HJT-Logje

Goeiendag

Mijn computer is heel traag geworden. Ik denk dat ik HJT moet laten scannen.

Hier een logje

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:22:11, on 30/01/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\OEM02Mon.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Belgacom\bin\sprtcmd.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Dell\MFP_DELL\deDvcStatus.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\VoipBuster.com\VoipBuster\voipbuster.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Dell\QuickSet\quickset.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Windows\system32\conime.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Games-Fusion.NET - PC Cheats, PS2 Cheats, Xbox Cheats ( Demo, Patch, Screens )

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Games-Fusion.NET - PC Cheats, PS2 Cheats, Xbox Cheats ( Demo, Patch, Screens )

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [DeStatusMon] "C:\Program Files\Dell\MFP_DELL\deDvcStatus.exe" dvcStatusMinimize

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"

O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\voipbuster.exe" -nosplash -minimized

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209149147425

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209149996026

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://gameadvisor.futuremark.com/global/msc3121.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Dell AIO Center Service (deMntrService) - Dell - C:\Program Files\Dell\MFP_DELL\deMntrService.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 11220 bytes

Bij voorbaat dank

Geen echte aanduidingen van problemen met deze PC.

Maar voor wat extra tips bij een trage computer, kan je HIER eens een kijkje nemen.

En je zou ook deze beide programma's nog eens mogen laten runnen :

Download MBAM (Malwarebytes' Anti-Malware).

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)

De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.

Daarna zal het vragen om de computeropnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Download Combofix naar je Bureaublad.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

• Dubbelklik op Combofix.exe om het te starten.
  Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
  Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
  Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
  Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
  Klik na afloop terug op Ja om het scannen op malware te starten.
  Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
  

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord, samen met het logje van Malwarebytes.

Hier is een logje van MBAM

Malwarebytes' Anti-Malware 1.33

Database versie: 1712

Windows 6.0.6000

31/01/2009 15:31:23

mbam-log-2009-01-31 (15-31-23).txt

Scan type: Snelle Scan

Objecten gescand: 48397

Verstreken tijd: 4 minute(s), 28 second(s)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata bestanden geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Sorry, dubbele post

En hier logje ComboFix

ComboFix 09-01-21.04 - Sofian 2009-01-31 16:13:06.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.2037.1013 [GMT 1:00]

Gestart vanuit: c:\users\Sofian\Desktop\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

.

- VERMINDERDE FUNCTIONALITEIT MODUS -

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-12-28 to 2009-01-31 ))))))))))))))))))))))))))))))

.

2009-01-31 14:42 . 2009-01-31 14:42 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-01-31 14:42 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2009-01-31 14:42 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2009-01-30 23:41 . 2009-01-30 23:41 <DIR> d-------- c:\program files\Gabest

2009-01-28 21:47 . 2009-01-28 21:47 45 --a------ c:\windows\System32\initdebug.nfo

2009-01-28 18:38 . 2009-01-28 18:41 <DIR> d-------- c:\program files\DivX

2009-01-26 19:08 . 2009-01-26 19:08 <DIR> d-------- c:\program files\Xvid(120)

2009-01-26 18:50 . 2009-01-26 18:50 <DIR> d-------- c:\users\Sofian\AppData\Roaming\BSplayer Pro

2009-01-26 18:50 . 2009-01-26 18:54 <DIR> d-------- c:\users\Sofian\AppData\Roaming\BSplayer

2009-01-26 18:50 . 2009-01-26 18:50 <DIR> d-------- c:\program files\Webteh

2009-01-24 16:40 . 2009-01-24 16:54 <DIR> d-------- c:\program files\AC3Filter

2009-01-24 16:35 . 2009-01-24 16:35 <DIR> d-------- c:\users\Sofian\AppData\Roaming\River Past G5

2009-01-24 16:35 . 2009-01-24 16:47 <DIR> d-------- c:\users\All Users\River Past G5

2009-01-24 16:35 . 2009-01-24 16:35 <DIR> d-------- c:\program files\River Past

2009-01-24 16:35 . 2009-01-24 16:35 <DIR> d-------- c:\program files\Common Files\River Past

2009-01-24 16:35 . 2009-01-24 16:47 <DIR> d-------- c:\progra~2\River Past G5

2009-01-24 16:35 . 2009-01-24 16:35 163,250 --a------ c:\windows\Audio Converter Pro Uninstaller.exe

2009-01-24 16:30 . 2009-01-24 16:32 <DIR> d-------- c:\program files\DoremiSoft

2009-01-24 16:25 . 2009-01-24 16:27 150 --a------ c:\windows\videotoaudio.ini

2009-01-24 16:24 . 2009-01-24 16:24 <DIR> d-------- c:\program files\Crystal Software

2009-01-24 16:24 . 2009-01-24 16:27 5 --a------ c:\windows\System32\SySatw.dat

2009-01-24 16:22 . 2004-12-07 10:11 258,352 --a------ c:\windows\System32\Unicows.dll

2009-01-24 15:28 . 2009-01-04 12:35 31,232 --a------ c:\windows\system\vdremote.dll

2009-01-24 15:28 . 2009-01-04 12:35 25,088 --a------ c:\windows\system\vdsvrlnk.dll

2009-01-24 00:14 . 2006-10-26 19:56 32,592 --a------ c:\windows\System32\msonpmon.dll

2009-01-24 00:01 . 2009-01-27 21:53 <DIR> d-------- c:\users\All Users\Microsoft Help

2009-01-24 00:01 . 2009-01-27 21:53 <DIR> d-------- c:\progra~2\Microsoft Help

2009-01-23 23:57 . 2009-01-23 23:57 <DIR> d-------- c:\users\Sofian\AppData\Roaming\DAEMON Tools Lite

2009-01-23 23:36 . 2006-11-02 10:39 15,821,312 --a------ c:\windows\System32\imageres.dll

2009-01-23 22:30 . 2009-01-24 17:55 <DIR> d-------- c:\users\Sofian\AppData\Roaming\vlc

2009-01-23 22:23 . 2009-01-23 22:24 <DIR> d-------- c:\users\Sofian\AppData\Roaming\MozillaControl

2009-01-23 22:23 . 2009-01-23 22:23 <DIR> d-------- c:\users\All Users\Graboid Inc

2009-01-23 22:23 . 2009-01-23 22:23 <DIR> d-------- c:\progra~2\Graboid Inc

2009-01-23 22:22 . 2009-01-23 22:30 <DIR> d-------- c:\program files\Graboid

2009-01-23 16:04 . 2009-01-31 11:18 <DIR> d--hs---- c:\users\Sofian\AppData\Roaming\.#

2009-01-22 19:11 . 2009-01-22 19:11 <DIR> d-------- c:\users\All Users\TechSmith

2009-01-22 19:11 . 2009-01-22 19:11 <DIR> d-------- c:\progra~2\TechSmith

2009-01-22 19:08 . 2009-01-22 19:08 <DIR> d-------- c:\windows\System32\QuickTime

2009-01-22 19:08 . 2009-01-22 19:08 <DIR> d-------- c:\program files\TechSmith

2009-01-22 19:08 . 2009-01-22 19:08 <DIR> d-------- c:\program files\Common Files\TechSmith Shared

2009-01-22 19:08 . 2008-07-10 14:56 107,864 --a------ c:\windows\System32\tsccvid.dll

2009-01-20 19:57 . 2009-01-20 20:46 <DIR> d-------- c:\users\Sofian\AppData\Roaming\SmartDraw

2009-01-19 21:34 . 2009-01-20 19:13 <DIR> d-------- c:\program files\Linguistic Systems

2009-01-18 19:25 . 2009-01-30 23:18 21,840 --a----t- c:\windows\System32\SIntfNT.dll

2009-01-18 19:25 . 2009-01-30 23:18 17,212 --a----t- c:\windows\System32\SIntf32.dll

2009-01-18 19:25 . 2009-01-30 23:18 12,067 --a----t- c:\windows\System32\SIntf16.dll

2009-01-18 17:08 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\System32\d3dx9_32.dll

2009-01-18 17:08 . 2006-11-29 13:06 440,080 --a------ c:\windows\System32\d3dx10.dll

2009-01-18 17:08 . 2006-12-08 12:02 251,672 --a------ c:\windows\System32\xactengine2_5.dll

2009-01-18 00:25 . 2009-01-18 00:25 <DIR> d-------- c:\program files\Paint.NET

2009-01-16 18:54 . 2009-01-16 20:42 <DIR> d-------- c:\program files\Counter-Strike Source

2009-01-11 13:47 . 2009-01-11 13:54 <DIR> d-------- c:\users\Sofian\AppData\Roaming\RegTool

2009-01-02 21:42 . 2009-01-02 21:42 <DIR> d-------- c:\program files\GameSpy3D

2009-01-01 15:24 . 2009-01-01 15:24 103,736 --a------ c:\windows\System32\PnkBstrB.exe

2009-01-01 15:24 . 2009-01-01 15:24 22,328 --a------ c:\windows\System32\drivers\PnkBstrK.sys

2008-12-27 20:07 . 2008-12-27 20:07 <DIR> d-------- c:\users\Sofian\AppData\Roaming\OpenOffice.org

2008-12-26 13:57 . 2008-12-26 13:57 98,304 --a------ c:\windows\System32\CmdLineExt.dll

2008-12-26 13:54 . 2008-12-26 13:54 <DIR> d-------- c:\program files\Empire Interactive

2008-12-24 17:48 . 2008-12-24 17:48 <DIR> d-------- c:\windows\SWAT 4

2008-12-24 17:48 . 2008-12-24 18:15 <DIR> d-------- c:\program files\SWAT 4

2008-12-24 17:17 . 2008-12-25 18:20 <DIR> d-------- c:\program files\AlerteGPS

2008-12-24 11:30 . 2008-12-24 11:30 <DIR> d-------- c:\program files\OpenOffice.org 3

2008-12-24 11:30 . 2008-12-24 11:30 <DIR> d-------- c:\program files\JRE

2008-12-24 11:14 . 2008-12-24 11:14 <DIR> d-------- c:\program files\Common Files\Java

2008-12-20 19:45 . 2009-01-18 13:49 <DIR> d-------- c:\program files\Steam

2008-12-20 19:45 . 2009-01-18 13:47 <DIR> d-------- c:\program files\Common Files\Steam

2008-12-19 18:57 . 2009-01-27 18:36 <DIR> d-------- c:\program files\WarRock

2008-12-17 18:22 . 2008-04-28 16:53 805,400 -ra------ c:\windows\System32\tmpC793.tmp

2008-12-17 18:22 . 2008-04-28 16:53 805,400 -ra------ c:\windows\System32\tmpC754.tmp

2008-12-17 18:22 . 2008-12-17 18:22 109,080 --a------ c:\windows\System32\OpenAL32.dll

2008-12-17 17:57 . 2008-04-28 16:53 805,400 -ra------ c:\windows\System32\tmpB3BD.tmp

2008-12-17 17:57 . 2008-04-28 16:53 805,400 -ra------ c:\windows\System32\tmpB36E.tmp

2008-12-17 17:57 . 2008-12-17 18:22 444,952 --a------ c:\windows\System32\wrap_oal.dll

2008-12-17 16:48 . 2008-04-28 16:53 805,400 -ra------ c:\windows\System32\tmp1644.tmp

2008-12-17 16:02 . 2008-12-17 16:02 <DIR> d-------- c:\program files\Codemasters

2008-12-17 13:57 . 2008-12-28 16:57 <DIR> d-------- c:\program files\Live For Speed

2008-12-17 13:28 . 2008-04-28 16:53 805,400 -ra------ c:\windows\System32\tmp8D63.tmp

2008-12-17 13:28 . 2008-04-28 16:53 805,400 -ra------ c:\windows\System32\tmp8D14.tmp

2008-12-17 13:06 . 2008-12-17 13:06 <DIR> d-------- c:\users\All Users\Codemasters

2008-12-17 13:06 . 2008-12-17 13:06 <DIR> d-------- c:\progra~2\Codemasters

2008-12-17 13:03 . 2008-04-28 16:53 805,400 -ra------ c:\windows\System32\tmp8F17.tmp

2008-12-17 13:03 . 2008-04-28 16:53 805,400 -ra------ c:\windows\System32\tmp8EC8.tmp

2008-12-17 11:17 . 2008-01-02 16:37 188,416 --a------ c:\windows\System32\igfxres.dll

2008-12-16 22:03 . 2008-12-16 22:03 <DIR> d-------- c:\program files\OpenAL

2008-12-16 22:03 . 2008-04-28 16:53 805,400 -ra------ c:\windows\System32\tmpE53B.tmp

2008-12-16 22:03 . 2008-04-28 16:53 805,400 -ra------ c:\windows\System32\tmpE4BE.tmp

2008-12-16 22:03 . 2008-04-28 16:53 805,400 -ra------ c:\windows\System32\tmp2B50.tmp

2008-12-16 22:03 . 2008-04-28 16:53 805,400 -ra------ c:\windows\System32\tmp2AD2.tmp

2008-12-14 19:00 . 2008-12-14 19:00 <DIR> d-------- c:\users\All Users\Yahoo!

2008-12-14 19:00 . 2008-12-14 19:00 <DIR> d-------- c:\progra~2\Yahoo!

2008-12-14 18:59 . 2008-12-14 18:59 <DIR> d-------- c:\users\Sofian\AppData\Roaming\Yahoo!

2008-12-14 18:59 . 2008-12-14 18:59 <DIR> d-------- c:\users\All Users\Yahoo! Companion

2008-12-14 18:59 . 2008-12-14 18:59 <DIR> d-------- c:\progra~2\Yahoo! Companion

2008-12-12 11:59 . 2008-12-12 11:59 <DIR> d-------- c:\windows\System32\Profiles

2008-12-11 21:57 . 2008-12-11 21:57 <DIR> dr------- c:\windows\System32\config\systemprofile\Music

2008-12-11 21:54 . 2008-12-11 21:54 <DIR> d-------- c:\program files\LimeWire

2008-12-11 20:51 . 2008-12-11 20:51 <DIR> d-------- c:\windows\RegCure

2008-12-11 20:51 . 2008-12-11 20:52 <DIR> d-------- c:\program files\RegCure

2008-12-10 23:00 . 2008-12-10 23:00 2,608 --a------ c:\windows\System32\settings.aaw

2008-12-10 23:00 . 2008-12-10 23:00 1,712 --a------ c:\windows\System32\history.aaw

2008-12-10 22:29 . 2008-12-10 22:29 2,252,288 --a------ c:\windows\System32\msi.dll

2008-12-10 22:29 . 2008-12-10 22:29 332,800 --a------ c:\windows\System32\msihnd.dll

2008-12-10 22:29 . 2008-12-10 22:29 73,216 --a------ c:\windows\System32\msiexec.exe

2008-12-10 22:29 . 2008-12-10 22:29 2,560 --a------ c:\windows\System32\msimsg.dll

2008-12-10 13:36 . 2008-12-10 13:36 <DIR> d-------- c:\program files\Common Files\Futuremark Shared

2008-12-10 12:32 . 2008-12-10 12:32 <DIR> d-------- c:\users\Sofian\AppData\Roaming\SystemRequirementsLab

2008-12-09 22:47 . 2008-12-09 22:47 <DIR> d-------- c:\users\Sofian\AppData\Roaming\Desktopicon

2008-12-09 22:35 . 2008-12-09 22:34 410,984 --a------ c:\windows\System32\deploytk.dll

2008-12-09 22:21 . 2009-01-07 22:18 <DIR> d-------- c:\program files\CCleaner

2008-12-09 16:40 . 2008-12-16 22:07 <DIR> d-------- c:\program files\Cool Beans NFO Creator

2008-12-08 20:05 . 2008-12-08 20:05 4,608 --a------ c:\windows\System32\temp.001

2008-12-08 16:47 . 2008-12-08 16:47 <DIR> d-------- c:\windows\PCHEALTH

2008-12-06 22:49 . 2008-12-06 22:49 <DIR> d-------- c:\windows\Midnight Club 2

2008-12-06 22:49 . 2009-01-31 11:15 <DIR> d-------- c:\program files\Midnight Club 2

2008-12-06 18:21 . 2008-12-06 18:21 <DIR> d-------- c:\windows\System32\Futuremark

2008-12-05 17:44 . 2008-12-05 17:44 <DIR> d-------- c:\program files\Electronic Arts

2008-12-05 17:44 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\System32\d3dx9_34.dll

2008-12-05 17:44 . 2007-05-16 16:45 1,124,720 --a------ c:\windows\System32\D3DCompiler_34.dll

2008-12-05 17:44 . 2007-05-16 16:45 443,752 --a------ c:\windows\System32\d3dx10_34.dll

2008-12-05 17:44 . 2007-06-20 20:46 266,088 --a------ c:\windows\System32\xactengine2_8.dll

2008-12-05 17:44 . 2007-04-04 18:55 261,480 --a------ c:\windows\System32\xactengine2_7.dll

2008-12-05 17:43 . 2007-01-24 15:27 255,848 --a------ c:\windows\System32\xactengine2_6.dll

2008-12-05 17:43 . 2007-03-05 12:42 15,128 --a------ c:\windows\System32\x3daudio1_1.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-30 22:44 --------- d-----w c:\program files\ffdshow

2009-01-30 19:23 --------- d-----w c:\users\Sofian\AppData\Roaming\Hamachi

2009-01-27 22:47 --------- d-----w c:\users\Sofian\AppData\Roaming\uTorrent

2009-01-27 21:11 --------- d-----w c:\program files\dvdSanta

2009-01-27 20:52 --------- d-----w c:\program files\Microsoft Works

2009-01-27 20:49 --------- d-----w c:\program files\MSBuild

2009-01-27 17:36 --------- d-----w c:\program files\Xvid

2009-01-27 17:36 --------- d-----w c:\program files\Sigmatel

2009-01-27 17:25 --------- d-----w c:\users\Sofian\AppData\Roaming\LimeWire

2009-01-27 17:23 --------- d-----w c:\program files\Java

2009-01-27 17:22 --------- d--h--w c:\program files\InstallShield Installation Information

2009-01-27 17:07 --------- d-----w c:\program files\Intel

2009-01-27 16:01 --------- d-----w c:\program files\Dell

2009-01-24 19:45 --------- d-----w c:\program files\Pegasys Inc

2009-01-20 20:04 3,036 --sha-w c:\windows\System32\KGyGaAvL.sys

2009-01-20 20:04 --------- d-----w c:\users\Sofian\AppData\Roaming\Corel

2009-01-20 16:14 --------- d-----w c:\users\Sofian\AppData\Roaming\Pegasys Inc

2009-01-18 18:26 --------- d-----w c:\program files\Disney Interactive

2009-01-18 16:27 --------- d-----w c:\program files\Activision

2009-01-18 16:09 --------- d-----w c:\users\Sofian\AppData\Roaming\Activision

2009-01-18 16:09 --------- d-----w c:\progra~2\Activision

2009-01-16 16:02 --------- d-----w c:\program files\Counter-Strike 1.6

2009-01-09 17:24 --------- d-----w c:\users\Sofian\AppData\Roaming\MailWasherPro

2009-01-07 18:10 --------- d-----w c:\program files\Mozilla Thunderbird

2009-01-04 17:45 --------- d-----w c:\progra~2\Roxio

2009-01-01 14:24 66,872 ----a-w c:\windows\System32\PnkBstrA.exe

2008-12-31 18:54 --------- d-----w c:\program files\StuffPlug3

2008-12-24 10:13 --------- d-----w c:\users\Sofian\AppData\Roaming\OpenOffice.org2

2008-12-18 11:38 --------- d-----w c:\program files\PES 2009

2008-12-16 21:14 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2008-12-14 18:11 --------- d-----w c:\users\Sofian\AppData\Roaming\Webcammax

2008-12-14 17:59 --------- d-----w c:\program files\Yahoo!

