query User{931FD869-D5A6-472F-BA9F-8616F630009C}C:\\program files\\zattoo\\zattood.exe"= UDP:C:\program files\zattoo\zattood.exe:zattood
"UDP Query User{33E32991-CECC-41BF-B1A0-1FBEBD039B02}C:\\program files\\zattoo\\zattood.exe"= TCP:C:\program files\zattoo\zattood.exe:zattood
"TCP Query User{A3A6C238-440F-4E22-830E-78CCE115ABF7}C:\\program files\\zattoo\\zattoo.exe"= UDP:C:\program files\zattoo\zattoo.exe:
"UDP Query User{247E66E2-FE3E-47B0-A28C-5FA327439B63}C:\\program files\\zattoo\\zattoo.exe"= TCP:C:\program files\zattoo\zattoo.exe:
"{DF17F4A6-D539-4A37-BEB1-BD3F8D382224}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4466A9C0-2574-425D-9E2F-D793A26C16E6}"= UDP:E:\Program Files\EA GAMES\The Battle for Middle-earth(tm)\game.dat:The Battle for Middle-earth (tm)
"{FF8B8FCB-DB77-4288-9781-08B88E07DA57}"= TCP:E:\Program Files\EA GAMES\The Battle for Middle-earth(tm)\game.dat:The Battle for Middle-earth (tm)
"TCP Query User{0F52CCAF-8167-48B3-8566-5BCB34702F36}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{E5AB9D6A-7ADA-4685-BAB4-E70BBB13C6CB}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"{40707ADD-DF71-4234-B4DC-5B01F290C52F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0EE6B3ED-E34A-4E43-A249-3E56C0BE0CC0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{080285FA-BAC9-46F7-A148-DD26290C6EC9}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D143175B-B640-4B94-A71B-4EE03F720D36}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8C409D66-CBD3-4BAD-B9BF-68AB0A88C281}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8F22E708-E8F1-49A8-8E13-B9F38E9B434D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{56D1281E-5242-4EEF-A15E-CFE94F036726}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CBD1504A-3E3B-4511-ACD0-058072697F6C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{ED2DC3A1-A164-4934-8AA5-B2670756AE22}"= UDP:C:\Program Files\Curse\CurseClient.exe:Curse Client
"{7030960D-D965-43FC-81D7-E7B4C05F4EB7}"= TCP:C:\Program Files\Curse\CurseClient.exe:Curse Client
"TCP Query User{7AC72748-4248-4FB0-8B76-399EF1A71F41}C:\\program files\\curse\\curseclient.exe"= UDP:C:\program files\curse\curseclient.exe:CurseClient
"UDP Query User{BB2E3BF3-C0F0-46B9-8185-DEF8587D7F7C}C:\\program files\\curse\\curseclient.exe"= TCP:C:\program files\curse\curseclient.exe:CurseClient
"{386FE79F-3693-4B36-B091-5A1E518CC049}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AD2CC126-CCF7-44CD-9D6A-CA3A8A10E06B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D4BB7454-EC60-4DC9-BE55-BC4F350201CC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{FB9C6632-267E-4A51-AFC7-642214B0ACCB}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{89223FA2-F7AC-4924-B38F-4AD9DA55CC3E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{846BE9D9-499B-4DEA-831F-7EB24CC4CA9E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6B6046E1-9535-4690-9D28-F350D4696053}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{45C3AD84-8647-4798-9D38-D05713C4A302}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2F403BCA-3195-4C94-8A46-B25311E16798}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7BC5282C-AE8D-450B-ACCD-50DAD6AA6AD6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F005A939-16A0-469A-B039-DE11F2A43800}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6B24D4FA-C3DE-41B4-BC45-6E3D6A20F917}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F550993C-F6CD-4697-81F9-97C0DB5796E2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1D4EE31A-99E3-4C7D-A584-CE480C6A9890}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F7DE074B-AE56-4A12-B733-BC92F0E6B5FE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{48411215-189D-40B2-9444-2D5D3A40F8AE