2008-12-09 21:27 --------- d-----w c:\progra~2\Spybot - Search & Destroy

2008-12-08 19:05 73,216 ----a-w c:\windows\ST6UNST.EXE

2008-12-08 19:05 249,856 ------w c:\windows\Setup1.exe

2008-12-08 19:05 --------- d-----w c:\program files\vbNFSMWMegaTrainer

2008-11-30 17:10 --------- d-----w c:\progra~2\Ubisoft

2008-11-30 14:46 22,328 ----a-w c:\users\Sofian\AppData\Roaming\PnkBstrK.sys

2008-11-30 14:21 --------- d-----w c:\program files\Hamachi

2008-11-30 14:20 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys

2008-11-30 08:39 51,224 ----a-w c:\windows\System32\wuauclt.exe

2008-11-30 08:39 43,544 ----a-w c:\windows\System32\wups2.dll

2008-11-30 08:39 1,809,944 ----a-w c:\windows\System32\wuaueng.dll

2008-11-30 08:39 1,524,736 ----a-w c:\windows\System32\wucltux.dll

2008-11-30 08:38 83,456 ----a-w c:\windows\System32\wudriver.dll

2008-11-30 08:38 561,688 ----a-w c:\windows\System32\wuapi.dll

2008-11-30 08:38 34,328 ----a-w c:\windows\System32\wups.dll

2008-11-30 08:38 31,232 ----a-w c:\windows\System32\wuapp.exe

2008-11-30 08:38 162,064 ----a-w c:\windows\System32\wuwebv.dll

2008-11-30 08:35 --------- d-sh--w c:\progra~2\Sjablonen

2008-11-30 08:35 --------- d-sh--w c:\progra~2\Menu Start

2008-11-30 08:35 --------- d-sh--w c:\progra~2\Favorieten

2008-11-30 08:35 --------- d-sh--w c:\progra~2\Documenten

2008-11-30 08:35 --------- d-sh--w c:\progra~2\Bureaublad

2008-11-30 01:00 --------- d-----w c:\users\Sofian\AppData\Roaming\mIRC

2008-11-30 00:48 --------- dc-h--w c:\progra~2\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}

2008-11-30 00:48 --------- d-----w c:\progra~2\WLInstaller

2008-11-30 00:48 --------- d-----w c:\progra~2\Uninstall

2008-11-30 00:48 --------- d-----w c:\progra~2\Ulead Systems

2008-11-30 00:48 --------- d-----w c:\progra~2\SupportSoft

2008-11-30 00:48 --------- d-----w c:\progra~2\Stardock

2008-11-30 00:48 --------- d-----w c:\progra~2\Sonic

2008-11-30 00:48 --------- d-----w c:\progra~2\SlySoft

2008-11-30 00:48 --------- d-----w c:\progra~2\ScanSoft

2008-11-30 00:48 --------- d-----w c:\progra~2\PC Drivers HeadQuarters

2008-11-30 00:48 --------- d-----w c:\progra~2\PassMark

2008-11-30 00:48 --------- d-----w c:\progra~2\Office Genuine Advantage

2008-11-30 00:48 --------- d-----w c:\progra~2\My Music

2008-11-30 00:40 --------- d-----w c:\program files\uTorrent

2008-11-30 00:40 --------- d-----w c:\program files\Uniblue

2008-11-30 00:40 --------- d-----w c:\program files\Trend Micro

2008-11-30 00:40 --------- d-----w c:\program files\Thrustmaster

2008-11-30 00:40 --------- d-----w c:\program files\SystemRequirementsLab

2008-11-30 00:40 --------- d-----w c:\program files\SubSync

2008-11-30 00:40 --------- d-----w c:\program files\Spybot - Search & Destroy

2008-11-30 00:39 --------- d-----w c:\program files\SlySoft

2008-11-30 00:39 --------- d-----w c:\program files\SetPoint

2008-11-30 00:39 --------- d-----w c:\program files\SEGA

2008-11-30 00:39 --------- d-----w c:\program files\ScanSoft

2008-11-30 00:39 --------- d-----w c:\program files\Sanny Builder 3

2008-11-30 00:39 --------- d-----w c:\program files\San Andreas Mod Installer

2008-11-30 00:39 --------- d-----w c:\program files\Samsung

2008-11-30 00:39 --------- d-----w c:\program files\Roxio

2008-11-30 00:38 --------- d-----w c:\program files\Rockstar Games

2008-11-30 00:38 --------- d-----w c:\program files\Reallusion

2008-11-30 00:38 --------- d-----w c:\program files\QuickTime

2008-11-30 00:38 --------- d-----w c:\program files\PowerISO

2008-11-30 00:38 --------- d-----w c:\program files\PortTrigger

2008-11-30 00:38 --------- d-----w c:\program files\Participatory Culture Foundation

2008-11-30 00:36 --------- d-----w c:\program files\gPotato

2008-11-30 00:34 --------- d-----w c:\program files\Google Earth Pro 4.2

2008-11-30 00:34 --------- d-----w c:\program files\Google

2008-11-30 00:34 --------- d-----w c:\program files\Folder Lock

2008-11-30 00:34 --------- d-----w c:\program files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter

2008-11-30 00:34 --------- d-----w c:\program files\FireTrust

2008-11-30 00:34 --------- d-----w c:\program files\FIFA09

2008-11-30 00:33 --------- d-----w c:\program files\EZ Boosters

2008-11-30 00:32 --------- d-----w c:\program files\EA Sports

2008-11-30 00:32 --------- d-----w c:\program files\EA GAMES

2008-11-30 00:32 --------- d-----w c:\program files\DVDVideoSoft

2008-12-19 18:54 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll

2008-12-19 18:54 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll

2008-12-19 18:54 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll

2008-12-19 18:54 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll

2008-12-19 18:54 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll

2008-04-15 23:28 76 --sha-w c:\windows\CT4CET.bin

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]

"VoipBuster"="c:\program files\VoipBuster.com\VoipBuster\voipbuster.exe" [2008-11-24 9017648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 133656]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]

"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"Belgacom"="c:\program files\Belgacom\bin\sprtcmd.exe" [2008-05-29 202016]

"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]

"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

"DeStatusMon"="c:\program files\Dell\MFP_DELL\deDvcStatus.exe" [2007-06-28 286720]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-13 16384]

"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-01-18 17920]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]

"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-01-11 101136]

"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-03-12 79400]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-09 136600]

"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-03-21 478800]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-11 c:\windows\KHALMNPR.Exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 703280]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-04-16 50688]

QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-09-07 1180952]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebcamMaxMoniter

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-991331777-2378318461-4560006-1000]

"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"UDP Query User{5CC58DDD-6000-4FB3-A854-7241EBE4C5CB}c:\\program files\\disney interactive\\treasure planet battle at procyon\\tp_game\\tp_win32.exe"= TCP:c:\program files\disney interactive\treasure planet battle at procyon\tp_game\tp_win32.exe:TP_Win32

"TCP Query User{54834E1A-4F46-47D1-91AA-6AFB388A49A3}c:\\program files\\disney interactive\\treasure planet battle at procyon\\tp_game\\tp_win32.exe"= UDP:c:\program files\disney interactive\treasure planet battle at procyon\tp_game\tp_win32.exe:TP_Win32

"UDP Query User{A3111D06-F8A6-4033-9D01-E0865EAEB4D9}c:\\program files\\valve\\counter-strike source\\hl2.exe"= TCP:c:\program files\valve\counter-strike source\hl2.exe:hl2

"TCP Query User{9293FB58-0420-4115-A49E-A2976C1B3564}c:\\program files\\valve\\counter-strike source\\hl2.exe"= UDP:c:\program files\valve\counter-strike source\hl2.exe:hl2

"{D346D765-9524-49F4-BDED-DDB16AE73879}"= TCP:c:\windows\System32\mqsvc.exe:Message Queuing

"{45A90E50-5152-4959-8E7F-7E7EF4F7424A}"= UDP:c:\windows\System32\mqsvc.exe:Message Queuing

"{1D9069E9-375D-44A0-9CC2-400255F8CE78}"= TCP:c:\windows\System32\mqsvc.exe:Message Queuing

"{63477523-E780-4425-82C0-55FFAA497F10}"= UDP:c:\windows\System32\mqsvc.exe:Message Queuing

"UDP Query User{1C7BFDF9-B75E-43EC-B6BB-E8A9D0B7D71D}c:\\program files\\dna\\btdna.exe"= TCP:c:\program files\dna\btdna.exe:DNA

"TCP Query User{3CA1B8DB-15AF-4500-8464-89652E56CCDD}c:\\program files\\dna\\btdna.exe"= UDP:c:\program files\dna\btdna.exe:DNA

"{ED40C921-0241-41BA-9728-57E557C93C9E}"= TCP:c:\program files\PES 2009\pes2009.exe:Pro Evolution Soccer 2009

"{D2FCE9FF-BA9C-4637-81C6-5E482A64F5AE}"= UDP:c:\program files\PES 2009\pes2009.exe:Pro Evolution Soccer 2009

"{6B4496AF-FC00-4791-BFBA-2A8BBB254869}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"UDP Query User{E5B9A067-7D56-4164-962D-4FC016F75802}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{FFE6709D-E020-4886-8070-432D9ADD0FAE}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{3245B40A-F081-4386-8E3A-2289A2C6614F}c:\\program files\\counter-strike 1.6\\hlds.exe"= TCP:c:\program files\counter-strike 1.6\hlds.exe:HLDS Launcher

"TCP Query User{C96B2973-710E-48B9-A8F9-B91A6F5DCC36}c:\\program files\\counter-strike 1.6\\hlds.exe"= UDP:c:\program files\counter-strike 1.6\hlds.exe:HLDS Launcher

"UDP Query User{E51EBB21-CF5E-4D83-9AA2-2D8C282E9AC6}c:\\program files\\counter-strike 1.6\\hl.exe"= TCP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher

"TCP Query User{3656B3D5-B7C1-45B2-998F-56B20C9E9581}c:\\program files\\counter-strike 1.6\\hl.exe"= UDP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher

"UDP Query User{2879B1FB-70EE-47C4-8654-8A1DC1DF0DFD}c:\\program files\\sega\\iron man\\ironman.exe"= TCP:c:\program files\sega\iron man\ironman.exe:A2M Game Engine

"TCP Query User{9A526FB3-485C-4E94-B333-92CE71217FED}c:\\program files\\sega\\iron man\\ironman.exe"= UDP:c:\program files\sega\iron man\ironman.exe:A2M Game Engine

"UDP Query User{514D414F-BEC6-4BEF-9EE9-7E68D1A05CEF}c:\\users\\sofian\\appdata\\roaming\\mozilla\\firefox\\profiles\\yo9qwklf.default\\extensions\\solidstateion@solidstatenetworks.com\\plugins\\solidnm.exe"= TCP:c:\users\sofian\appdata\roaming\mozilla\firefox\profiles\yo9qwklf.default\extensions\solidstateion@solidstatenetworks.com\plugins\solidnm.exe:solidnm.exe

"TCP Query User{55A58C11-6386-4375-88C1-005F988E9E3D}c:\\users\\sofian\\appdata\\roaming\\mozilla\\firefox\\profiles\\yo9qwklf.default\\extensions\\solidstateion@solidstatenetworks.com\\plugins\\solidnm.exe"= UDP:c:\users\sofian\appdata\roaming\mozilla\firefox\profiles\yo9qwklf.default\extensions\solidstateion@solidstatenetworks.com\plugins\solidnm.exe:solidnm.exe

"UDP Query User{8CF5866F-A838-4FB1-A9C1-8938F237C422}c:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= TCP:c:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon

"TCP Query User{989B7C13-1290-44EF-9FBC-842CA0D14D81}c:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= UDP:c:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon

"UDP Query User{A5EB80E9-95C2-46DA-A037-73A2764FAC35}c:\\program files\\fifa09\\fifa09.exe"= TCP:c:\program files\fifa09\fifa09.exe:FIFA09

"TCP Query User{FD7024AD-BD7F-4F6E-9614-16B288759DAC}c:\\program files\\fifa09\\fifa09.exe"= UDP:c:\program files\fifa09\fifa09.exe:FIFA09

"{238E3750-1BF9-4C39-91C5-2FE52CB02AB9}"= TCP:c:\users\Sofian\AppData\Local\Temp\IXP000.TMP\pes2009.exe:Pro Evolution Soccer 2009

"{2D0DFF56-FE02-46CA-B338-8A03C162B8CD}"= UDP:c:\users\Sofian\AppData\Local\Temp\IXP000.TMP\pes2009.exe:Pro Evolution Soccer 2009

"{5A873637-D304-44AD-B6B7-D92CAC9CB7A7}"= TCP:c:\program files\PES 2009\pes2009.exe:Pro Evolution Soccer 2009

"{71F6CAC2-2793-4B81-9419-D0E6CDE27018}"= UDP:c:\program files\PES 2009\pes2009.exe:Pro Evolution Soccer 2009

"UDP Query User{3BA73912-EFBC-445F-9FED-48D4C32F0E70}c:\\users\\sofian\\program files\\dna\\btdna.exe"= TCP:c:\users\sofian\program files\dna\btdna.exe:btdna.exe

"TCP Query User{B16AEDBA-9399-48CB-9528-0E76A6C6EBAB}c:\\users\\sofian\\program files\\dna\\btdna.exe"= UDP:c:\users\sofian\program files\dna\btdna.exe:btdna.exe

"UDP Query User{56B32E8E-6D7C-4E4D-BEAA-4143D683FA87}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent

"TCP Query User{7C790108-0887-4C66-AAA4-242BC76667BC}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent

"{FB7012F6-A0C8-4829-841C-5485A6D7DD44}"= UDP:443:Utorrent

"UDP Query User{4BA4EECA-D8F9-4C97-B7B4-0EA7AEFDB223}c:\\users\\sofian\\program files\\dna\\btdna.exe"= TCP:c:\users\sofian\program files\dna\btdna.exe:btdna.exe

"TCP Query User{961E0236-D718-46B2-A522-505DBFF4766D}c:\\users\\sofian\\program files\\dna\\btdna.exe"= UDP:c:\users\sofian\program files\dna\btdna.exe:btdna.exe

"UDP Query User{0C2368A4-D8F1-4A43-9E5A-720E391B0D21}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent

"TCP Query User{2EBC57E7-8E14-4963-84BC-D5B70D7B3084}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent

"UDP Query User{CC6F7951-1541-4A49-B98E-6908AD7BC79B}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus

"TCP Query User{657A9266-4CFF-48EC-841D-F69665BBED93}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus

"UDP Query User{6BFA36F6-AD9B-49D6-B501-B2A139A00C84}c:\\program files\\rockstar games\\gta san andreas\\samp server\\samp-server.exe"= TCP:c:\program files\rockstar games\gta san andreas\samp server\samp-server.exe:samp-server

"TCP Query User{D8D696A3-E7E5-469F-B882-07C23402EDDF}c:\\program files\\rockstar games\\gta san andreas\\samp server\\samp-server.exe"= UDP:c:\program files\rockstar games\gta san andreas\samp server\samp-server.exe:samp-server

"UDP Query User{AC851BC4-9C86-4F06-8029-6C6050F73632}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire

"TCP Query User{160A1F8E-75C0-4671-B13D-59C5ABD16251}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire

"UDP Query User{D29620AC-3F93-49AA-B939-DFDCF0B35107}c:\\program files\\voipbuster.com\\voipbuster\\voipbuster.exe"= TCP:c:\program files\voipbuster.com\voipbuster\voipbuster.exe:Client to make VoIP calls.

"TCP Query User{2F1BC6CC-18FB-4243-87D2-2C9B93CAEAFF}c:\\program files\\voipbuster.com\\voipbuster\\voipbuster.exe"= UDP:c:\program files\voipbuster.com\voipbuster\voipbuster.exe:Client to make VoIP calls.

"UDP Query User{474CF4C1-C100-466E-B971-BD205B60E352}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex00.814\\gtarumbleserver.exe"= TCP:c:\users\sofian\appdata\local\temp\rar$ex00.814\gtarumbleserver.exe:gtarumbleserver.exe

"TCP Query User{94D1A7BD-96D7-4473-8B89-8A4238224449}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex00.814\\gtarumbleserver.exe"= UDP:c:\users\sofian\appdata\local\temp\rar$ex00.814\gtarumbleserver.exe:gtarumbleserver.exe

"UDP Query User{646FBDC6-C40B-444A-B597-427E6A6E7A80}c:\\program files\\participatory culture foundation\\miro\\xulrunner\\python\\miro_downloader.exe"= TCP:c:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe:Miro_Downloader

"TCP Query User{A83BBA09-E270-48AB-879E-DE2A1FBD94E4}c:\\program files\\participatory culture foundation\\miro\\xulrunner\\python\\miro_downloader.exe"= UDP:c:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe:Miro_Downloader

"{59D77588-33BF-4B97-B10A-4897EB53AFE0}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{803E39F7-78B8-4684-99C0-0C2CB8BD4CFC}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"UDP Query User{21CC4C73-8569-45EE-997D-124B256FAAEA}c:\\users\\sofian\\appdata\\locallow\\powerchallenge\\powersoccer\\powersoccer.exe"= Disabled:TCP:c:\users\sofian\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe:powersoccer.exe

"TCP Query User{22196733-FEDE-4DA5-83FC-DACF7CC96061}c:\\users\\sofian\\appdata\\locallow\\powerchallenge\\powersoccer\\powersoccer.exe"= UDP:c:\users\sofian\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe:powersoccer.exe

"UDP Query User{DEC548EE-2047-4C50-8BFF-CDAC46870652}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex35.8289\\patch.exe"= Disabled:TCP:c:\users\sofian\appdata\local\temp\rar$ex35.8289\patch.exe:patch.exe

"TCP Query User{3614CF16-7F8A-4004-8E05-3F400E4B5E3E}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex35.8289\\patch.exe"= Disabled:UDP:c:\users\sofian\appdata\local\temp\rar$ex35.8289\patch.exe:patch.exe

"UDP Query User{F18437DC-9F41-4383-9AD6-C1A60988DDCC}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex13.6771\\patch.exe"= Disabled:TCP:c:\users\sofian\appdata\local\temp\rar$ex13.6771\patch.exe:patch.exe

"TCP Query User{224A609B-63B2-467B-912D-A681AE74AD6E}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex13.6771\\patch.exe"= Disabled:UDP:c:\users\sofian\appdata\local\temp\rar$ex13.6771\patch.exe:patch.exe

"UDP Query User{C0E29B39-C25C-4FEF-A656-39E7F33E74BD}c:\\program files\\sega\\iron man\\ironman.exe"= TCP:c:\program files\sega\iron man\ironman.exe:A2M Game Engine

"TCP Query User{8437116C-045A-4735-BA3A-C780755848AF}c:\\program files\\sega\\iron man\\ironman.exe"= UDP:c:\program files\sega\iron man\ironman.exe:A2M Game Engine

"UDP Query User{8CE7B374-7E44-412D-B4E4-D6AA7886F43F}c:\\program files\\mta san andreas\\server\\mta server.exe"= TCP:c:\program files\mta san andreas\server\mta server.exe:MTA Server

"TCP Query User{B36A7935-97DA-4F7A-AB71-CDBCFECAF281}c:\\program files\\mta san andreas\\server\\mta server.exe"= UDP:c:\program files\mta san andreas\server\mta server.exe:MTA Server

"{F2923331-22E1-4E05-8FD4-EED852780340}"= TCP:c:\program files\Hide IP Platinum\hideippla.exe:Hide IP Platinum

"{A645F9A2-9908-4313-8B14-70924656A8B9}"= UDP:c:\program files\Hide IP Platinum\hideippla.exe:Hide IP Platinum

"UDP Query User{324774FA-B894-4D94-962F-0FA0D38BCBBE}c:\\program files\\ea sports\\fifa 08\\fifa08.exe"= TCP:c:\program files\ea sports\fifa 08\fifa08.exe:FIFA08

"TCP Query User{0103AA03-8BA7-4D39-99CA-4EB76E0F2FDB}c:\\program files\\ea sports\\fifa 08\\fifa08.exe"= UDP:c:\program files\ea sports\fifa 08\fifa08.exe:FIFA08

"UDP Query User{D591E3CB-061E-47F3-A798-60851B935FFC}c:\\program files\\ea games\\need for speed most wanted\\speed.exe"= TCP:c:\program files\ea games\need for speed most wanted\speed.exe:speed

"TCP Query User{D8034389-8DA4-4336-9F4F-05DC5D6D933C}c:\\program files\\ea games\\need for speed most wanted\\speed.exe"= UDP:c:\program files\ea games\need for speed most wanted\speed.exe:speed

"UDP Query User{27CA4F2C-F4A8-4CCB-B37A-58D91CDA187B}c:\\windows\\system32\\zonelabs\\vsmon.exe"= TCP:c:\windows\system32\zonelabs\vsmon.exe:TrueVector Service

"TCP Query User{09B71C24-C278-4CEE-A07D-A85FAC53D66F}c:\\windows\\system32\\zonelabs\\vsmon.exe"= UDP:c:\windows\system32\zonelabs\vsmon.exe:TrueVector Service

"{A694356B-DCE6-46B4-81C9-7F1BF6E8D0BD}"= TCP:c:\program files\Anyplace Control 4\apc_host.exe:Anyplace Control - Host Module

"{D6E0B432-B38F-4604-9C66-E8DBD0D26D85}"= UDP:c:\program files\Anyplace Control 4\apc_host.exe:Anyplace Control - Host Module

"UDP Query User{081DF3A1-A737-4B1A-8E2F-3ED3191946D9}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC

"TCP Query User{74E35358-40CC-48B1-8254-B8B0DE21EC20}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC

"UDP Query User{9E78BC5B-6B79-4A83-B420-F4FFC1C824B9}c:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= TCP:c:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon

"TCP Query User{3A67AA1E-2903-46CF-AFB3-13EDE809CC1C}c:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= UDP:c:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon

"UDP Query User{3E3F2425-7523-4869-BF0B-948EE453792B}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{1E068C53-2CF4-45B3-B8D6-D5D2C758CC47}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox

"{A60A5777-3712-4781-909A-E562EC13F6AB}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent

"{1850859D-E62C-4D16-A780-4968346CA9C4}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent

"UDP Query User{E7EDA855-37AB-4B36-8022-BACE3FC8ADA0}c:\\program files\\disney interactive\\treasure planet battle at procyon\\tp_game\\tp_win32.exe"= TCP:c:\program files\disney interactive\treasure planet battle at procyon\tp_game\tp_win32.exe:tp_win32

"TCP Query User{B233138C-50A1-4A52-A313-9863D95F0E53}c:\\program files\\disney interactive\\treasure planet battle at procyon\\tp_game\\tp_win32.exe"= UDP:c:\program files\disney interactive\treasure planet battle at procyon\tp_game\tp_win32.exe:tp_win32

"{44532AF2-7C13-40D8-9DD2-BD9B00FAC573}"= TCP:c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe:VoipBuster

"{CD223108-C909-4C5F-A619-812D6AD86666}"= UDP:c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe:VoipBuster

"{9AC21C58-6565-4B09-A236-1C6E53E234D8}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{11B576E1-B887-47A7-A55D-9EDD18EFE2C6}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire

"{F8E3F7D3-F590-4016-9007-3EAE21EAA446}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire

"{369C3E79-E41A-44B4-A978-2B93CFF0CE3C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{DDB069C9-E320-4264-9A6D-6EC50BF098F3}"= TCP:c:\users\Sofian\Program Files\uTorrent\uTorrent.exe:µTorrent

"{3522FAAA-E7CC-4D52-8A11-379115C6D72E}"= UDP:c:\users\Sofian\Program Files\uTorrent\uTorrent.exe:µTorrent

"{C54D7D3B-57AF-4522-89AA-159E577773D0}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server

"{3DB6E3AB-1D74-4F00-A772-795E4A26D6D8}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine

"{3CABAA43-9F86-4D02-AB76-8FE8F562D6AD}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program

"{D874EB75-B187-4F66-9E24-8BDB71152578}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect

"{B47A655A-053C-4B47-BC89-646ACA1D9DF1}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{149CA782-81E2-49E4-B14A-D23BCA105DAC}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{AEC7333B-4641-4907-A68C-64304FC929E1}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{6F77D1F2-B3BB-40F5-B0CC-1A129BBEBB37}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"TCP Query User{98FAEA70-FFDF-4465-9FED-0D9E424E96CC}c:\\program files\\rainbow six vegas\\binaries\\r6vegas2_game.exe"= UDP:c:\program files\rainbow six vegas\binaries\r6vegas2_game.exe:R6Vegas2_Game

"UDP Query User{06AF7056-339E-4B4B-ACED-28D9AED1B00A}c:\\program files\\rainbow six vegas\\binaries\\r6vegas2_game.exe"= TCP:c:\program files\rainbow six vegas\binaries\r6vegas2_game.exe:R6Vegas2_Game

"{A72FA228-4027-4C09-9E5D-16CCCADDE895}"= UDP:27015:cs

"{6F58EE41-EE56-466A-811E-B91231C6B098}"= TCP:27015:cs2

"TCP Query User{89D619DA-8462-47D2-B87A-F65465542D13}c:\\program files\\ea games\\need for speed most wanted\\speed.exe"= UDP:c:\program files\ea games\need for speed most wanted\speed.exe:speed

"UDP Query User{81D927CC-9991-4D31-BA21-F5D597770B4C}c:\\program files\\ea games\\need for speed most wanted\\speed.exe"= TCP:c:\program files\ea games\need for speed most wanted\speed.exe:speed

"TCP Query User{CF28231D-A4AB-4EC6-A8A1-3435FEDA5975}c:\\program files\\free download manager\\fdm.exe"= UDP:c:\program files\free download manager\fdm.exe:Free Download Manager

"UDP Query User{467F41AF-99A6-455D-B1B2-CE2308C3AE3D}c:\\program files\\free download manager\\fdm.exe"= TCP:c:\program files\free download manager\fdm.exe:Free Download Manager

"TCP Query User{8A7D27FA-DA13-49A0-A28C-6CEA99A48ED0}c:\\program files\\electronic arts\\need for speed prostreet\\online\\bombd.exe"= UDP:c:\program files\electronic arts\need for speed prostreet\online\bombd.exe:bombd

"UDP Query User{1AFCE24B-B976-41BB-8277-5EF44F459ADD}c:\\program files\\electronic arts\\need for speed prostreet\\online\\bombd.exe"= TCP:c:\program files\electronic arts\need for speed prostreet\online\bombd.exe:bombd

"TCP Query User{B8B3C1A0-DAAC-4EE9-A6F9-64EAF9419DE5}c:\\program files\\midnight club 2\\mc2.exe"= UDP:c:\program files\midnight club 2\mc2.exe:mc2

"UDP Query User{6A29C6CE-3831-4646-B400-5F783BCAEACD}c:\\program files\\midnight club 2\\mc2.exe"= TCP:c:\program files\midnight club 2\mc2.exe:mc2

"{B9BC18A5-EFE4-46EB-AC93-72A2B6F801D7}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{18CEC237-0B76-4515-BE32-0C100FEC6D86}c:\\program files\\midnight club 2\\mc2.exe"= UDP:c:\program files\midnight club 2\mc2.exe:mc2

"UDP Query User{148526E6-35AA-46C0-884C-A31AA5BBEAB9}c:\\program files\\midnight club 2\\mc2.exe"= TCP:c:\program files\midnight club 2\mc2.exe:mc2

"TCP Query User{D761FCBC-4F47-4BFE-BFE4-42DF050F1529}c:\\program files\\counter-strike 1.6\\hl.exe"= UDP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher

"UDP Query User{32E24C83-E7F4-44A1-B755-B8F8F20D4A0E}c:\\program files\\counter-strike 1.6\\hl.exe"= TCP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher

"TCP Query User{9BDB6799-E480-4523-BB34-7599B7A3C00F}c:\\program files\\valve\\counter-strike source\\hl2.exe"= UDP:c:\program files\valve\counter-strike source\hl2.exe:hl2

"UDP Query User{DC5F9973-99AE-45C3-926A-6016CA54FA07}c:\\program files\\valve\\counter-strike source\\hl2.exe"= TCP:c:\program files\valve\counter-strike source\hl2.exe:hl2

"TCP Query User{180C3D0D-0D7D-4E93-ABFA-B1AA2B8B4326}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex00.016\\nfsuclient.exe"= UDP:c:\users\sofian\appdata\local\temp\rar$ex00.016\nfsuclient.exe:nfsuclient.exe

"UDP Query User{EE52C356-31CA-49D3-86C5-31EDA7B83272}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex00.016\\nfsuclient.exe"= TCP:c:\users\sofian\appdata\local\temp\rar$ex00.016\nfsuclient.exe:nfsuclient.exe

"TCP Query User{1D19EC40-539C-45A0-B14A-DCBB420D73FB}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex02.807\\nfsuserver.1.0.1.exe"= UDP:c:\users\sofian\appdata\local\temp\rar$ex02.807\nfsuserver.1.0.1.exe:nfsuserver.1.0.1.exe

"UDP Query User{CA9AA832-14CF-4784-A0E6-A873FBFF2537}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex02.807\\nfsuserver.1.0.1.exe"= TCP:c:\users\sofian\appdata\local\temp\rar$ex02.807\nfsuserver.1.0.1.exe:nfsuserver.1.0.1.exe

"TCP Query User{F20E1835-AA1E-4A33-B08C-060A5A1C5446}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex04.415\\nfsuclient.exe"= UDP:c:\users\sofian\appdata\local\temp\rar$ex04.415\nfsuclient.exe:nfsuclient.exe

"UDP Query User{6CF40273-EF0A-43CA-BAE9-3F47DBD855F9}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex04.415\\nfsuclient.exe"= TCP:c:\users\sofian\appdata\local\temp\rar$ex04.415\nfsuclient.exe:nfsuclient.exe

"TCP Query User{926B5B97-4EA8-4604-BA27-469A17E4EC4B}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex05.310\\nfsuclient.exe"= UDP:c:\users\sofian\appdata\local\temp\rar$ex05.310\nfsuclient.exe:nfsuclient.exe

"UDP Query User{5584FE3E-B6C3-4B7A-AB1F-2104113C6C2D}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex05.310\\nfsuclient.exe"= TCP:c:\users\sofian\appdata\local\temp\rar$ex05.310\nfsuclient.exe:nfsuclient.exe

"{954FA7EB-DF6C-4A27-83D4-C3DCDA96386B}"= UDP:80:LAN-MW

"{78BF540B-9E58-4DB5-B4EC-1F1F72E42DCE}"= UDP:13505:LAN-MW1

"{D3C9E63D-91BA-464F-82A4-C38CB57CB538}"= TCP:3658:LAN-MW3

"{7223C4BC-7C74-4639-A38C-0E3142A8E5E7}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"{BE499951-71C5-407D-99B6-89A000F71B29}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"TCP Query User{A3CBBF16-7F14-4671-840B-B7B2A30DFA5C}c:\\program files\\counter-strike 1.6\\hlds.exe"= UDP:c:\program files\counter-strike 1.6\hlds.exe:HLDS Launcher

"UDP Query User{FFF9971C-3B60-482F-8B37-04F8133A9C74}c:\\program files\\counter-strike 1.6\\hlds.exe"= TCP:c:\program files\counter-strike 1.6\hlds.exe:HLDS Launcher

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Configurable\System]

"Rip-Listener-1"= TCP:520|%SystemRoot%\System32\svchost.exe|Svc=iprip:@iprip.dll,-200|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

"SNMP-1"= TCP:%SystemRoot%\system32\snmp.exe|Svc=SNMP:@%SystemRoot%\system32\snmp.exe,-5|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

"c:\\Program Files\\River Past\\Audio Converter Pro\\AudioConverter.exe"= c:\program files\River Past\Audio Converter Pro\AudioConverter.exe:*:Enabled:River Past Audio Converter Pro

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [2008-11-30 111616]

R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [2008-11-30 235648]

R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [2008-11-30 7424]

R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [2008-04-16 73728]

R4 deMntrService;Dell AIO Center Service;c:\program files\Dell\MFP_DELL\deMntrService.exe [2007-06-28 131072]

R4 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);c:\program files\Belgacom\bin\sprtsvc.exe [2008-05-29 202016]

S3 DESVUSB;Dell service driver;c:\windows\System32\drivers\desrvusb.sys [2008-11-30 17536]

S3 WMSvc;Web Management-service;c:\windows\System32\inetsrv\WMSvc.exe [2006-11-02 10752]

S4 Anyplace Control Security;Anyplace Control Security;c:\windows\svcadmin.exe [2008-04-24 104960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LPDService REG_MULTI_SZ LPDSVC

rsmsvcs REG_MULTI_SZ ntmssvc

ipripsvc REG_MULTI_SZ iprip

bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

\shell\AutoRun\command - F:\SETUP.EXE

\shell\configure\command - F:\SETUP.EXE

\shell\install\command - F:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1d54b09-be71-11dd-b2e0-806e6f6e6963}]

\shell\AutoRun\command - E:\Autorun.exe

\shell\start\command - \Autorun.exe

.

Inhoud van de 'Gedeelde Taken' map

2009-01-31 c:\windows\Tasks\1-Click Maintenance.job

- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe []

2009-01-31 c:\windows\Tasks\RegCure Program Check.job

- c:\program files\RegCure\RegCure.exe [2007-08-02 10:20]

2008-12-12 c:\windows\Tasks\RegCure.job

- c:\program files\RegCure\RegCure.exe [2007-08-02 10:20]

2009-01-31 c:\windows\Tasks\RegTool Scan.job

- c:\program files\RegTool\RegTool.exe []

2009-01-31 c:\windows\Tasks\RegTool Scan.job

- c:\program files\RegTool []

2009-01-31 c:\windows\Tasks\RegTool Startup.job

- c:\program files\RegTool\RegTool.exe []

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.games-fusion.net/

mStart Page = hxxp://www.games-fusion.net/

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab

FF - ProfilePath - c:\users\Sofian\AppData\Roaming\Mozilla\Firefox\Profiles\yo9qwklf.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Wikipedia (nl)

FF - prefs.js: browser.startup.homepage - about:blank

FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

---- FIREFOX POLICIES ----

FF - user.js: network.proxy.type - 0

FF - user.js: network.proxy.http -

FF - user.js: network.proxy.http_port - 0

FF - user.js: network.proxy.ssl -

FF - user.js: network.proxy.ssl_port - 0

FF - user.js: network.proxy.ftp -

FF - user.js: network.proxy.ftp_port - 0

FF - user.js: network.proxy.gopher -

FF - user.js: network.proxy.gopher_port - 0

FF - user.js: network.proxy.socks_version - 5

FF - user.js: network.proxy.socks -

FF - user.js: network.proxy.socks_port - 0

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-31 16:13:25

Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

**************************************************************************

.

Voltooingstijd: 2009-01-31 16:19:38

ComboFix-quarantined-files.txt 2009-01-31 15:18:16

Pre-Run: 67.247.484.928 bytes beschikbaar

Post-Run: 67,160,293,376 bytes beschikbaar

522

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\System32\tmpC793.tmp

c:\windows\System32\tmpC754.tmp

c:\windows\System32\tmpB3BD.tmp

c:\windows\System32\tmpB36E.tmp

c:\windows\System32\tmp8D63.tmp

c:\windows\System32\tmp8D14.tmp

c:\windows\System32\tmp8F17.tmp

c:\windows\System32\tmp8EC8.tmp

c:\windows\System32\tmpE53B.tmp

c:\windows\System32\tmpE4BE.tmp

c:\windows\System32\tmp2B50.tmp

c:\windows\System32\tmp2AD2.tmp

Folder::

c:\users\Sofian\AppData\Roaming\.#

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

[-

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1d54b09-be71-11dd-b2e0-806e6f6e6963}]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht. En laat meteen even weten hoe het met de problemen gesteld is ?

Hier is het logje bedankt nog, beetje sneller, maar nog niet helemaal. Ik heb nog even die tips gelezen maar die schijfcontrole vind ik niet op vista.

ComboFix 09-01-31.01 - Sofian 2009-01-31 20:51:11.3 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.2037.889 [GMT 1:00]

Gestart vanuit: c:\users\Sofian\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Sofian\Desktop\CFScript.txt

* Nieuw herstelpunt werd aangemaakt

FILE ::

c:\windows\System32\tmp2AD2.tmp

c:\windows\System32\tmp2B50.tmp

c:\windows\System32\tmp8D14.tmp

c:\windows\System32\tmp8D63.tmp

c:\windows\System32\tmp8EC8.tmp

c:\windows\System32\tmp8F17.tmp

c:\windows\System32\tmpB36E.tmp

c:\windows\System32\tmpB3BD.tmp

c:\windows\System32\tmpC754.tmp

c:\windows\System32\tmpC793.tmp

c:\windows\System32\tmpE4BE.tmp

c:\windows\System32\tmpE53B.tmp

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Sofian\AppData\Roaming\.#

c:\windows\System32\tmp2AD2.tmp

c:\windows\System32\tmp2B50.tmp

c:\windows\System32\tmp8D14.tmp

c:\windows\System32\tmp8D63.tmp

c:\windows\System32\tmp8EC8.tmp

c:\windows\System32\tmp8F17.tmp

c:\windows\System32\tmpB36E.tmp

c:\windows\System32\tmpB3BD.tmp

c:\windows\System32\tmpC754.tmp

c:\windows\System32\tmpC793.tmp

c:\windows\System32\tmpE4BE.tmp

c:\windows\System32\tmpE53B.tmp

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-12-28 to 2009-01-31 ))))))))))))))))))))))))))))))

.

2009-01-31 14:42 . 2009-01-31 14:42 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-01-31 14:42 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2009-01-31 14:42 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2009-01-30 23:41 . 2009-01-30 23:41 <DIR> d-------- c:\program files\Gabest

2009-01-28 21:47 . 2009-01-28 21:47 45 --a------ c:\windows\System32\initdebug.nfo

2009-01-28 18:38 . 2009-01-28 18:41 <DIR> d-------- c:\program files\DivX

2009-01-26 19:08 . 2009-01-26 19:08 <DIR> d-------- c:\program files\Xvid(120)

2009-01-26 18:50 . 2009-01-26 18:50 <DIR> d-------- c:\users\Sofian\AppData\Roaming\BSplayer Pro

2009-01-26 18:50 . 2009-01-26 18:54 <DIR> d-------- c:\users\Sofian\AppData\Roaming\BSplayer

2009-01-26 18:50 . 2009-01-26 18:50 <DIR> d-------- c:\program files\Webteh

2009-01-24 16:40 . 2009-01-24 16:54 <DIR> d-------- c:\program files\AC3Filter

2009-01-24 16:35 . 2009-01-24 16:35 <DIR> d-------- c:\users\Sofian\AppData\Roaming\River Past G5

2009-01-24 16:35 . 2009-01-24 16:47 <DIR> d-------- c:\users\All Users\River Past G5

2009-01-24 16:35 . 2009-01-24 16:35 <DIR> d-------- c:\program files\River Past

2009-01-24 16:35 . 2009-01-24 16:35 <DIR> d-------- c:\program files\Common Files\River Past

2009-01-24 16:35 . 2009-01-24 16:47 <DIR> d-------- c:\progra~2\River Past G5

2009-01-24 16:35 . 2009-01-24 16:35 163,250 --a------ c:\windows\Audio Converter Pro Uninstaller.exe

2009-01-24 16:30 . 2009-01-24 16:32 <DIR> d-------- c:\program files\DoremiSoft

2009-01-24 16:25 . 2009-01-24 16:27 150 --a------ c:\windows\videotoaudio.ini

2009-01-24 16:24 . 2009-01-24 16:24 <DIR> d-------- c:\program files\Crystal Software

2009-01-24 16:24 . 2009-01-24 16:27 5 --a------ c:\windows\System32\SySatw.dat

2009-01-24 16:22 . 2004-12-07 10:11 258,352 --a------ c:\windows\System32\Unicows.dll

2009-01-24 15:28 . 2009-01-04 12:35 31,232 --a------ c:\windows\system\vdremote.dll

2009-01-24 15:28 . 2009-01-04 12:35 25,088 --a------ c:\windows\system\vdsvrlnk.dll

2009-01-24 00:14 . 2006-10-26 19:56 32,592 --a------ c:\windows\System32\msonpmon.dll

2009-01-24 00:01 . 2009-01-27 21:53 <DIR> d-------- c:\users\All Users\Microsoft Help

2009-01-24 00:01 . 2009-01-27 21:53 <DIR> d-------- c:\progra~2\Microsoft Help

2009-01-23 23:57 . 2009-01-23 23:57 <DIR> d-------- c:\users\Sofian\AppData\Roaming\DAEMON Tools Lite

2009-01-23 23:36 . 2006-11-02 10:39 15,821,312 --a------ c:\windows\System32\imageres.dll

2009-01-23 22:30 . 2009-01-24 17:55 <DIR> d-------- c:\users\Sofian\AppData\Roaming\vlc

2009-01-23 22:23 . 2009-01-23 22:24 <DIR> d-------- c:\users\Sofian\AppData\Roaming\MozillaControl

2009-01-23 22:23 . 2009-01-23 22:23 <DIR> d-------- c:\users\All Users\Graboid Inc

2009-01-23 22:23 . 2009-01-23 22:23 <DIR> d-------- c:\progra~2\Graboid Inc

2009-01-23 22:22 . 2009-01-23 22:30 <DIR> d-------- c:\program files\Graboid

2009-01-22 19:11 . 2009-01-22 19:11 <DIR> d-------- c:\users\All Users\TechSmith

2009-01-22 19:11 . 2009-01-22 19:11 <DIR> d-------- c:\progra~2\TechSmith

2009-01-22 19:08 . 2009-01-22 19:08 <DIR> d-------- c:\windows\System32\QuickTime

2009-01-22 19:08 . 2009-01-22 19:08 <DIR> d-------- c:\program files\TechSmith

2009-01-22 19:08 . 2009-01-22 19:08 <DIR> d-------- c:\program files\Common Files\TechSmith Shared

2009-01-22 19:08 . 2008-07-10 14:56 107,864 --a------ c:\windows\System32\tsccvid.dll

2009-01-20 19:57 . 2009-01-20 20:46 <DIR> d-------- c:\users\Sofian\AppData\Roaming\SmartDraw

2009-01-19 21:34 . 2009-01-20 19:13 <DIR> d-------- c:\program files\Linguistic Systems

2009-01-18 19:25 . 2009-01-30 23:18 21,840 --a----t- c:\windows\System32\SIntfNT.dll

2009-01-18 19:25 . 2009-01-30 23:18 17,212 --a----t- c:\windows\System32\SIntf32.dll

2009-01-18 19:25 . 2009-01-30 23:18 12,067 --a----t- c:\windows\System32\SIntf16.dll

2009-01-18 17:08 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\System32\d3dx9_32.dll

2009-01-18 17:08 . 2006-11-29 13:06 440,080 --a------ c:\windows\System32\d3dx10.dll

2009-01-18 17:08 . 2006-12-08 12:02 251,672 --a------ c:\windows\System32\xactengine2_5.dll

2009-01-18 00:25 . 2009-01-18 00:25 <DIR> d-------- c:\program files\Paint.NET

2009-01-16 18:54 . 2009-01-16 20:42 <DIR> d-------- c:\program files\Counter-Strike Source

2009-01-11 13:47 . 2009-01-11 13:54 <DIR> d-------- c:\users\Sofian\AppData\Roaming\RegTool

2009-01-02 21:42 . 2009-01-02 21:42 <DIR> d-------- c:\program files\GameSpy3D

2009-01-01 15:24 . 2009-01-01 15:24 103,736 --a------ c:\windows\System32\PnkBstrB.exe

2009-01-01 15:24 . 2009-01-01 15:24 22,328 --a------ c:\windows\System32\drivers\PnkBstrK.sys

2008-12-27 20:07 . 2008-12-27 20:07 <DIR> d-------- c:\users\Sofian\AppData\Roaming\OpenOffice.org

2008-12-26 13:57 . 2008-12-26 13:57 98,304 --a------ c:\windows\System32\CmdLineExt.dll

2008-12-26 13:54 . 2008-12-26 13:54 <DIR> d-------- c:\program files\Empire Interactive

2008-12-24 17:48 . 2008-12-24 17:48 <DIR> d-------- c:\windows\SWAT 4

2008-12-24 17:48 . 2008-12-24 18:15 <DIR> d-------- c:\program files\SWAT 4

2008-12-24 17:17 . 2008-12-25 18:20 <DIR> d-------- c:\program files\AlerteGPS

2008-12-24 11:30 . 2008-12-24 11:30 <DIR> d-------- c:\program files\OpenOffice.org 3

2008-12-24 11:30 . 2008-12-24 11:30 <DIR> d-------- c:\program files\JRE

2008-12-24 11:14 . 2008-12-24 11:14 <DIR> d-------- c:\program files\Common Files\Java

2008-12-20 19:45 . 2009-01-18 13:49 <DIR> d-------- c:\program files\Steam

2008-12-20 19:45 . 2009-01-18 13:47 <DIR> d-------- c:\program files\Common Files\Steam

2008-12-19 18:57 . 2009-01-27 18:36 <DIR> d-------- c:\program files\WarRock

2008-12-17 18:22 . 2008-12-17 18:22 109,080 --a------ c:\windows\System32\OpenAL32.dll

2008-12-17 17:57 . 2008-12-17 18:22 444,952 --a------ c:\windows\System32\wrap_oal.dll

2008-12-17 16:48 . 2008-04-28 16:53 805,400 -ra------ c:\windows\System32\tmp1644.tmp

2008-12-17 16:02 . 2008-12-17 16:02 <DIR> d-------- c:\program files\Codemasters

2008-12-17 13:57 . 2008-12-28 16:57 <DIR> d-------- c:\program files\Live For Speed

2008-12-17 13:06 . 2008-12-17 13:06 <DIR> d-------- c:\users\All Users\Codemasters

2008-12-17 13:06 . 2008-12-17 13:06 <DIR> d-------- c:\progra~2\Codemasters

2008-12-17 11:17 . 2008-01-02 16:37 188,416 --a------ c:\windows\System32\igfxres.dll

2008-12-16 22:03 . 2008-12-16 22:03 <DIR> d-------- c:\program files\OpenAL

2008-12-14 19:00 . 2008-12-14 19:00 <DIR> d-------- c:\users\All Users\Yahoo!

2008-12-14 19:00 . 2008-12-14 19:00 <DIR> d-------- c:\progra~2\Yahoo!

2008-12-14 18:59 . 2008-12-14 18:59 <DIR> d-------- c:\users\Sofian\AppData\Roaming\Yahoo!

2008-12-14 18:59 . 2008-12-14 18:59 <DIR> d-------- c:\users\All Users\Yahoo! Companion

2008-12-14 18:59 . 2008-12-14 18:59 <DIR> d-------- c:\progra~2\Yahoo! Companion

2008-12-12 11:59 . 2008-12-12 11:59 <DIR> d-------- c:\windows\System32\Profiles

2008-12-11 21:57 . 2008-12-11 21:57 <DIR> dr------- c:\windows\System32\config\systemprofile\Music

2008-12-11 21:54 . 2008-12-11 21:54 <DIR> d-------- c:\program files\LimeWire

2008-12-11 20:51 . 2008-12-11 20:51 <DIR> d-------- c:\windows\RegCure

2008-12-11 20:51 . 2008-12-11 20:52 <DIR> d-------- c:\program files\RegCure

2008-12-10 23:00 . 2008-12-10 23:00 2,608 --a------ c:\windows\System32\settings.aaw

2008-12-10 23:00 . 2008-12-10 23:00 1,712 --a------ c:\windows\System32\history.aaw

2008-12-10 22:29 . 2008-12-10 22:29 2,252,288 --a------ c:\windows\System32\msi.dll

2008-12-10 22:29 . 2008-12-10 22:29 332,800 --a------ c:\windows\System32\msihnd.dll

2008-12-10 22:29 . 2008-12-10 22:29 73,216 --a------ c:\windows\System32\msiexec.exe

2008-12-10 22:29 . 2008-12-10 22:29 2,560 --a------ c:\windows\System32\msimsg.dll

2008-12-10 13:36 . 2008-12-10 13:36 <DIR> d-------- c:\program files\Common Files\Futuremark Shared

2008-12-10 12:32 . 2008-12-10 12:32 <DIR> d-------- c:\users\Sofian\AppData\Roaming\SystemRequirementsLab

2008-12-09 22:47 . 2008-12-09 22:47 <DIR> d-------- c:\users\Sofian\AppData\Roaming\Desktopicon

2008-12-09 22:35 . 2008-12-09 22:34 410,984 --a------ c:\windows\System32\deploytk.dll

2008-12-09 22:21 . 2009-01-07 22:18 <DIR> d-------- c:\program files\CCleaner

2008-12-09 16:40 . 2008-12-16 22:07 <DIR> d-------- c:\program files\Cool Beans NFO Creator

2008-12-08 20:05 . 2008-12-08 20:05 4,608 --a------ c:\windows\System32\temp.001

2008-12-08 16:47 . 2008-12-08 16:47 <DIR> d-------- c:\windows\PCHEALTH

2008-12-06 22:49 . 2008-12-06 22:49 <DIR> d-------- c:\windows\Midnight Club 2

2008-12-06 22:49 . 2009-01-31 11:15 <DIR> d-------- c:\program files\Midnight Club 2

2008-12-06 18:21 . 2008-12-06 18:21 <DIR> d-------- c:\windows\System32\Futuremark

2008-12-05 17:44 . 2008-12-05 17:44 <DIR> d-------- c:\program files\Electronic Arts

2008-12-05 17:44 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\System32\d3dx9_34.dll

2008-12-05 17:44 . 2007-05-16 16:45 1,124,720 --a------ c:\windows\System32\D3DCompiler_34.dll

2008-12-05 17:44 . 2007-05-16 16:45 443,752 --a------ c:\windows\System32\d3dx10_34.dll

2008-12-05 17:44 . 2007-06-20 20:46 266,088 --a------ c:\windows\System32\xactengine2_8.dll

2008-12-05 17:44 . 2007-04-04 18:55 261,480 --a------ c:\windows\System32\xactengine2_7.dll

2008-12-05 17:43 . 2007-01-24 15:27 255,848 --a------ c:\windows\System32\xactengine2_6.dll

2008-12-05 17:43 . 2007-03-05 12:42 15,128 --a------ c:\windows\System32\x3daudio1_1.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-30 22:44 --------- d-----w c:\program files\ffdshow

2009-01-30 19:23 --------- d-----w c:\users\Sofian\AppData\Roaming\Hamachi

2009-01-27 22:47 --------- d-----w c:\users\Sofian\AppData\Roaming\uTorrent

2009-01-27 21:11 --------- d-----w c:\program files\dvdSanta

2009-01-27 20:52 --------- d-----w c:\program files\Microsoft Works

2009-01-27 20:49 --------- d-----w c:\program files\MSBuild

2009-01-27 17:36 --------- d-----w c:\program files\Xvid

2009-01-27 17:36 --------- d-----w c:\program files\Sigmatel

2009-01-27 17:25 --------- d-----w c:\users\Sofian\AppData\Roaming\LimeWire

2009-01-27 17:23 --------- d-----w c:\program files\Java

2009-01-27 17:22 --------- d--h--w c:\program files\InstallShield Installation Information

2009-01-27 17:07 --------- d-----w c:\program files\Intel

2009-01-27 16:01 --------- d-----w c:\program files\Dell

2009-01-24 19:45 --------- d-----w c:\program files\Pegasys Inc

2009-01-20 20:04 3,036 --sha-w c:\windows\System32\KGyGaAvL.sys

2009-01-20 20:04 --------- d-----w c:\users\Sofian\AppData\Roaming\Corel

2009-01-20 16:14 --------- d-----w c:\users\Sofian\AppData\Roaming\Pegasys Inc

2009-01-18 18:26 --------- d-----w c:\program files\Disney Interactive

2009-01-18 16:27 --------- d-----w c:\program files\Activision

2009-01-18 16:09 --------- d-----w c:\users\Sofian\AppData\Roaming\Activision

2009-01-18 16:09 --------- d-----w c:\progra~2\Activision

2009-01-16 16:02 --------- d-----w c:\program files\Counter-Strike 1.6

2009-01-09 17:24 --------- d-----w c:\users\Sofian\AppData\Roaming\MailWasherPro

2009-01-07 18:10 --------- d-----w c:\program files\Mozilla Thunderbird

2009-01-04 17:45 --------- d-----w c:\progra~2\Roxio

2009-01-01 14:24 66,872 ----a-w c:\windows\System32\PnkBstrA.exe

2008-12-31 18:54 --------- d-----w c:\program files\StuffPlug3

2008-12-24 10:13 --------- d-----w c:\users\Sofian\AppData\Roaming\OpenOffice.org2

2008-12-18 11:38 --------- d-----w c:\program files\PES 2009

2008-12-16 21:14 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2008-12-14 18:11 --------- d-----w c:\users\Sofian\AppData\Roaming\Webcammax

2008-12-14 17:59 --------- d-----w c:\program files\Yahoo!

2008-12-09 21:27 --------- d-----w c:\progra~2\Spybot - Search & Destroy

2008-12-08 19:05 73,216 ----a-w c:\windows\ST6UNST.EXE

2008-12-08 19:05 249,856 ------w c:\windows\Setup1.exe

2008-12-08 19:05 --------- d-----w c:\program files\vbNFSMWMegaTrainer

2008-11-30 17:10 --------- d-----w c:\progra~2\Ubisoft

2008-11-30 14:46 22,328 ----a-w c:\users\Sofian\AppData\Roaming\PnkBstrK.sys

2008-11-30 14:21 --------- d-----w c:\program files\Hamachi

2008-11-30 14:20 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys

2008-11-30 08:39 51,224 ----a-w c:\windows\System32\wuauclt.exe

2008-11-30 08:39 43,544 ----a-w c:\windows\System32\wups2.dll

2008-11-30 08:39 1,809,944 ----a-w c:\windows\System32\wuaueng.dll

2008-11-30 08:39 1,524,736 ----a-w c:\windows\System32\wucltux.dll

2008-11-30 08:38 83,456 ----a-w c:\windows\System32\wudriver.dll

2008-11-30 08:38 561,688 ----a-w c:\windows\System32\wuapi.dll

2008-11-30 08:38 34,328 ----a-w c:\windows\System32\wups.dll

2008-11-30 08:38 31,232 ----a-w c:\windows\System32\wuapp.exe

2008-11-30 08:38 162,064 ----a-w c:\windows\System32\wuwebv.dll

2008-11-30 08:35 --------- d-sh--w c:\progra~2\Sjablonen

2008-11-30 08:35 --------- d-sh--w c:\progra~2\Menu Start

2008-11-30 08:35 --------- d-sh--w c:\progra~2\Favorieten

2008-11-30 08:35 --------- d-sh--w c:\progra~2\Documenten

2008-11-30 08:35 --------- d-sh--w c:\progra~2\Bureaublad

2008-11-30 01:00 --------- d-----w c:\users\Sofian\AppData\Roaming\mIRC

2008-11-30 00:48 --------- dc-h--w c:\progra~2\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}

2008-11-30 00:48 --------- d-----w c:\progra~2\WLInstaller

2008-11-30 00:48 --------- d-----w c:\progra~2\Uninstall

2008-11-30 00:48 --------- d-----w c:\progra~2\Ulead Systems

2008-11-30 00:48 --------- d-----w c:\progra~2\SupportSoft

2008-11-30 00:48 --------- d-----w c:\progra~2\Stardock

2008-11-30 00:48 --------- d-----w c:\progra~2\Sonic

2008-11-30 00:48 --------- d-----w c:\progra~2\SlySoft

2008-11-30 00:48 --------- d-----w c:\progra~2\ScanSoft

2008-11-30 00:48 --------- d-----w c:\progra~2\PC Drivers HeadQuarters

2008-11-30 00:48 --------- d-----w c:\progra~2\PassMark

2008-11-30 00:48 --------- d-----w c:\progra~2\Office Genuine Advantage

2008-11-30 00:48 --------- d-----w c:\progra~2\My Music

2008-11-30 00:40 --------- d-----w c:\program files\uTorrent

2008-11-30 00:40 --------- d-----w c:\program files\Uniblue

2008-11-30 00:40 --------- d-----w c:\program files\Trend Micro

2008-11-30 00:40 --------- d-----w c:\program files\Thrustmaster

2008-11-30 00:40 --------- d-----w c:\program files\SystemRequirementsLab

2008-11-30 00:40 --------- d-----w c:\program files\SubSync

2008-11-30 00:40 --------- d-----w c:\program files\Spybot - Search & Destroy

2008-11-30 00:39 --------- d-----w c:\program files\SlySoft

2008-11-30 00:39 --------- d-----w c:\program files\SetPoint

2008-11-30 00:39 --------- d-----w c:\program files\SEGA

2008-11-30 00:39 --------- d-----w c:\program files\ScanSoft

2008-11-30 00:39 --------- d-----w c:\program files\Sanny Builder 3

2008-11-30 00:39 --------- d-----w c:\program files\San Andreas Mod Installer

2008-11-30 00:39 --------- d-----w c:\program files\Samsung

2008-11-30 00:39 --------- d-----w c:\program files\Roxio

2008-11-30 00:38 --------- d-----w c:\program files\Rockstar Games

2008-11-30 00:38 --------- d-----w c:\program files\Reallusion

2008-11-30 00:38 --------- d-----w c:\program files\QuickTime

2008-11-30 00:38 --------- d-----w c:\program files\PowerISO

2008-11-30 00:38 --------- d-----w c:\program files\PortTrigger

2008-11-30 00:38 --------- d-----w c:\program files\Participatory Culture Foundation

2008-11-30 00:36 --------- d-----w c:\program files\gPotato

2008-11-30 00:34 --------- d-----w c:\program files\Google Earth Pro 4.2

2008-11-30 00:34 --------- d-----w c:\program files\Google

2008-11-30 00:34 --------- d-----w c:\program files\Folder Lock

2008-11-30 00:34 --------- d-----w c:\program files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter

2008-11-30 00:34 --------- d-----w c:\program files\FireTrust

2008-11-30 00:34 --------- d-----w c:\program files\FIFA09

2008-11-30 00:33 --------- d-----w c:\program files\EZ Boosters

2008-11-30 00:32 --------- d-----w c:\program files\EA Sports

2008-11-30 00:32 --------- d-----w c:\program files\EA GAMES

2008-11-30 00:32 --------- d-----w c:\program files\DVDVideoSoft

2008-04-15 23:28 76 --sha-w c:\windows\CT4CET.bin

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]

"VoipBuster"="c:\program files\VoipBuster.com\VoipBuster\voipbuster.exe" [2008-11-24 9017648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 133656]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]

"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"Belgacom"="c:\program files\Belgacom\bin\sprtcmd.exe" [2008-05-29 202016]

"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]

"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

"DeStatusMon"="c:\program files\Dell\MFP_DELL\deDvcStatus.exe" [2007-06-28 286720]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-13 16384]

"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-01-18 17920]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]

"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-01-11 101136]

"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-03-12 79400]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-09 136600]

"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-03-21 478800]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-11 c:\windows\KHALMNPR.Exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 703280]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-04-16 50688]

QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-09-07 1180952]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-991331777-2378318461-4560006-1000]

"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"UDP Query User{5CC58DDD-6000-4FB3-A854-7241EBE4C5CB}c:\\program files\\disney interactive\\treasure planet battle at procyon\\tp_game\\tp_win32.exe"= TCP:c:\program files\disney interactive\treasure planet battle at procyon\tp_game\tp_win32.exe:TP_Win32

"TCP Query User{54834E1A-4F46-47D1-91AA-6AFB388A49A3}c:\\program files\\disney interactive\\treasure planet battle at procyon\\tp_game\\tp_win32.exe"= UDP:c:\program files\disney interactive\treasure planet battle at procyon\tp_game\tp_win32.exe:TP_Win32

"UDP Query User{A3111D06-F8A6-4033-9D01-E0865EAEB4D9}c:\\program files\\valve\\counter-strike source\\hl2.exe"= TCP:c:\program files\valve\counter-strike source\hl2.exe:hl2

"TCP Query User{9293FB58-0420-4115-A49E-A2976C1B3564}c:\\program files\\valve\\counter-strike source\\hl2.exe"= UDP:c:\program files\valve\counter-strike source\hl2.exe:hl2

"{D346D765-9524-49F4-BDED-DDB16AE73879}"= TCP:c:\windows\System32\mqsvc.exe:Message Queuing

"{45A90E50-5152-4959-8E7F-7E7EF4F7424A}"= UDP:c:\windows\System32\mqsvc.exe:Message Queuing

"{1D9069E9-375D-44A0-9CC2-400255F8CE78}"= TCP:c:\windows\System32\mqsvc.exe:Message Queuing

"{63477523-E780-4425-82C0-55FFAA497F10}"= UDP:c:\windows\System32\mqsvc.exe:Message Queuing

"UDP Query User{1C7BFDF9-B75E-43EC-B6BB-E8A9D0B7D71D}c:\\program files\\dna\\btdna.exe"= TCP:c:\program files\dna\btdna.exe:DNA

"TCP Query User{3CA1B8DB-15AF-4500-8464-89652E56CCDD}c:\\program files\\dna\\btdna.exe"= UDP:c:\program files\dna\btdna.exe:DNA

"{ED40C921-0241-41BA-9728-57E557C93C9E}"= TCP:c:\program files\PES 2009\pes2009.exe:Pro Evolution Soccer 2009

"{D2FCE9FF-BA9C-4637-81C6-5E482A64F5AE}"= UDP:c:\program files\PES 2009\pes2009.exe:Pro Evolution Soccer 2009

"{6B4496AF-FC00-4791-BFBA-2A8BBB254869}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"UDP Query User{E5B9A067-7D56-4164-962D-4FC016F75802}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{FFE6709D-E020-4886-8070-432D9ADD0FAE}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{3245B40A-F081-4386-8E3A-2289A2C6614F}c:\\program files\\counter-strike 1.6\\hlds.exe"= TCP:c:\program files\counter-strike 1.6\hlds.exe:HLDS Launcher

"TCP Query User{C96B2973-710E-48B9-A8F9-B91A6F5DCC36}c:\\program files\\counter-strike 1.6\\hlds.exe"= UDP:c:\program files\counter-strike 1.6\hlds.exe:HLDS Launcher

"UDP Query User{E51EBB21-CF5E-4D83-9AA2-2D8C282E9AC6}c:\\program files\\counter-strike 1.6\\hl.exe"= TCP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher

"TCP Query User{3656B3D5-B7C1-45B2-998F-56B20C9E9581}c:\\program files\\counter-strike 1.6\\hl.exe"= UDP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher

"UDP Query User{2879B1FB-70EE-47C4-8654-8A1DC1DF0DFD}c:\\program files\\sega\\iron man\\ironman.exe"= TCP:c:\program files\sega\iron man\ironman.exe:A2M Game Engine

"TCP Query User{9A526FB3-485C-4E94-B333-92CE71217FED}c:\\program files\\sega\\iron man\\ironman.exe"= UDP:c:\program files\sega\iron man\ironman.exe:A2M Game Engine

"UDP Query User{514D414F-BEC6-4BEF-9EE9-7E68D1A05CEF}c:\\users\\sofian\\appdata\\roaming\\mozilla\\firefox\\profiles\\yo9qwklf.default\\extensions\\solidstateion@solidstatenetworks.com\\plugins\\solidnm.exe"= TCP:c:\users\sofian\appdata\roaming\mozilla\firefox\profiles\yo9qwklf.default\extensions\solidstateion@solidstatenetworks.com\plugins\solidnm.exe:solidnm.exe

"TCP Query User{55A58C11-6386-4375-88C1-005F988E9E3D}c:\\users\\sofian\\appdata\\roaming\\mozilla\\firefox\\profiles\\yo9qwklf.default\\extensions\\solidstateion@solidstatenetworks.com\\plugins\\solidnm.exe"= UDP:c:\users\sofian\appdata\roaming\mozilla\firefox\profiles\yo9qwklf.default\extensions\solidstateion@solidstatenetworks.com\plugins\solidnm.exe:solidnm.exe

"UDP Query User{8CF5866F-A838-4FB1-A9C1-8938F237C422}c:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= TCP:c:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon

"TCP Query User{989B7C13-1290-44EF-9FBC-842CA0D14D81}c:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= UDP:c:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon

"UDP Query User{A5EB80E9-95C2-46DA-A037-73A2764FAC35}c:\\program files\\fifa09\\fifa09.exe"= TCP:c:\program files\fifa09\fifa09.exe:FIFA09

"TCP Query User{FD7024AD-BD7F-4F6E-9614-16B288759DAC}c:\\program files\\fifa09\\fifa09.exe"= UDP:c:\program files\fifa09\fifa09.exe:FIFA09

"{238E3750-1BF9-4C39-91C5-2FE52CB02AB9}"= TCP:c:\users\Sofian\AppData\Local\Temp\IXP000.TMP\pes2009.exe:Pro Evolution Soccer 2009

"{2D0DFF56-FE02-46CA-B338-8A03C162B8CD}"= UDP:c:\users\Sofian\AppData\Local\Temp\IXP000.TMP\pes2009.exe:Pro Evolution Soccer 2009

"{5A873637-D304-44AD-B6B7-D92CAC9CB7A7}"= TCP:c:\program files\PES 2009\pes2009.exe:Pro Evolution Soccer 2009

"{71F6CAC2-2793-4B81-9419-D0E6CDE27018}"= UDP:c:\program files\PES 2009\pes2009.exe:Pro Evolution Soccer 2009

"UDP Query User{3BA73912-EFBC-445F-9FED-48D4C32F0E70}c:\\users\\sofian\\program files\\dna\\btdna.exe"= TCP:c:\users\sofian\program files\dna\btdna.exe:btdna.exe

"TCP Query User{B16AEDBA-9399-48CB-9528-0E76A6C6EBAB}c:\\users\\sofian\\program files\\dna\\btdna.exe"= UDP:c:\users\sofian\program files\dna\btdna.exe:btdna.exe

"UDP Query User{56B32E8E-6D7C-4E4D-BEAA-4143D683FA87}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent

"TCP Query User{7C790108-0887-4C66-AAA4-242BC76667BC}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent

"{FB7012F6-A0C8-4829-841C-5485A6D7DD44}"= UDP:443:Utorrent

"UDP Query User{4BA4EECA-D8F9-4C97-B7B4-0EA7AEFDB223}c:\\users\\sofian\\program files\\dna\\btdna.exe"= TCP:c:\users\sofian\program files\dna\btdna.exe:btdna.exe

"TCP Query User{961E0236-D718-46B2-A522-505DBFF4766D}c:\\users\\sofian\\program files\\dna\\btdna.exe"= UDP:c:\users\sofian\program files\dna\btdna.exe:btdna.exe

"UDP Query User{0C2368A4-D8F1-4A43-9E5A-720E391B0D21}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent

"TCP Query User{2EBC57E7-8E14-4963-84BC-D5B70D7B3084}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent

"UDP Query User{CC6F7951-1541-4A49-B98E-6908AD7BC79B}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus

"TCP Query User{657A9266-4CFF-48EC-841D-F69665BBED93}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus

"UDP Query User{6BFA36F6-AD9B-49D6-B501-B2A139A00C84}c:\\program files\\rockstar games\\gta san andreas\\samp server\\samp-server.exe"= TCP:c:\program files\rockstar games\gta san andreas\samp server\samp-server.exe:samp-server

"TCP Query User{D8D696A3-E7E5-469F-B882-07C23402EDDF}c:\\program files\\rockstar games\\gta san andreas\\samp server\\samp-server.exe"= UDP:c:\program files\rockstar games\gta san andreas\samp server\samp-server.exe:samp-server

"UDP Query User{AC851BC4-9C86-4F06-8029-6C6050F73632}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire

"TCP Query User{160A1F8E-75C0-4671-B13D-59C5ABD16251}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire

"UDP Query User{D29620AC-3F93-49AA-B939-DFDCF0B35107}c:\\program files\\voipbuster.com\\voipbuster\\voipbuster.exe"= TCP:c:\program files\voipbuster.com\voipbuster\voipbuster.exe:Client to make VoIP calls.

"TCP Query User{2F1BC6CC-18FB-4243-87D2-2C9B93CAEAFF}c:\\program files\\voipbuster.com\\voipbuster\\voipbuster.exe"= UDP:c:\program files\voipbuster.com\voipbuster\voipbuster.exe:Client to make VoIP calls.

"UDP Query User{474CF4C1-C100-466E-B971-BD205B60E352}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex00.814\\gtarumbleserver.exe"= TCP:c:\users\sofian\appdata\local\temp\rar$ex00.814\gtarumbleserver.exe:gtarumbleserver.exe

"TCP Query User{94D1A7BD-96D7-4473-8B89-8A4238224449}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex00.814\\gtarumbleserver.exe"= UDP:c:\users\sofian\appdata\local\temp\rar$ex00.814\gtarumbleserver.exe:gtarumbleserver.exe

"UDP Query User{646FBDC6-C40B-444A-B597-427E6A6E7A80}c:\\program files\\participatory culture foundation\\miro\\xulrunner\\python\\miro_downloader.exe"= TCP:c:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe:Miro_Downloader

"TCP Query User{A83BBA09-E270-48AB-879E-DE2A1FBD94E4}c:\\program files\\participatory culture foundation\\miro\\xulrunner\\python\\miro_downloader.exe"= UDP:c:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe:Miro_Downloader

"{59D77588-33BF-4B97-B10A-4897EB53AFE0}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{803E39F7-78B8-4684-99C0-0C2CB8BD4CFC}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"UDP Query User{21CC4C73-8569-45EE-997D-124B256FAAEA}c:\\users\\sofian\\appdata\\locallow\\powerchallenge\\powersoccer\\powersoccer.exe"= Disabled:TCP:c:\users\sofian\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe:powersoccer.exe

"TCP Query User{22196733-FEDE-4DA5-83FC-DACF7CC96061}c:\\users\\sofian\\appdata\\locallow\\powerchallenge\\powersoccer\\powersoccer.exe"= UDP:c:\users\sofian\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe:powersoccer.exe

"UDP Query User{DEC548EE-2047-4C50-8BFF-CDAC46870652}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex35.8289\\patch.exe"= Disabled:TCP:c:\users\sofian\appdata\local\temp\rar$ex35.8289\patch.exe:patch.exe

"TCP Query User{3614CF16-7F8A-4004-8E05-3F400E4B5E3E}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex35.8289\\patch.exe"= Disabled:UDP:c:\users\sofian\appdata\local\temp\rar$ex35.8289\patch.exe:patch.exe

"UDP Query User{F18437DC-9F41-4383-9AD6-C1A60988DDCC}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex13.6771\\patch.exe"= Disabled:TCP:c:\users\sofian\appdata\local\temp\rar$ex13.6771\patch.exe:patch.exe

"TCP Query User{224A609B-63B2-467B-912D-A681AE74AD6E}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex13.6771\\patch.exe"= Disabled:UDP:c:\users\sofian\appdata\local\temp\rar$ex13.6771\patch.exe:patch.exe

"UDP Query User{C0E29B39-C25C-4FEF-A656-39E7F33E74BD}c:\\program files\\sega\\iron man\\ironman.exe"= TCP:c:\program files\sega\iron man\ironman.exe:A2M Game Engine

"TCP Query User{8437116C-045A-4735-BA3A-C780755848AF}c:\\program files\\sega\\iron man\\ironman.exe"= UDP:c:\program files\sega\iron man\ironman.exe:A2M Game Engine

"UDP Query User{8CE7B374-7E44-412D-B4E4-D6AA7886F43F}c:\\program files\\mta san andreas\\server\\mta server.exe"= TCP:c:\program files\mta san andreas\server\mta server.exe:MTA Server

"TCP Query User{B36A7935-97DA-4F7A-AB71-CDBCFECAF281}c:\\program files\\mta san andreas\\server\\mta server.exe"= UDP:c:\program files\mta san andreas\server\mta server.exe:MTA Server

"{F2923331-22E1-4E05-8FD4-EED852780340}"= TCP:c:\program files\Hide IP Platinum\hideippla.exe:Hide IP Platinum

"{A645F9A2-9908-4313-8B14-70924656A8B9}"= UDP:c:\program files\Hide IP Platinum\hideippla.exe:Hide IP Platinum

"UDP Query User{324774FA-B894-4D94-962F-0FA0D38BCBBE}c:\\program files\\ea sports\\fifa 08\\fifa08.exe"= TCP:c:\program files\ea sports\fifa 08\fifa08.exe:FIFA08

"TCP Query User{0103AA03-8BA7-4D39-99CA-4EB76E0F2FDB}c:\\program files\\ea sports\\fifa 08\\fifa08.exe"= UDP:c:\program files\ea sports\fifa 08\fifa08.exe:FIFA08

"UDP Query User{D591E3CB-061E-47F3-A798-60851B935FFC}c:\\program files\\ea games\\need for speed most wanted\\speed.exe"= TCP:c:\program files\ea games\need for speed most wanted\speed.exe:speed

"TCP Query User{D8034389-8DA4-4336-9F4F-05DC5D6D933C}c:\\program files\\ea games\\need for speed most wanted\\speed.exe"= UDP:c:\program files\ea games\need for speed most wanted\speed.exe:speed

"UDP Query User{27CA4F2C-F4A8-4CCB-B37A-58D91CDA187B}c:\\windows\\system32\\zonelabs\\vsmon.exe"= TCP:c:\windows\system32\zonelabs\vsmon.exe:TrueVector Service

"TCP Query User{09B71C24-C278-4CEE-A07D-A85FAC53D66F}c:\\windows\\system32\\zonelabs\\vsmon.exe"= UDP:c:\windows\system32\zonelabs\vsmon.exe:TrueVector Service

"{A694356B-DCE6-46B4-81C9-7F1BF6E8D0BD}"= TCP:c:\program files\Anyplace Control 4\apc_host.exe:Anyplace Control - Host Module

"{D6E0B432-B38F-4604-9C66-E8DBD0D26D85}"= UDP:c:\program files\Anyplace Control 4\apc_host.exe:Anyplace Control - Host Module

"UDP Query User{081DF3A1-A737-4B1A-8E2F-3ED3191946D9}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC

"TCP Query User{74E35358-40CC-48B1-8254-B8B0DE21EC20}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC

"UDP Query User{9E78BC5B-6B79-4A83-B420-F4FFC1C824B9}c:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= TCP:c:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon

"TCP Query User{3A67AA1E-2903-46CF-AFB3-13EDE809CC1C}c:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= UDP:c:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon

"UDP Query User{3E3F2425-7523-4869-BF0B-948EE453792B}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{1E068C53-2CF4-45B3-B8D6-D5D2C758CC47}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox

"{A60A5777-3712-4781-909A-E562EC13F6AB}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent

"{1850859D-E62C-4D16-A780-4968346CA9C4}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent

"UDP Query User{E7EDA855-37AB-4B36-8022-BACE3FC8ADA0}c:\\program files\\disney interactive\\treasure planet battle at procyon\\tp_game\\tp_win32.exe"= TCP:c:\program files\disney interactive\treasure planet battle at procyon\tp_game\tp_win32.exe:tp_win32

"TCP Query User{B233138C-50A1-4A52-A313-9863D95F0E53}c:\\program files\\disney interactive\\treasure planet battle at procyon\\tp_game\\tp_win32.exe"= UDP:c:\program files\disney interactive\treasure planet battle at procyon\tp_game\tp_win32.exe:tp_win32

"{44532AF2-7C13-40D8-9DD2-BD9B00FAC573}"= TCP:c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe:VoipBuster

"{CD223108-C909-4C5F-A619-812D6AD86666}"= UDP:c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe:VoipBuster

"{9AC21C58-6565-4B09-A236-1C6E53E234D8}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{11B576E1-B887-47A7-A55D-9EDD18EFE2C6}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire

"{F8E3F7D3-F590-4016-9007-3EAE21EAA446}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire

"{369C3E79-E41A-44B4-A978-2B93CFF0CE3C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{DDB069C9-E320-4264-9A6D-6EC50BF098F3}"= TCP:c:\users\Sofian\Program Files\uTorrent\uTorrent.exe:µTorrent

"{3522FAAA-E7CC-4D52-8A11-379115C6D72E}"= UDP:c:\users\Sofian\Program Files\uTorrent\uTorrent.exe:µTorrent

"{C54D7D3B-57AF-4522-89AA-159E577773D0}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server

"{3DB6E3AB-1D74-4F00-A772-795E4A26D6D8}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine

"{3CABAA43-9F86-4D02-AB76-8FE8F562D6AD}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program

"{D874EB75-B187-4F66-9E24-8BDB71152578}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect

"{B47A655A-053C-4B47-BC89-646ACA1D9DF1}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{149CA782-81E2-49E4-B14A-D23BCA105DAC}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{AEC7333B-4641-4907-A68C-64304FC929E1}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{6F77D1F2-B3BB-40F5-B0CC-1A129BBEBB37}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"TCP Query User{98FAEA70-FFDF-4465-9FED-0D9E424E96CC}c:\\program files\\rainbow six vegas\\binaries\\r6vegas2_game.exe"= UDP:c:\program files\rainbow six vegas\binaries\r6vegas2_game.exe:R6Vegas2_Game

"UDP Query User{06AF7056-339E-4B4B-ACED-28D9AED1B00A}c:\\program files\\rainbow six vegas\\binaries\\r6vegas2_game.exe"= TCP:c:\program files\rainbow six vegas\binaries\r6vegas2_game.exe:R6Vegas2_Game

"{A72FA228-4027-4C09-9E5D-16CCCADDE895}"= UDP:27015:cs

"{6F58EE41-EE56-466A-811E-B91231C6B098}"= TCP:27015:cs2

"TCP Query User{89D619DA-8462-47D2-B87A-F65465542D13}c:\\program files\\ea games\\need for speed most wanted\\speed.exe"= UDP:c:\program files\ea games\need for speed most wanted\speed.exe:speed

"UDP Query User{81D927CC-9991-4D31-BA21-F5D597770B4C}c:\\program files\\ea games\\need for speed most wanted\\speed.exe"= TCP:c:\program files\ea games\need for speed most wanted\speed.exe:speed

"TCP Query User{CF28231D-A4AB-4EC6-A8A1-3435FEDA5975}c:\\program files\\free download manager\\fdm.exe"= UDP:c:\program files\free download manager\fdm.exe:Free Download Manager

"UDP Query User{467F41AF-99A6-455D-B1B2-CE2308C3AE3D}c:\\program files\\free download manager\\fdm.exe"= TCP:c:\program files\free download manager\fdm.exe:Free Download Manager

"TCP Query User{8A7D27FA-DA13-49A0-A28C-6CEA99A48ED0}c:\\program files\\electronic arts\\need for speed prostreet\\online\\bombd.exe"= UDP:c:\program files\electronic arts\need for speed prostreet\online\bombd.exe:bombd

"UDP Query User{1AFCE24B-B976-41BB-8277-5EF44F459ADD}c:\\program files\\electronic arts\\need for speed prostreet\\online\\bombd.exe"= TCP:c:\program files\electronic arts\need for speed prostreet\online\bombd.exe:bombd

"TCP Query User{B8B3C1A0-DAAC-4EE9-A6F9-64EAF9419DE5}c:\\program files\\midnight club 2\\mc2.exe"= UDP:c:\program files\midnight club 2\mc2.exe:mc2

"UDP Query User{6A29C6CE-3831-4646-B400-5F783BCAEACD}c:\\program files\\midnight club 2\\mc2.exe"= TCP:c:\program files\midnight club 2\mc2.exe:mc2

"{B9BC18A5-EFE4-46EB-AC93-72A2B6F801D7}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{18CEC237-0B76-4515-BE32-0C100FEC6D86}c:\\program files\\midnight club 2\\mc2.exe"= UDP:c:\program files\midnight club 2\mc2.exe:mc2

"UDP Query User{148526E6-35AA-46C0-884C-A31AA5BBEAB9}c:\\program files\\midnight club 2\\mc2.exe"= TCP:c:\program files\midnight club 2\mc2.exe:mc2

"TCP Query User{D761FCBC-4F47-4BFE-BFE4-42DF050F1529}c:\\program files\\counter-strike 1.6\\hl.exe"= UDP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher

"UDP Query User{32E24C83-E7F4-44A1-B755-B8F8F20D4A0E}c:\\program files\\counter-strike 1.6\\hl.exe"= TCP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher

"TCP Query User{9BDB6799-E480-4523-BB34-7599B7A3C00F}c:\\program files\\valve\\counter-strike source\\hl2.exe"= UDP:c:\program files\valve\counter-strike source\hl2.exe:hl2

"UDP Query User{DC5F9973-99AE-45C3-926A-6016CA54FA07}c:\\program files\\valve\\counter-strike source\\hl2.exe"= TCP:c:\program files\valve\counter-strike source\hl2.exe:hl2

"TCP Query User{180C3D0D-0D7D-4E93-ABFA-B1AA2B8B4326}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex00.016\\nfsuclient.exe"= UDP:c:\users\sofian\appdata\local\temp\rar$ex00.016\nfsuclient.exe:nfsuclient.exe

"UDP Query User{EE52C356-31CA-49D3-86C5-31EDA7B83272}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex00.016\\nfsuclient.exe"= TCP:c:\users\sofian\appdata\local\temp\rar$ex00.016\nfsuclient.exe:nfsuclient.exe

"TCP Query User{1D19EC40-539C-45A0-B14A-DCBB420D73FB}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex02.807\\nfsuserver.1.0.1.exe"= UDP:c:\users\sofian\appdata\local\temp\rar$ex02.807\nfsuserver.1.0.1.exe:nfsuserver.1.0.1.exe

"UDP Query User{CA9AA832-14CF-4784-A0E6-A873FBFF2537}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex02.807\\nfsuserver.1.0.1.exe"= TCP:c:\users\sofian\appdata\local\temp\rar$ex02.807\nfsuserver.1.0.1.exe:nfsuserver.1.0.1.exe

"TCP Query User{F20E1835-AA1E-4A33-B08C-060A5A1C5446}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex04.415\\nfsuclient.exe"= UDP:c:\users\sofian\appdata\local\temp\rar$ex04.415\nfsuclient.exe:nfsuclient.exe

"UDP Query User{6CF40273-EF0A-43CA-BAE9-3F47DBD855F9}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex04.415\\nfsuclient.exe"= TCP:c:\users\sofian\appdata\local\temp\rar$ex04.415\nfsuclient.exe:nfsuclient.exe

"TCP Query User{926B5B97-4EA8-4604-BA27-469A17E4EC4B}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex05.310\\nfsuclient.exe"= UDP:c:\users\sofian\appdata\local\temp\rar$ex05.310\nfsuclient.exe:nfsuclient.exe

"UDP Query User{5584FE3E-B6C3-4B7A-AB1F-2104113C6C2D}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex05.310\\nfsuclient.exe"= TCP:c:\users\sofian\appdata\local\temp\rar$ex05.310\nfsuclient.exe:nfsuclient.exe

"{954FA7EB-DF6C-4A27-83D4-C3DCDA96386B}"= UDP:80:LAN-MW

"{78BF540B-9E58-4DB5-B4EC-1F1F72E42DCE}"= UDP:13505:LAN-MW1

"{D3C9E63D-91BA-464F-82A4-C38CB57CB538}"= TCP:3658:LAN-MW3

"{7223C4BC-7C74-4639-A38C-0E3142A8E5E7}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"{BE499951-71C5-407D-99B6-89A000F71B29}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"TCP Query User{A3CBBF16-7F14-4671-840B-B7B2A30DFA5C}c:\\program files\\counter-strike 1.6\\hlds.exe"= UDP:c:\program files\counter-strike 1.6\hlds.exe:HLDS Launcher

"UDP Query User{FFF9971C-3B60-482F-8B37-04F8133A9C74}c:\\program files\\counter-strike 1.6\\hlds.exe"= TCP:c:\program files\counter-strike 1.6\hlds.exe:HLDS Launcher

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Configurable\System]

"Rip-Listener-1"= TCP:520|%SystemRoot%\System32\svchost.exe|Svc=iprip:@iprip.dll,-200|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

"SNMP-1"= TCP:%SystemRoot%\system32\snmp.exe|Svc=SNMP:@%SystemRoot%\system32\snmp.exe,-5|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

"c:\\Program Files\\River Past\\Audio Converter Pro\\AudioConverter.exe"= c:\program files\River Past\Audio Converter Pro\AudioConverter.exe:*:Enabled:River Past Audio Converter Pro

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [2008-11-30 111616]

R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [2008-11-30 235648]

R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [2008-11-30 7424]

R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [2008-04-16 73728]

R4 deMntrService;Dell AIO Center Service;c:\program files\Dell\MFP_DELL\deMntrService.exe [2007-06-28 131072]

R4 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);c:\program files\Belgacom\bin\sprtsvc.exe [2008-05-29 202016]

S3 DESVUSB;Dell service driver;c:\windows\System32\drivers\desrvusb.sys [2008-11-30 17536]

S3 WMSvc;Web Management-service;c:\windows\System32\inetsrv\WMSvc.exe [2006-11-02 10752]

S4 Anyplace Control Security;Anyplace Control Security;c:\windows\svcadmin.exe [2008-04-24 104960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LPDService REG_MULTI_SZ LPDSVC

rsmsvcs REG_MULTI_SZ ntmssvc

ipripsvc REG_MULTI_SZ iprip

bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1d54b09-be71-11dd-b2e0-806e6f6e6963}]

\shell\AutoRun\command - E:\Autorun.exe

\shell\start\command - \Autorun.exe

.

Inhoud van de 'Gedeelde Taken' map

2009-01-31 c:\windows\Tasks\1-Click Maintenance.job

- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe []

2009-01-31 c:\windows\Tasks\RegCure Program Check.job

- c:\program files\RegCure\RegCure.exe [2007-08-02 10:20]

2008-12-12 c:\windows\Tasks\RegCure.job

- c:\program files\RegCure\RegCure.exe [2007-08-02 10:20]

2009-01-31 c:\windows\Tasks\RegTool Scan.job

- c:\program files\RegTool\RegTool.exe []

2009-01-31 c:\windows\Tasks\RegTool Scan.job

- c:\program files\RegTool []

2009-01-31 c:\windows\Tasks\RegTool Startup.job

- c:\program files\RegTool\RegTool.exe []

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.games-fusion.net/

mStart Page = hxxp://www.games-fusion.net/

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab

FF - ProfilePath - c:\users\Sofian\AppData\Roaming\Mozilla\Firefox\Profiles\yo9qwklf.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Wikipedia (nl)

FF - prefs.js: browser.startup.homepage - about:blank

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll

---- FIREFOX POLICIES ----

FF - user.js: network.proxy.type - 0

FF - user.js: network.proxy.http -

FF - user.js: network.proxy.http_port - 0

FF - user.js: network.proxy.ssl -

FF - user.js: network.proxy.ssl_port - 0

FF - user.js: network.proxy.ftp -

FF - user.js: network.proxy.ftp_port - 0

FF - user.js: network.proxy.gopher -

FF - user.js: network.proxy.gopher_port - 0

FF - user.js: network.proxy.socks_version - 5

FF - user.js: network.proxy.socks -

FF - user.js: network.proxy.socks_port - 0

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-31 20:53:04

Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

c:\windows\TEMP\TMP00000078DF48F6EC6F4DAE2C 524288 bytes executable

Scan succesvol afgerond

verborgen bestanden: 1

**************************************************************************

.

Voltooingstijd: 2009-01-31 20:56:00

ComboFix-quarantined-files.txt 2009-01-31 19:55:57

ComboFix2.txt 2009-01-31 15:19:40

Pre-Run: 70,700,331,008 bytes beschikbaar

Post-Run: 70,671,339,520 bytes beschikbaar

520

Wil je dat verhaal van Combofix nog eens even herhalen - maar dan in "veilige modus" - want er is één probleemgeval niet opgelost :

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1d54b09-be71-11dd-b2e0-806e6f6e6963}]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Hier is het logje dan

ComboFix 09-01-31.01 - Sofian 2009-02-01 14:09:01.4 - NTFSx86 NETWORK

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.2037.1469 [GMT 1:00]

Gestart vanuit: c:\users\Sofian\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Sofian\Desktop\CFScript.txt

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-01-01 to 2009-02-01 ))))))))))))))))))))))))))))))

.

2009-01-31 23:56 . 2008-11-26 18:17 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys

2009-01-31 14:42 . 2009-01-31 14:42 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-01-31 14:42 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2009-01-31 14:42 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2009-01-30 23:41 . 2009-01-30 23:41 <DIR> d-------- c:\program files\Gabest

2009-01-28 21:47 . 2009-01-28 21:47 45 --a------ c:\windows\System32\initdebug.nfo

2009-01-28 18:38 . 2009-01-28 18:41 <DIR> d-------- c:\program files\DivX

2009-01-26 19:08 . 2009-01-26 19:08 <DIR> d-------- c:\program files\Xvid(120)

2009-01-26 18:50 . 2009-01-26 18:50 <DIR> d-------- c:\users\Sofian\AppData\Roaming\BSplayer Pro

2009-01-26 18:50 . 2009-01-26 18:54 <DIR> d-------- c:\users\Sofian\AppData\Roaming\BSplayer

2009-01-26 18:50 . 2009-01-26 18:50 <DIR> d-------- c:\program files\Webteh

2009-01-24 16:40 . 2009-01-24 16:54 <DIR> d-------- c:\program files\AC3Filter

2009-01-24 16:35 . 2009-01-24 16:35 <DIR> d-------- c:\users\Sofian\AppData\Roaming\River Past G5

2009-01-24 16:35 . 2009-01-24 16:47 <DIR> d-------- c:\users\All Users\River Past G5

2009-01-24 16:35 . 2009-01-24 16:35 <DIR> d-------- c:\program files\River Past

2009-01-24 16:35 . 2009-01-24 16:35 <DIR> d-------- c:\program files\Common Files\River Past

2009-01-24 16:35 . 2009-01-24 16:47 <DIR> d-------- c:\progra~2\River Past G5

2009-01-24 16:35 . 2009-01-24 16:35 163,250 --a------ c:\windows\Audio Converter Pro Uninstaller.exe

2009-01-24 16:30 . 2009-01-24 16:32 <DIR> d-------- c:\program files\DoremiSoft

2009-01-24 16:25 . 2009-01-24 16:27 150 --a------ c:\windows\videotoaudio.ini

2009-01-24 16:24 . 2009-01-24 16:24 <DIR> d-------- c:\program files\Crystal Software

2009-01-24 16:24 . 2009-01-24 16:27 5 --a------ c:\windows\System32\SySatw.dat

2009-01-24 16:22 . 2004-12-07 10:11 258,352 --a------ c:\windows\System32\Unicows.dll

2009-01-24 15:28 . 2009-01-04 12:35 31,232 --a------ c:\windows\system\vdremote.dll

2009-01-24 15:28 . 2009-01-04 12:35 25,088 --a------ c:\windows\system\vdsvrlnk.dll

2009-01-24 00:14 . 2006-10-26 19:56 32,592 --a------ c:\windows\System32\msonpmon.dll

2009-01-24 00:01 . 2009-01-27 21:53 <DIR> d-------- c:\users\All Users\Microsoft Help

2009-01-24 00:01 . 2009-01-27 21:53 <DIR> d-------- c:\progra~2\Microsoft Help

2009-01-23 23:57 . 2009-01-23 23:57 <DIR> d-------- c:\users\Sofian\AppData\Roaming\DAEMON Tools Lite

2009-01-23 23:36 . 2006-11-02 10:39 15,821,312 --a------ c:\windows\System32\imageres.dll

2009-01-23 22:30 . 2009-01-24 17:55 <DIR> d-------- c:\users\Sofian\AppData\Roaming\vlc

2009-01-23 22:23 . 2009-01-23 22:24 <DIR> d-------- c:\users\Sofian\AppData\Roaming\MozillaControl

2009-01-23 22:23 . 2009-01-23 22:23 <DIR> d-------- c:\users\All Users\Graboid Inc

2009-01-23 22:23 . 2009-01-23 22:23 <DIR> d-------- c:\progra~2\Graboid Inc

2009-01-23 22:22 . 2009-01-23 22:30 <DIR> d-------- c:\program files\Graboid

2009-01-22 19:11 . 2009-01-22 19:11 <DIR> d-------- c:\users\All Users\TechSmith

2009-01-22 19:11 . 2009-01-22 19:11 <DIR> d-------- c:\progra~2\TechSmith

2009-01-22 19:08 . 2009-01-22 19:08 <DIR> d-------- c:\windows\System32\QuickTime

2009-01-22 19:08 . 2009-01-22 19:08 <DIR> d-------- c:\program files\TechSmith

2009-01-22 19:08 . 2009-01-22 19:08 <DIR> d-------- c:\program files\Common Files\TechSmith Shared

2009-01-22 19:08 . 2008-07-10 14:56 107,864 --a------ c:\windows\System32\tsccvid.dll

2009-01-20 19:57 . 2009-01-20 20:46 <DIR> d-------- c:\users\Sofian\AppData\Roaming\SmartDraw

2009-01-19 21:34 . 2009-01-20 19:13 <DIR> d-------- c:\program files\Linguistic Systems

2009-01-18 19:25 . 2009-01-30 23:18 21,840 --a----t- c:\windows\System32\SIntfNT.dll

2009-01-18 19:25 . 2009-01-30 23:18 17,212 --a----t- c:\windows\System32\SIntf32.dll

2009-01-18 19:25 . 2009-01-30 23:18 12,067 --a----t- c:\windows\System32\SIntf16.dll

2009-01-18 17:08 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\System32\d3dx9_32.dll

2009-01-18 17:08 . 2006-11-29 13:06 440,080 --a------ c:\windows\System32\d3dx10.dll

2009-01-18 17:08 . 2006-12-08 12:02 251,672 --a------ c:\windows\System32\xactengine2_5.dll

2009-01-18 00:25 . 2009-01-18 00:25 <DIR> d-------- c:\program files\Paint.NET

2009-01-16 18:54 . 2009-01-16 20:42 <DIR> d-------- c:\program files\Counter-Strike Source

2009-01-11 13:47 . 2009-01-11 13:54 <DIR> d-------- c:\users\Sofian\AppData\Roaming\RegTool

2009-01-02 21:42 . 2009-01-02 21:42 <DIR> d-------- c:\program files\GameSpy3D

2009-01-01 15:24 . 2009-01-01 15:24 103,736 --a------ c:\windows\System32\PnkBstrB.exe

2009-01-01 15:24 . 2009-01-01 15:24 22,328 --a------ c:\windows\System32\drivers\PnkBstrK.sys

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-31 10:15 --------- d-----w c:\program files\Midnight Club 2

2009-01-30 22:44 --------- d-----w c:\program files\ffdshow

2009-01-30 19:23 --------- d-----w c:\users\Sofian\AppData\Roaming\Hamachi

2009-01-27 22:47 --------- d-----w c:\users\Sofian\AppData\Roaming\uTorrent

2009-01-27 21:11 --------- d-----w c:\program files\dvdSanta

2009-01-27 20:52 --------- d-----w c:\program files\Microsoft Works

2009-01-27 20:49 --------- d-----w c:\program files\MSBuild

2009-01-27 17:36 --------- d-----w c:\program files\Xvid

2009-01-27 17:36 --------- d-----w c:\program files\WarRock

2009-01-27 17:36 --------- d-----w c:\program files\Sigmatel

2009-01-27 17:25 --------- d-----w c:\users\Sofian\AppData\Roaming\LimeWire

2009-01-27 17:23 --------- d-----w c:\program files\Java

2009-01-27 17:22 --------- d--h--w c:\program files\InstallShield Installation Information

2009-01-27 17:07 --------- d-----w c:\program files\Intel

2009-01-27 16:01 --------- d-----w c:\program files\Dell

2009-01-24 19:45 --------- d-----w c:\program files\Pegasys Inc

2009-01-20 20:04 3,036 --sha-w c:\windows\System32\KGyGaAvL.sys

2009-01-20 20:04 --------- d-----w c:\users\Sofian\AppData\Roaming\Corel

2009-01-20 16:14 --------- d-----w c:\users\Sofian\AppData\Roaming\Pegasys Inc

2009-01-18 18:26 --------- d-----w c:\program files\Disney Interactive

2009-01-18 16:27 --------- d-----w c:\program files\Activision

2009-01-18 16:09 --------- d-----w c:\users\Sofian\AppData\Roaming\Activision

2009-01-18 16:09 --------- d-----w c:\progra~2\Activision

2009-01-18 12:49 --------- d-----w c:\program files\Steam

2009-01-18 12:47 --------- d-----w c:\program files\Common Files\Steam

2009-01-16 16:02 --------- d-----w c:\program files\Counter-Strike 1.6

2009-01-09 17:24 --------- d-----w c:\users\Sofian\AppData\Roaming\MailWasherPro

2009-01-07 21:18 --------- d-----w c:\program files\CCleaner

2009-01-07 18:10 --------- d-----w c:\program files\Mozilla Thunderbird

2009-01-04 17:45 --------- d-----w c:\progra~2\Roxio

2009-01-01 14:24 66,872 ----a-w c:\windows\System32\PnkBstrA.exe

2008-12-31 18:54 --------- d-----w c:\program files\StuffPlug3

2008-12-28 15:57 --------- d-----w c:\program files\Live For Speed

2008-12-27 19:07 --------- d-----w c:\users\Sofian\AppData\Roaming\OpenOffice.org

2008-12-26 12:57 98,304 ----a-w c:\windows\System32\CmdLineExt.dll

2008-12-26 12:54 --------- d-----w c:\program files\Empire Interactive

2008-12-25 17:20 --------- d-----w c:\program files\AlerteGPS

2008-12-24 17:15 --------- d-----w c:\program files\SWAT 4

2008-12-24 10:30 --------- d-----w c:\program files\OpenOffice.org 3

2008-12-24 10:30 --------- d-----w c:\program files\JRE

2008-12-24 10:14 --------- d-----w c:\program files\Common Files\Java

2008-12-24 10:13 --------- d-----w c:\users\Sofian\AppData\Roaming\OpenOffice.org2

2008-12-18 11:38 --------- d-----w c:\program files\PES 2009

2008-12-17 17:22 444,952 ----a-w c:\windows\System32\wrap_oal.dll

2008-12-17 17:22 109,080 ----a-w c:\windows\System32\OpenAL32.dll

2008-12-17 15:02 --------- d-----w c:\program files\Codemasters

2008-12-17 12:06 --------- d-----w c:\progra~2\Codemasters

2008-12-16 21:14 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2008-12-16 21:07 --------- d-----w c:\program files\Cool Beans NFO Creator

2008-12-16 21:03 --------- d-----w c:\program files\OpenAL

2008-12-14 18:11 --------- d-----w c:\users\Sofian\AppData\Roaming\Webcammax

2008-12-14 18:00 --------- d-----w c:\progra~2\Yahoo!

2008-12-14 17:59 --------- d-----w c:\users\Sofian\AppData\Roaming\Yahoo!

2008-12-14 17:59 --------- d-----w c:\program files\Yahoo!

2008-12-14 17:59 --------- d-----w c:\progra~2\Yahoo! Companion

2008-12-11 20:54 --------- d-----w c:\program files\LimeWire

2008-12-11 19:52 --------- d-----w c:\program files\RegCure

2008-12-10 21:29 73,216 ----a-w c:\windows\System32\msiexec.exe

2008-12-10 21:29 332,800 ----a-w c:\windows\System32\msihnd.dll

2008-12-10 21:29 2,560 ----a-w c:\windows\System32\msimsg.dll

2008-12-10 21:29 2,252,288 ----a-w c:\windows\System32\msi.dll

2008-12-10 12:36 --------- d-----w c:\program files\Common Files\Futuremark Shared

2008-12-10 11:32 --------- d-----w c:\users\Sofian\AppData\Roaming\SystemRequirementsLab

2008-12-09 21:47 --------- d-----w c:\users\Sofian\AppData\Roaming\Desktopicon

2008-12-09 21:34 410,984 ----a-w c:\windows\System32\deploytk.dll

2008-12-09 21:27 --------- d-----w c:\progra~2\Spybot - Search & Destroy

2008-12-08 19:05 73,216 ----a-w c:\windows\ST6UNST.EXE

2008-12-08 19:05 249,856 ------w c:\windows\Setup1.exe

2008-12-08 19:05 --------- d-----w c:\program files\vbNFSMWMegaTrainer

2008-12-05 16:44 --------- d-----w c:\program files\Electronic Arts

2008-11-30 14:46 22,328 ----a-w c:\users\Sofian\AppData\Roaming\PnkBstrK.sys

2008-11-30 08:39 51,224 ----a-w c:\windows\System32\wuauclt.exe

2008-11-30 08:39 43,544 ----a-w c:\windows\System32\wups2.dll

2008-11-30 08:39 1,809,944 ----a-w c:\windows\System32\wuaueng.dll

2008-11-30 08:39 1,524,736 ----a-w c:\windows\System32\wucltux.dll

2008-11-30 08:38 83,456 ----a-w c:\windows\System32\wudriver.dll

2008-11-30 08:38 561,688 ----a-w c:\windows\System32\wuapi.dll

2008-11-30 08:38 34,328 ----a-w c:\windows\System32\wups.dll

2008-11-30 08:38 31,232 ----a-w c:\windows\System32\wuapp.exe

2008-11-30 08:38 162,064 ----a-w c:\windows\System32\wuwebv.dll

2008-11-06 16:35 200,704 ----a-w c:\windows\System32\ssldivx.dll

2008-11-06 16:35 1,044,480 ----a-w c:\windows\System32\libdivx.dll

2008-11-02 09:11 60,273 ----a-w c:\windows\System32\pthreadGC2.dll

2008-09-02 15:06 24 ----a-w c:\users\Sofian\jagex_runescape_preferences.dat

2008-05-18 09:28 0 ----a-w c:\users\Sofian\AppData\Roaming\wklnhst.dat

2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini

2008-04-15 23:28 76 --sha-w c:\windows\CT4CET.bin

.

((((((((((((((((((((((((((((( snapshot@2009-01-31_20.53.42.53 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-01-31 17:53:39 2,484 ----a-w c:\windows\bthservsdp.dat

+ 2009-01-31 23:42:15 2,484 ----a-w c:\windows\bthservsdp.dat

- 2009-01-31 18:40:15 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2009-02-01 13:07:17 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2009-02-01 13:07:17 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2009-01-31 18:40:10 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2009-02-01 13:07:12 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2009-02-01 13:07:12 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

+ 2008-11-26 17:21:30 1,236,208 ----a-w c:\windows\System32\aswBoot.exe

+ 2008-11-26 17:15:10 97,480 ----a-w c:\windows\System32\AvastSS.scr

- 2009-01-31 18:36:55 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-02-01 12:52:16 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-01-31 18:36:55 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-02-01 12:52:16 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-01-31 18:36:55 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-02-01 12:52:16 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-11-26 17:17:25 20,560 ----a-w c:\windows\System32\drivers\aswFsBlk.sys

+ 2008-11-26 17:16:29 23,152 ----a-w c:\windows\System32\drivers\aswRdr.sys

+ 2008-11-26 17:17:36 111,184 ----a-w c:\windows\System32\drivers\aswSP.sys

+ 2008-11-26 17:16:38 50,864 ----a-w c:\windows\System32\drivers\aswTdi.sys

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]

"VoipBuster"="c:\program files\VoipBuster.com\VoipBuster\voipbuster.exe" [2008-11-24 9017648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 133656]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]

"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"Belgacom"="c:\program files\Belgacom\bin\sprtcmd.exe" [2008-05-29 202016]

"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]

"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

"DeStatusMon"="c:\program files\Dell\MFP_DELL\deDvcStatus.exe" [2007-06-28 286720]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-13 16384]

"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-01-18 17920]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]

"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-01-11 101136]

"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-03-12 79400]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-09 136600]

"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-03-21 478800]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-11 c:\windows\KHALMNPR.Exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

"aswAhAScr.dll"="c:\progra~1\ALWILS~1\Avast4\ASWREG~1.EXE" [2003-09-16 22016]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 703280]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-04-16 50688]

QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-09-07 1180952]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-991331777-2378318461-4560006-1000]

"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"UDP Query User{5CC58DDD-6000-4FB3-A854-7241EBE4C5CB}c:\\program files\\disney interactive\\treasure planet battle at procyon\\tp_game\\tp_win32.exe"= TCP:c:\program files\disney interactive\treasure planet battle at procyon\tp_game\tp_win32.exe:TP_Win32

"TCP Query User{54834E1A-4F46-47D1-91AA-6AFB388A49A3}c:\\program files\\disney interactive\\treasure planet battle at procyon\\tp_game\\tp_win32.exe"= UDP:c:\program files\disney interactive\treasure planet battle at procyon\tp_game\tp_win32.exe:TP_Win32

"UDP Query User{A3111D06-F8A6-4033-9D01-E0865EAEB4D9}c:\\program files\\valve\\counter-strike source\\hl2.exe"= TCP:c:\program files\valve\counter-strike source\hl2.exe:hl2

"TCP Query User{9293FB58-0420-4115-A49E-A2976C1B3564}c:\\program files\\valve\\counter-strike source\\hl2.exe"= UDP:c:\program files\valve\counter-strike source\hl2.exe:hl2

"{D346D765-9524-49F4-BDED-DDB16AE73879}"= TCP:c:\windows\System32\mqsvc.exe:Message Queuing

"{45A90E50-5152-4959-8E7F-7E7EF4F7424A}"= UDP:c:\windows\System32\mqsvc.exe:Message Queuing

"{1D9069E9-375D-44A0-9CC2-400255F8CE78}"= TCP:c:\windows\System32\mqsvc.exe:Message Queuing

"{63477523-E780-4425-82C0-55FFAA497F10}"= UDP:c:\windows\System32\mqsvc.exe:Message Queuing

"UDP Query User{1C7BFDF9-B75E-43EC-B6BB-E8A9D0B7D71D}c:\\program files\\dna\\btdna.exe"= TCP:c:\program files\dna\btdna.exe:DNA

"TCP Query User{3CA1B8DB-15AF-4500-8464-89652E56CCDD}c:\\program files\\dna\\btdna.exe"= UDP:c:\program files\dna\btdna.exe:DNA

"{ED40C921-0241-41BA-9728-57E557C93C9E}"= TCP:c:\program files\PES 2009\pes2009.exe:Pro Evolution Soccer 2009

"{D2FCE9FF-BA9C-4637-81C6-5E482A64F5AE}"= UDP:c:\program files\PES 2009\pes2009.exe:Pro Evolution Soccer 2009

"{6B4496AF-FC00-4791-BFBA-2A8BBB254869}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"UDP Query User{E5B9A067-7D56-4164-962D-4FC016F75802}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{FFE6709D-E020-4886-8070-432D9ADD0FAE}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{3245B40A-F081-4386-8E3A-2289A2C6614F}c:\\program files\\counter-strike 1.6\\hlds.exe"= TCP:c:\program files\counter-strike 1.6\hlds.exe:HLDS Launcher

"TCP Query User{C96B2973-710E-48B9-A8F9-B91A6F5DCC36}c:\\program files\\counter-strike 1.6\\hlds.exe"= UDP:c:\program files\counter-strike 1.6\hlds.exe:HLDS Launcher

"UDP Query User{E51EBB21-CF5E-4D83-9AA2-2D8C282E9AC6}c:\\program files\\counter-strike 1.6\\hl.exe"= TCP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher

"TCP Query User{3656B3D5-B7C1-45B2-998F-56B20C9E9581}c:\\program files\\counter-strike 1.6\\hl.exe"= UDP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher

"UDP Query User{2879B1FB-70EE-47C4-8654-8A1DC1DF0DFD}c:\\program files\\sega\\iron man\\ironman.exe"= TCP:c:\program files\sega\iron man\ironman.exe:A2M Game Engine

"TCP Query User{9A526FB3-485C-4E94-B333-92CE71217FED}c:\\program files\\sega\\iron man\\ironman.exe"= UDP:c:\program files\sega\iron man\ironman.exe:A2M Game Engine

"UDP Query User{514D414F-BEC6-4BEF-9EE9-7E68D1A05CEF}c:\\users\\sofian\\appdata\\roaming\\mozilla\\firefox\\profiles\\yo9qwklf.default\\extensions\\solidstateion@solidstatenetworks.com\\plugins\\solidnm.exe"= TCP:c:\users\sofian\appdata\roaming\mozilla\firefox\profiles\yo9qwklf.default\extensions\solidstateion@solidstatenetworks.com\plugins\solidnm.exe:solidnm.exe

"TCP Query User{55A58C11-6386-4375-88C1-005F988E9E3D}c:\\users\\sofian\\appdata\\roaming\\mozilla\\firefox\\profiles\\yo9qwklf.default\\extensions\\solidstateion@solidstatenetworks.com\\plugins\\solidnm.exe"= UDP:c:\users\sofian\appdata\roaming\mozilla\firefox\profiles\yo9qwklf.default\extensions\solidstateion@solidstatenetworks.com\plugins\solidnm.exe:solidnm.exe

"UDP Query User{8CF5866F-A838-4FB1-A9C1-8938F237C422}c:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= TCP:c:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon

"TCP Query User{989B7C13-1290-44EF-9FBC-842CA0D14D81}c:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= UDP:c:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon

"UDP Query User{A5EB80E9-95C2-46DA-A037-73A2764FAC35}c:\\program files\\fifa09\\fifa09.exe"= TCP:c:\program files\fifa09\fifa09.exe:FIFA09

"TCP Query User{FD7024AD-BD7F-4F6E-9614-16B288759DAC}c:\\program files\\fifa09\\fifa09.exe"= UDP:c:\program files\fifa09\fifa09.exe:FIFA09

"{238E3750-1BF9-4C39-91C5-2FE52CB02AB9}"= TCP:c:\users\Sofian\AppData\Local\Temp\IXP000.TMP\pes2009.exe:Pro Evolution Soccer 2009

"{2D0DFF56-FE02-46CA-B338-8A03C162B8CD}"= UDP:c:\users\Sofian\AppData\Local\Temp\IXP000.TMP\pes2009.exe:Pro Evolution Soccer 2009

"{5A873637-D304-44AD-B6B7-D92CAC9CB7A7}"= TCP:c:\program files\PES 2009\pes2009.exe:Pro Evolution Soccer 2009

"{71F6CAC2-2793-4B81-9419-D0E6CDE27018}"= UDP:c:\program files\PES 2009\pes2009.exe:Pro Evolution Soccer 2009

"UDP Query User{3BA73912-EFBC-445F-9FED-48D4C32F0E70}c:\\users\\sofian\\program files\\dna\\btdna.exe"= TCP:c:\users\sofian\program files\dna\btdna.exe:btdna.exe

"TCP Query User{B16AEDBA-9399-48CB-9528-0E76A6C6EBAB}c:\\users\\sofian\\program files\\dna\\btdna.exe"= UDP:c:\users\sofian\program files\dna\btdna.exe:btdna.exe

"UDP Query User{56B32E8E-6D7C-4E4D-BEAA-4143D683FA87}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent

"TCP Query User{7C790108-0887-4C66-AAA4-242BC76667BC}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent

"{FB7012F6-A0C8-4829-841C-5485A6D7DD44}"= UDP:443:Utorrent

"UDP Query User{4BA4EECA-D8F9-4C97-B7B4-0EA7AEFDB223}c:\\users\\sofian\\program files\\dna\\btdna.exe"= TCP:c:\users\sofian\program files\dna\btdna.exe:btdna.exe

"TCP Query User{961E0236-D718-46B2-A522-505DBFF4766D}c:\\users\\sofian\\program files\\dna\\btdna.exe"= UDP:c:\users\sofian\program files\dna\btdna.exe:btdna.exe

"UDP Query User{0C2368A4-D8F1-4A43-9E5A-720E391B0D21}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent

"TCP Query User{2EBC57E7-8E14-4963-84BC-D5B70D7B3084}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent

"UDP Query User{CC6F7951-1541-4A49-B98E-6908AD7BC79B}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus

"TCP Query User{657A9266-4CFF-48EC-841D-F69665BBED93}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus

"UDP Query User{6BFA36F6-AD9B-49D6-B501-B2A139A00C84}c:\\program files\\rockstar games\\gta san andreas\\samp server\\samp-server.exe"= TCP:c:\program files\rockstar games\gta san andreas\samp server\samp-server.exe:samp-server

"TCP Query User{D8D696A3-E7E5-469F-B882-07C23402EDDF}c:\\program files\\rockstar games\\gta san andreas\\samp server\\samp-server.exe"= UDP:c:\program files\rockstar games\gta san andreas\samp server\samp-server.exe:samp-server

"UDP Query User{AC851BC4-9C86-4F06-8029-6C6050F73632}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire

"TCP Query User{160A1F8E-75C0-4671-B13D-59C5ABD16251}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire

"UDP Query User{D29620AC-3F93-49AA-B939-DFDCF0B35107}c:\\program files\\voipbuster.com\\voipbuster\\voipbuster.exe"= TCP:c:\program files\voipbuster.com\voipbuster\voipbuster.exe:Client to make VoIP calls.

"TCP Query User{2F1BC6CC-18FB-4243-87D2-2C9B93CAEAFF}c:\\program files\\voipbuster.com\\voipbuster\\voipbuster.exe"= UDP:c:\program files\voipbuster.com\voipbuster\voipbuster.exe:Client to make VoIP calls.

"UDP Query User{474CF4C1-C100-466E-B971-BD205B60E352}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex00.814\\gtarumbleserver.exe"= TCP:c:\users\sofian\appdata\local\temp\rar$ex00.814\gtarumbleserver.exe:gtarumbleserver.exe

"TCP Query User{94D1A7BD-96D7-4473-8B89-8A4238224449}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex00.814\\gtarumbleserver.exe"= UDP:c:\users\sofian\appdata\local\temp\rar$ex00.814\gtarumbleserver.exe:gtarumbleserver.exe

"UDP Query User{646FBDC6-C40B-444A-B597-427E6A6E7A80}c:\\program files\\participatory culture foundation\\miro\\xulrunner\\python\\miro_downloader.exe"= TCP:c:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe:Miro_Downloader

"TCP Query User{A83BBA09-E270-48AB-879E-DE2A1FBD94E4}c:\\program files\\participatory culture foundation\\miro\\xulrunner\\python\\miro_downloader.exe"= UDP:c:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe:Miro_Downloader

"{59D77588-33BF-4B97-B10A-4897EB53AFE0}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{803E39F7-78B8-4684-99C0-0C2CB8BD4CFC}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"UDP Query User{21CC4C73-8569-45EE-997D-124B256FAAEA}c:\\users\\sofian\\appdata\\locallow\\powerchallenge\\powersoccer\\powersoccer.exe"= Disabled:TCP:c:\users\sofian\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe:powersoccer.exe

"TCP Query User{22196733-FEDE-4DA5-83FC-DACF7CC96061}c:\\users\\sofian\\appdata\\locallow\\powerchallenge\\powersoccer\\powersoccer.exe"= UDP:c:\users\sofian\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe:powersoccer.exe

"UDP Query User{DEC548EE-2047-4C50-8BFF-CDAC46870652}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex35.8289\\patch.exe"= Disabled:TCP:c:\users\sofian\appdata\local\temp\rar$ex35.8289\patch.exe:patch.exe

"TCP Query User{3614CF16-7F8A-4004-8E05-3F400E4B5E3E}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex35.8289\\patch.exe"= Disabled:UDP:c:\users\sofian\appdata\local\temp\rar$ex35.8289\patch.exe:patch.exe

"UDP Query User{F18437DC-9F41-4383-9AD6-C1A60988DDCC}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex13.6771\\patch.exe"= Disabled:TCP:c:\users\sofian\appdata\local\temp\rar$ex13.6771\patch.exe:patch.exe

"TCP Query User{224A609B-63B2-467B-912D-A681AE74AD6E}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex13.6771\\patch.exe"= Disabled:UDP:c:\users\sofian\appdata\local\temp\rar$ex13.6771\patch.exe:patch.exe

"UDP Query User{C0E29B39-C25C-4FEF-A656-39E7F33E74BD}c:\\program files\\sega\\iron man\\ironman.exe"= TCP:c:\program files\sega\iron man\ironman.exe:A2M Game Engine

"TCP Query User{8437116C-045A-4735-BA3A-C780755848AF}c:\\program files\\sega\\iron man\\ironman.exe"= UDP:c:\program files\sega\iron man\ironman.exe:A2M Game Engine

"UDP Query User{8CE7B374-7E44-412D-B4E4-D6AA7886F43F}c:\\program files\\mta san andreas\\server\\mta server.exe"= TCP:c:\program files\mta san andreas\server\mta server.exe:MTA Server

"TCP Query User{B36A7935-97DA-4F7A-AB71-CDBCFECAF281}c:\\program files\\mta san andreas\\server\\mta server.exe"= UDP:c:\program files\mta san andreas\server\mta server.exe:MTA Server

"{F2923331-22E1-4E05-8FD4-EED852780340}"= TCP:c:\program files\Hide IP Platinum\hideippla.exe:Hide IP Platinum

"{A645F9A2-9908-4313-8B14-70924656A8B9}"= UDP:c:\program files\Hide IP Platinum\hideippla.exe:Hide IP Platinum

"UDP Query User{324774FA-B894-4D94-962F-0FA0D38BCBBE}c:\\program files\\ea sports\\fifa 08\\fifa08.exe"= TCP:c:\program files\ea sports\fifa 08\fifa08.exe:FIFA08

"TCP Query User{0103AA03-8BA7-4D39-99CA-4EB76E0F2FDB}c:\\program files\\ea sports\\fifa 08\\fifa08.exe"= UDP:c:\program files\ea sports\fifa 08\fifa08.exe:FIFA08

"UDP Query User{D591E3CB-061E-47F3-A798-60851B935FFC}c:\\program files\\ea games\\need for speed most wanted\\speed.exe"= TCP:c:\program files\ea games\need for speed most wanted\speed.exe:speed

"TCP Query User{D8034389-8DA4-4336-9F4F-05DC5D6D933C}c:\\program files\\ea games\\need for speed most wanted\\speed.exe"= UDP:c:\program files\ea games\need for speed most wanted\speed.exe:speed

"UDP Query User{27CA4F2C-F4A8-4CCB-B37A-58D91CDA187B}c:\\windows\\system32\\zonelabs\\vsmon.exe"= TCP:c:\windows\system32\zonelabs\vsmon.exe:TrueVector Service

"TCP Query User{09B71C24-C278-4CEE-A07D-A85FAC53D66F}c:\\windows\\system32\\zonelabs\\vsmon.exe"= UDP:c:\windows\system32\zonelabs\vsmon.exe:TrueVector Service

"{A694356B-DCE6-46B4-81C9-7F1BF6E8D0BD}"= TCP:c:\program files\Anyplace Control 4\apc_host.exe:Anyplace Control - Host Module

"{D6E0B432-B38F-4604-9C66-E8DBD0D26D85}"= UDP:c:\program files\Anyplace Control 4\apc_host.exe:Anyplace Control - Host Module

"UDP Query User{081DF3A1-A737-4B1A-8E2F-3ED3191946D9}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC

"TCP Query User{74E35358-40CC-48B1-8254-B8B0DE21EC20}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC

"UDP Query User{9E78BC5B-6B79-4A83-B420-F4FFC1C824B9}c:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= TCP:c:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon

"TCP Query User{3A67AA1E-2903-46CF-AFB3-13EDE809CC1C}c:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= UDP:c:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon

"UDP Query User{3E3F2425-7523-4869-BF0B-948EE453792B}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{1E068C53-2CF4-45B3-B8D6-D5D2C758CC47}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox

"{A60A5777-3712-4781-909A-E562EC13F6AB}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent

"{1850859D-E62C-4D16-A780-4968346CA9C4}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent

"UDP Query User{E7EDA855-37AB-4B36-8022-BACE3FC8ADA0}c:\\program files\\disney interactive\\treasure planet battle at procyon\\tp_game\\tp_win32.exe"= TCP:c:\program files\disney interactive\treasure planet battle at procyon\tp_game\tp_win32.exe:tp_win32

"TCP Query User{B233138C-50A1-4A52-A313-9863D95F0E53}c:\\program files\\disney interactive\\treasure planet battle at procyon\\tp_game\\tp_win32.exe"= UDP:c:\program files\disney interactive\treasure planet battle at procyon\tp_game\tp_win32.exe:tp_win32

"{44532AF2-7C13-40D8-9DD2-BD9B00FAC573}"= TCP:c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe:VoipBuster

"{CD223108-C909-4C5F-A619-812D6AD86666}"= UDP:c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe:VoipBuster

"{9AC21C58-6565-4B09-A236-1C6E53E234D8}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{11B576E1-B887-47A7-A55D-9EDD18EFE2C6}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire

"{F8E3F7D3-F590-4016-9007-3EAE21EAA446}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire

"{369C3E79-E41A-44B4-A978-2B93CFF0CE3C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{DDB069C9-E320-4264-9A6D-6EC50BF098F3}"= TCP:c:\users\Sofian\Program Files\uTorrent\uTorrent.exe:µTorrent

"{3522FAAA-E7CC-4D52-8A11-379115C6D72E}"= UDP:c:\users\Sofian\Program Files\uTorrent\uTorrent.exe:µTorrent

"{C54D7D3B-57AF-4522-89AA-159E577773D0}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server

"{3DB6E3AB-1D74-4F00-A772-795E4A26D6D8}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine

"{3CABAA43-9F86-4D02-AB76-8FE8F562D6AD}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program

"{D874EB75-B187-4F66-9E24-8BDB71152578}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect

"{B47A655A-053C-4B47-BC89-646ACA1D9DF1}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{149CA782-81E2-49E4-B14A-D23BCA105DAC}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{AEC7333B-4641-4907-A68C-64304FC929E1}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{6F77D1F2-B3BB-40F5-B0CC-1A129BBEBB37}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"TCP Query User{98FAEA70-FFDF-4465-9FED-0D9E424E96CC}c:\\program files\\rainbow six vegas\\binaries\\r6vegas2_game.exe"= UDP:c:\program files\rainbow six vegas\binaries\r6vegas2_game.exe:R6Vegas2_Game

"UDP Query User{06AF7056-339E-4B4B-ACED-28D9AED1B00A}c:\\program files\\rainbow six vegas\\binaries\\r6vegas2_game.exe"= TCP:c:\program files\rainbow six vegas\binaries\r6vegas2_game.exe:R6Vegas2_Game

"{A72FA228-4027-4C09-9E5D-16CCCADDE895}"= UDP:27015:cs

"{6F58EE41-EE56-466A-811E-B91231C6B098}"= TCP:27015:cs2

"TCP Query User{89D619DA-8462-47D2-B87A-F65465542D13}c:\\program files\\ea games\\need for speed most wanted\\speed.exe"= UDP:c:\program files\ea games\need for speed most wanted\speed.exe:speed

"UDP Query User{81D927CC-9991-4D31-BA21-F5D597770B4C}c:\\program files\\ea games\\need for speed most wanted\\speed.exe"= TCP:c:\program files\ea games\need for speed most wanted\speed.exe:speed

"TCP Query User{CF28231D-A4AB-4EC6-A8A1-3435FEDA5975}c:\\program files\\free download manager\\fdm.exe"= UDP:c:\program files\free download manager\fdm.exe:Free Download Manager

"UDP Query User{467F41AF-99A6-455D-B1B2-CE2308C3AE3D}c:\\program files\\free download manager\\fdm.exe"= TCP:c:\program files\free download manager\fdm.exe:Free Download Manager

"TCP Query User{8A7D27FA-DA13-49A0-A28C-6CEA99A48ED0}c:\\program files\\electronic arts\\need for speed prostreet\\online\\bombd.exe"= UDP:c:\program files\electronic arts\need for speed prostreet\online\bombd.exe:bombd

"UDP Query User{1AFCE24B-B976-41BB-8277-5EF44F459ADD}c:\\program files\\electronic arts\\need for speed prostreet\\online\\bombd.exe"= TCP:c:\program files\electronic arts\need for speed prostreet\online\bombd.exe:bombd

"TCP Query User{B8B3C1A0-DAAC-4EE9-A6F9-64EAF9419DE5}c:\\program files\\midnight club 2\\mc2.exe"= UDP:c:\program files\midnight club 2\mc2.exe:mc2

"UDP Query User{6A29C6CE-3831-4646-B400-5F783BCAEACD}c:\\program files\\midnight club 2\\mc2.exe"= TCP:c:\program files\midnight club 2\mc2.exe:mc2

"{B9BC18A5-EFE4-46EB-AC93-72A2B6F801D7}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{18CEC237-0B76-4515-BE32-0C100FEC6D86}c:\\program files\\midnight club 2\\mc2.exe"= UDP:c:\program files\midnight club 2\mc2.exe:mc2

"UDP Query User{148526E6-35AA-46C0-884C-A31AA5BBEAB9}c:\\program files\\midnight club 2\\mc2.exe"= TCP:c:\program files\midnight club 2\mc2.exe:mc2

"TCP Query User{D761FCBC-4F47-4BFE-BFE4-42DF050F1529}c:\\program files\\counter-strike 1.6\\hl.exe"= UDP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher

"UDP Query User{32E24C83-E7F4-44A1-B755-B8F8F20D4A0E}c:\\program files\\counter-strike 1.6\\hl.exe"= TCP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher

"TCP Query User{9BDB6799-E480-4523-BB34-7599B7A3C00F}c:\\program files\\valve\\counter-strike source\\hl2.exe"= UDP:c:\program files\valve\counter-strike source\hl2.exe:hl2

"UDP Query User{DC5F9973-99AE-45C3-926A-6016CA54FA07}c:\\program files\\valve\\counter-strike source\\hl2.exe"= TCP:c:\program files\valve\counter-strike source\hl2.exe:hl2

"TCP Query User{180C3D0D-0D7D-4E93-ABFA-B1AA2B8B4326}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex00.016\\nfsuclient.exe"= UDP:c:\users\sofian\appdata\local\temp\rar$ex00.016\nfsuclient.exe:nfsuclient.exe

"UDP Query User{EE52C356-31CA-49D3-86C5-31EDA7B83272}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex00.016\\nfsuclient.exe"= TCP:c:\users\sofian\appdata\local\temp\rar$ex00.016\nfsuclient.exe:nfsuclient.exe

"TCP Query User{1D19EC40-539C-45A0-B14A-DCBB420D73FB}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex02.807\\nfsuserver.1.0.1.exe"= UDP:c:\users\sofian\appdata\local\temp\rar$ex02.807\nfsuserver.1.0.1.exe:nfsuserver.1.0.1.exe

"UDP Query User{CA9AA832-14CF-4784-A0E6-A873FBFF2537}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex02.807\\nfsuserver.1.0.1.exe"= TCP:c:\users\sofian\appdata\local\temp\rar$ex02.807\nfsuserver.1.0.1.exe:nfsuserver.1.0.1.exe

"TCP Query User{F20E1835-AA1E-4A33-B08C-060A5A1C5446}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex04.415\\nfsuclient.exe"= UDP:c:\users\sofian\appdata\local\temp\rar$ex04.415\nfsuclient.exe:nfsuclient.exe

"UDP Query User{6CF40273-EF0A-43CA-BAE9-3F47DBD855F9}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex04.415\\nfsuclient.exe"= TCP:c:\users\sofian\appdata\local\temp\rar$ex04.415\nfsuclient.exe:nfsuclient.exe

"TCP Query User{926B5B97-4EA8-4604-BA27-469A17E4EC4B}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex05.310\\nfsuclient.exe"= UDP:c:\users\sofian\appdata\local\temp\rar$ex05.310\nfsuclient.exe:nfsuclient.exe

"UDP Query User{5584FE3E-B6C3-4B7A-AB1F-2104113C6C2D}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex05.310\\nfsuclient.exe"= TCP:c:\users\sofian\appdata\local\temp\rar$ex05.310\nfsuclient.exe:nfsuclient.exe

"{954FA7EB-DF6C-4A27-83D4-C3DCDA96386B}"= UDP:80:LAN-MW

"{78BF540B-9E58-4DB5-B4EC-1F1F72E42DCE}"= UDP:13505:LAN-MW1

"{D3C9E63D-91BA-464F-82A4-C38CB57CB538}"= TCP:3658:LAN-MW3

"{7223C4BC-7C74-4639-A38C-0E3142A8E5E7}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"{BE499951-71C5-407D-99B6-89A000F71B29}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"TCP Query User{A3CBBF16-7F14-4671-840B-B7B2A30DFA5C}c:\\program files\\counter-strike 1.6\\hlds.exe"= UDP:c:\program files\counter-strike 1.6\hlds.exe:HLDS Launcher

"UDP Query User{FFF9971C-3B60-482F-8B37-04F8133A9C74}c:\\program files\\counter-strike 1.6\\hlds.exe"= TCP:c:\program files\counter-strike 1.6\hlds.exe:HLDS Launcher

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Configurable\System]

"Rip-Listener-1"= TCP:520|%SystemRoot%\System32\svchost.exe|Svc=iprip:@iprip.dll,-200|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

"SNMP-1"= TCP:%SystemRoot%\system32\snmp.exe|Svc=SNMP:@%SystemRoot%\system32\snmp.exe,-5|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

"c:\\Program Files\\River Past\\Audio Converter Pro\\AudioConverter.exe"= c:\program files\River Past\Audio Converter Pro\AudioConverter.exe:*:Enabled:River Past Audio Converter Pro

S1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-01-31 111184]

S3 DESVUSB;Dell service driver;c:\windows\System32\drivers\desrvusb.sys [2008-11-30 17536]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [2008-11-30 111616]

S3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [2008-11-30 235648]

S3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [2008-11-30 7424]

S3 WMSvc;Web Management-service;c:\windows\System32\inetsrv\WMSvc.exe [2006-11-02 10752]

S4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [2008-04-16 73728]

S4 Anyplace Control Security;Anyplace Control Security;c:\windows\svcadmin.exe [2008-04-24 104960]

S4 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-01-31 20560]

S4 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-01-31 51792]

S4 deMntrService;Dell AIO Center Service;c:\program files\Dell\MFP_DELL\deMntrService.exe [2007-06-28 131072]

S4 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);c:\program files\Belgacom\bin\sprtsvc.exe [2008-05-29 202016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LPDService REG_MULTI_SZ LPDSVC

rsmsvcs REG_MULTI_SZ ntmssvc

ipripsvc REG_MULTI_SZ iprip

bthsvcs REG_MULTI_SZ BthServ

.

Inhoud van de 'Gedeelde Taken' map

2009-02-01 c:\windows\Tasks\1-Click Maintenance.job

- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe []

2009-02-01 c:\windows\Tasks\RegCure Program Check.job

- c:\program files\RegCure\RegCure.exe [2007-08-02 10:20]

2008-12-12 c:\windows\Tasks\RegCure.job

- c:\program files\RegCure\RegCure.exe [2007-08-02 10:20]

2009-01-31 c:\windows\Tasks\RegTool Scan.job

- c:\program files\RegTool\RegTool.exe []

2009-01-31 c:\windows\Tasks\RegTool Scan.job

- c:\program files\RegTool []

2009-02-01 c:\windows\Tasks\RegTool Startup.job

- c:\program files\RegTool\RegTool.exe []

.

- - - - ORPHANS VERWIJDERD - - - -

HKLM-RunOnce-<NO NAME> - (no file)

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.games-fusion.net/

mStart Page = hxxp://www.games-fusion.net/

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab

FF - ProfilePath - c:\users\Sofian\AppData\Roaming\Mozilla\Firefox\Profiles\yo9qwklf.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Wikipedia (nl)

FF - prefs.js: browser.startup.homepage - about:blank

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll

---- FIREFOX POLICIES ----

FF - user.js: network.proxy.type - 0

FF - user.js: network.proxy.http -

FF - user.js: network.proxy.http_port - 0

FF - user.js: network.proxy.ssl -

FF - user.js: network.proxy.ssl_port - 0

FF - user.js: network.proxy.ftp -

FF - user.js: network.proxy.ftp_port - 0

FF - user.js: network.proxy.gopher -

FF - user.js: network.proxy.gopher_port - 0

FF - user.js: network.proxy.socks_version - 5

FF - user.js: network.proxy.socks -

FF - user.js: network.proxy.socks_port - 0

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-01 14:09:57

Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

Voltooingstijd: 2009-02-01 14:12:14

ComboFix-quarantined-files.txt 2009-02-01 13:12:12

ComboFix2.txt 2009-01-31 19:56:04

ComboFix3.txt 2009-01-31 15:19:40

Pre-Run: 75,753,709,568 bytes beschikbaar

Post-Run: 75,725,246,464 bytes beschikbaar

450

Weer een dubbel post