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D89509E4-DDA3-424A-87A7-B7E6A9C28448}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{90AA7331-7241-4E29-8A42-D50BD6F35626}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D570EBA0-84C3-4EE1-814E-366E7542CEFE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3D35BDE5-708B-4308-9FF4-43EC1E3BFF98}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{17E4C3E8-F961-4B3F-9D23-1AC56875337D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5AD6091E-A006-43CF-8EEC-3604EEA216BF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D111F747-CC64-4B7E-BEBB-45B591D3AA5E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8D14508C-4E21-45ED-AD2A-B384487DCD34}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8A03DDA5-1CCD-4B82-8E07-C8CB575D6521}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{55607725-C110-4719-B396-CB66FF807F88}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{10737D9F-7955-4498-ADDB-5BC042494860}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CF8177A0-F8A9-4724-A351-78E6553806AA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{244BFDC9-EF29-4B1E-BA09-0753D445537B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{39C472B2-6C3D-4D4E-A219-A0AFCB6BFA91}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5C5E2B1F-F0C1-4D3B-894B-25B62E98C30C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{34ED0EB0-D06D-4154-B168-A47EE7AC1EF0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5499FA75-10E2-4761-B6F5-A6C1DB118319}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{194B05F5-AA1A-4015-B496-1858D9FD749E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{86124AD6-AB60-42EC-9010-B0DD0269C328}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{27718B13-DE2F-4AB8-BD61-B31D10CA9D4D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{EAD927FB-107F-404A-9D3D-B9514D249B7B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{43774843-891A-4C32-B075-EB7F01E4E5D6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{FE894180-9106-43C6-A7DE-BA2BED6142A7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9474196E-07D9-4CE7-871D-1C658BD2D862}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{797CB541-5E29-4676-B3C0-77B4D396426B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{86F2B564-0ED9-4709-B278-F3357686E2B5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0227EE9B-D7AB-48CB-B464-971208F5E273}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9937688C-755E-46BB-96D5-C8ED71A76FF5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{372510CB-156C-4E7B-A298-10082E2C9957}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1EF462C7-9D42-4AC4-B604-B018F9CE99E8}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2676D369-F303-43A8-B968-A56C63263E0E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{77FE7B72-6973-4BA2-87B2-BB36DCA4C17E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{931F10F4-9946-4411-A81F-D058D81950CD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B17869D3-E8DE-42D0-BB61-E0506987090A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E2AC7FE3-CBD0-403A-9AE4-F63A9AB65CE2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0C77AAE0-C992-40F8-A91F-18DAFC24B28A}"= C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{8B53CC05-9FE3-43A7-A573-503107A17EC8}"= UDP:C:\Program Files\Common Files\System\smss.exe:smss
"{9F09E62E-D9C6-49FF-B106-C51BB89B6541}"= TCP:C:\Program Files\Common Files\System\smss.exe:smss
"{333C37C8-67D8-43FE-9382-477DB805FA22}"= C:\Program Files\AVG\AVG8\avgam.exe:avgam.exe
"{E352DCB6-A9E7-4761-9E7F-67BBAD37A716}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{71F71241-BD6F-4E75-BEB6-048B6C0191A9}"= C:\Program Files\AVG\AVG8\avgnsx.exe:avgnsx.exe

R0 AvgRkx86;avgrkx86.sys;C:\Windows\System32\drivers\avgrkx86.sys [2009-01-16 17:18:40 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\System32\drivers\avgldx86.sys [2009-01-16 17:18:35 325128]
R1 AvgTdiX;AVG8 Network Redirector;C:\Windows\System32\drivers\avgtdix.sys [2009-01-16 17:18:40 107272]
R3 b57nd60x;%SvcDispName%;C:\Windows\System32\drivers\b57nd60x.sys [2008-04-15 21:39:23 179712]
R3 winbondcir;Winbond IR Transceiver;C:\Windows\System32\drivers\winbondcir.sys [2007-03-28 07:51:40 43008]
R4 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-01-16 17:18:29 298264]
R4 ISPMonitorSrv;ISP Monitor;C:\Program Files\ISP Monitor\ISPMonitorSrv.exe [2007-08-22 23:55:16 36864]

--- Andere Services/Drivers In Geheugen ---

*Deregistered* - sptd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b3d44a0-dcd0-11dc-86a1-001b24a56a64}]
\shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2cc83448-e187-11dc-be48-001b24a56a64}]
\shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ab4b438-db47-11dd-bc6a-001b24a56a64}]
\shell\AutoRun\command - I:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ccf219b-de34-11dc-939f-001b24a56a64}]
\shell\AutoRun\command - 0

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e21a214-8105-11dd-83c1-001b24a56a64}]
\shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81b43c8e-4a92-11dd-be5b-001b24a56a64}]
\shell\AutoRun\command - H:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81b43c8f-4a92-11dd-be5b-001b24a56a64}]
\shell\AutoRun\command - I:\m.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae9b009a-db45-11dc-9397-001b24a56a64}]
\shell\AutoRun\command - H:\SETUP.EXE
\shell\configure\command - H:\SETUP.EXE
\shell\install\command - H:\SETUP.EXE
.
Inhoud van de 'Gedeelde Taken' map

2009-01-22 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1399714840-792615147-188904351-1000.job
- C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-02 20:28]
.
.
------- Bijkomende Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:7070
uInternet Settings,ProxyOverride = *.local;<local>
IE: Add to Windows &Live Favorites - Add to Windows Live Favorites
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
FF - ProfilePath - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\yt5bw92e.default\
FF - prefs.js: browser.startup.homepage - hxxp://https://www.beyondgaming.be/forumshttp://mail.google.com/mail/?shva=1#inbox|http://www.skn.org.uk/sk/e107_plugins/forum/forum.php
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 7070
FF - prefs.js: network.proxy.type - 4
FF - component: C:\Program Files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: C:\Program Files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npff_gdm.dll
FF - plugin: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Ben\AppData\Local\Google\Update\1.2.133.33\npGoogleOneClick7.dll
.

Bubba

Legacy Member
Hijackthis zei:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:42, on 2009-01-22
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Ben\Desktop\RapGet\rapget.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Ben\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7070
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISPMonitor] C:\Program Files\ISP Monitor\isp.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - Startup: GameSpot Download Manager.lnk = C:\Users\Ben\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: REALTEK RTL8185 Wireless LAN Utility.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - C:\Program Files\ISP Monitor\ISPMonitorSrv.exe
O23 - Service: Network Store Interface-service (nsi) - Unknown owner - C:\Program Files\Common Files\\System\\smss.exe (file missing)

--
End of file - 7084 bytes

Bubba

Legacy Member
Bestanden gescand op VirusTotal zei:
Resultaat C:\Windows\z45ft7575f44.dat

MD5: c81e728d9d4c2f636f067f89cc14862c
First received: 2007.04.05 08:27:13 (CET)
Datum: 2008.12.23 20:17:38 (CET) [>29D]
Resultaat: 0/38

---------------------------------------------------

Resultaat C:\Windows\nlmark2.dat

MD5: c4ca4238a0b923820dcc509a6f75849b
First received: 2008.05.01 01:30:22 (CET)
Datum: 2009.01.19 20:17:42 (CET) [>2D]
Resultaat: 0/39

----------------------------------------------------

Resultaat c:\windows\fm123.dat

MD5: c4ca4238a0b923820dcc509a6f75849b
First received: 2008.05.01 01:30:22 (CET)
Datum: 2009.01.19 20:17:42 (CET) [>2D]
Resultaat: 0/39
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan