Ga naar inhoud

[OPGELOST] HJT-Logje


Aanbevolen berichten

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:26:42, on 8/12/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\Belgacom\bin\sprtcmd.exe

C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Dell\MFP_DELL\deDvcStatus.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\WebcamMax\wcmmon.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\VoipBuster.com\VoipBuster\voipbuster.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN

c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Windows\system32\conime.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Gepersonaliseerde startpagina

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door Dell

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [DeStatusMon] "C:\Program Files\Dell\MFP_DELL\deDvcStatus.exe" dvcStatusMinimize

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto

O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\wcmmon.exe" /a

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\voipbuster.exe" -nosplash -minimized

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: OpenOffice.org 2.4 .lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe

O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O15 - Trusted Zone: http://assets.wrts.nl (HKLM)

O15 - Trusted Zone: Wrts (HKLM)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209149147425

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209149996026

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.futuremark.com/global/msc3121.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\system32\bgsvcgen.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

O23 - Service: Dell AIO Center Service (deMntrService) - Dell - C:\Program Files\Dell\MFP_DELL\deMntrService.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 12221 bytes

Dank je

Link naar reactie
Delen op andere sites


Graag in het vervolg ook even je problemen omschrijven. Hebben we een idee naar wat we specifiek moeten zoeken. Maar zonder dat te weten mag je al het volgende doen :

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O15 - Trusted Zone: http://assets.wrts.nl (HKLM)

O15 - Trusted Zone: Wrts (HKLM)

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

Klik op 'Fix checked' om de items te verwijderen.

Verwijder volgende vetgedrukte map met Windows Verkenner :

C:\Program Files\Common Files\BOONTY Shared

Download MBAM (Malwarebytes' Anti-Malware).

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)

De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.

Daarna zal het vragen om de computeropnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

Link naar reactie
Delen op andere sites

Het MBAM Logje

Malwarebytes' Anti-Malware 1.31

Database versie: 1477

Windows 6.0.6000

9/12/2008 12:22:43

mbam-log-2008-12-09 (12-22-43).txt

Scan type: Snelle Scan

Objecten gescand: 46682

Verstreken tijd: 3 minute(s), 37 second(s)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 14

Registerwaarden geïnfecteerd: 0

Registerdata bestanden geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 8

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:

HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:

C:\Windows\System32\c.ico (Malware.Trace) -> Quarantined and deleted successfully.

C:\Windows\System32\m.ico (Malware.Trace) -> Quarantined and deleted successfully.

C:\Windows\System32\p.ico (Malware.Trace) -> Quarantined and deleted successfully.

C:\Windows\System32\s.ico (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Sofian\Favorites\Free MP3 Search.url (Rogue.Link) -> Quarantined and deleted successfully.

C:\Users\Sofian\Favorites\Free ****.url (Rogue.Link) -> Quarantined and deleted successfully.

C:\Users\Sofian\Favorites\Search Online.url (Rogue.Link) -> Quarantined and deleted successfully.

C:\Users\Sofian\Favorites\VIP Casino.url (Rogue.Link) -> Quarantined and deleted successfully.

HJT-Logje

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:24:46, on 9/12/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\Belgacom\bin\sprtcmd.exe

C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Dell\MFP_DELL\deDvcStatus.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\WebcamMax\wcmmon.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\VoipBuster.com\VoipBuster\voipbuster.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN

c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Windows\system32\conime.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Gepersonaliseerde startpagina

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door Dell

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [DeStatusMon] "C:\Program Files\Dell\MFP_DELL\deDvcStatus.exe" dvcStatusMinimize

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto

O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\wcmmon.exe" /a

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\voipbuster.exe" -nosplash -minimized

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: OpenOffice.org 2.4 .lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe

O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209149147425

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209149996026

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.futuremark.com/global/msc3121.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\system32\bgsvcgen.exe

O23 - Service: Dell AIO Center Service (deMntrService) - Dell - C:\Program Files\Dell\MFP_DELL\deMntrService.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 11950 bytes

Link naar reactie
Delen op andere sites



Gaan we even op zoek naar dat virusbestand :

Download Combofix naar je Bureaublad.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

  • Dubbelklik op Combofix.exe om het te starten.
    Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
    Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
    Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster.
    Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
    Klik na afloop terug op Ja om het scannen op malware te starten.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.

Link naar reactie
Delen op andere sites

ComboFix 08-12-07.04 - Sofian 2008-12-09 17:51:03.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.840 [GMT 1:00]

Gestart vanuit: c:\users\Sofian\Desktop\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Sofian\AppData\Roaming\.#

c:\windows\System32\bklatleu.ini

c:\windows\System32\bklatleu.ini2

c:\windows\System32\bklatleu.tmp

c:\windows\system32\Ghjilnnn.ini

c:\windows\system32\Ghjilnnn.ini2

c:\windows\system32\igfxres.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_Boonty Games

-------\Service_iprip

(((((((((((((((((((( Bestanden Gemaakt van 2008-11-09 to 2008-12-09 ))))))))))))))))))))))))))))))

.

2008-12-09 16:40 . 2008-12-09 16:40 <DIR> d-------- c:\program files\Cool Beans NFO Creator

2008-12-09 12:02 . 2008-12-09 12:02 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-12-09 12:02 . 2008-12-03 19:59 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2008-12-09 12:02 . 2008-12-03 19:59 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2008-12-08 20:05 . 2008-12-08 20:05 4,608 --a------ c:\windows\System32\temp.001

2008-12-08 16:47 . 2008-12-08 16:47 <DIR> d-------- c:\windows\PCHEALTH

2008-12-06 22:49 . 2008-12-06 22:49 <DIR> d-------- c:\windows\Midnight Club 2

2008-12-06 22:49 . 2008-12-06 23:19 <DIR> d-------- c:\program files\Midnight Club 2

2008-12-06 18:21 . 2008-12-06 18:21 <DIR> d-------- c:\windows\System32\Futuremark

2008-12-05 17:44 . 2008-12-05 17:44 <DIR> d-------- c:\program files\Electronic Arts

2008-12-05 17:44 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\System32\d3dx9_34.dll

2008-12-05 17:44 . 2007-05-16 16:45 1,124,720 --a------ c:\windows\System32\D3DCompiler_34.dll

2008-12-05 17:44 . 2007-05-16 16:45 443,752 --a------ c:\windows\System32\d3dx10_34.dll

2008-12-05 17:44 . 2007-06-20 20:46 266,088 --a------ c:\windows\System32\xactengine2_8.dll

2008-12-05 17:44 . 2007-04-04 18:55 261,480 --a------ c:\windows\System32\xactengine2_7.dll

2008-12-05 17:43 . 2007-01-24 15:27 255,848 --a------ c:\windows\System32\xactengine2_6.dll

2008-12-05 17:43 . 2007-03-05 12:42 15,128 --a------ c:\windows\System32\x3daudio1_1.dll

2008-12-03 15:07 . 2008-12-06 15:55 <DIR> d-------- C:\Downloads

2008-11-30 18:10 . 2008-11-30 18:10 <DIR> d-------- c:\users\All Users\Ubisoft

2008-11-30 18:10 . 2008-11-30 18:10 <DIR> d-------- c:\programdata\Ubisoft

2008-11-30 16:12 . 2000-07-31 13:28 286,208 --a------ c:\windows\system\binkw32.dll

2008-11-30 16:11 . 2007-12-02 13:28 53,248 --a------ c:\windows\system\PhysXLoader.dll

2008-11-30 15:55 . 2008-06-23 10:22 386,600 --a------ c:\windows\system\nxcooking.dll

2008-11-30 15:53 . 2007-08-14 23:49 3,821,568 --a------ c:\windows\system\wxmsw262u.dll

2008-11-30 15:42 . 2008-11-30 15:46 22,328 --a------ c:\users\Sofian\AppData\Roaming\PnkBstrK.sys

2008-11-30 15:41 . 2008-11-30 15:41 66,872 --a------ c:\windows\System32\PnkBstrA.exe

2008-11-30 15:20 . 2008-11-30 15:21 <DIR> d-------- c:\program files\Hamachi

2008-11-30 15:20 . 2008-11-30 15:20 25,280 --a------ c:\windows\System32\drivers\hamachi.sys

2008-11-30 11:06 . 2008-11-26 18:17 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys

2008-11-30 09:39 . 2008-11-30 09:39 1,809,944 --a------ c:\windows\System32\wuaueng.dll

2008-11-30 09:39 . 2008-11-30 09:39 1,524,736 --a------ c:\windows\System32\wucltux.dll

2008-11-30 09:39 . 2008-11-30 09:39 51,224 --a------ c:\windows\System32\wuauclt.exe

2008-11-30 09:39 . 2008-11-30 09:39 43,544 --a------ c:\windows\System32\wups2.dll

2008-11-30 09:38 . 2008-11-30 09:38 561,688 --a------ c:\windows\System32\wuapi.dll

2008-11-30 09:38 . 2008-11-30 09:38 162,064 --a------ c:\windows\System32\wuwebv.dll

2008-11-30 09:38 . 2008-11-30 09:38 83,456 --a------ c:\windows\System32\wudriver.dll

2008-11-30 09:38 . 2008-11-30 09:38 34,328 --a------ c:\windows\System32\wups.dll

2008-11-30 09:38 . 2008-11-30 09:38 31,232 --a------ c:\windows\System32\wuapp.exe

2008-11-30 02:13 . 2008-11-30 02:13 22,160 --a------ c:\windows\System32\emptyregdb.dat

2008-11-30 02:04 . 2008-11-30 02:04 <DIR> d-------- c:\users\Default\video

2008-11-30 02:04 . 2008-11-30 02:04 <DIR> d-------- c:\users\Default\Roaming

2008-11-30 01:22 . 2008-11-30 02:01 <DIR> dr------- c:\users\Sofian\Videos

2008-11-30 01:22 . 2008-11-30 02:01 <DIR> dr------- c:\users\Sofian\Saved Games

2008-11-30 01:22 . 2008-11-30 09:39 <DIR> dr------- c:\users\Sofian\Pictures

2008-11-30 01:22 . 2008-11-30 09:39 <DIR> dr------- c:\users\Sofian\Music

2008-11-30 01:22 . 2008-11-30 09:39 <DIR> dr------- c:\users\Sofian\Links

2008-11-30 01:22 . 2008-11-30 02:01 <DIR> dr------- c:\users\Sofian\Downloads

2008-11-30 01:22 . 2008-12-08 19:14 <DIR> dr------- c:\users\Sofian\Documents

2008-11-30 01:22 . 2006-11-02 13:37 <DIR> d-------- c:\users\Sofian\AppData\Roaming\Media Center Programs

2008-11-30 01:22 . 2008-11-30 02:00 <DIR> d--h----- c:\users\Sofian\AppData

2008-11-30 01:22 . 2008-11-30 09:39 <DIR> d-------- c:\users\Sofian

2008-11-30 01:17 . 2008-11-30 01:17 <DIR> d-------- c:\windows\System32\URTTEMP

2008-11-30 01:17 . 2008-12-08 16:47 <DIR> d--hs---- c:\windows\Installer

2008-11-30 01:16 . 2008-12-09 17:55 2,942 --a------ c:\windows\bthservsdp.dat

2008-11-30 01:16 . 2008-11-30 01:16 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf

2008-11-30 01:14 . 2008-11-30 01:14 <DIR> d-------- c:\program files\DellTPad

2008-11-30 01:14 . 2008-11-30 01:14 <DIR> d-------- c:\program files\CONEXANT

2008-11-30 01:14 . 2008-11-30 01:14 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf

2008-11-30 01:12 . 2008-11-30 11:24 <DIR> d-------- c:\windows\System32\catroot2

2008-11-30 00:58 . 2007-09-06 17:43 304,920 --a------ c:\windows\System32\drivers\iaStor.sys

2008-11-30 00:58 . 2007-09-06 17:35 90,112 --a------ c:\windows\System32\snymsico.dll

2008-11-30 00:58 . 2007-09-06 17:35 42,496 --a------ c:\windows\System32\drivers\rimsptsk.sys

2008-11-30 00:58 . 2007-09-06 17:35 39,936 --a------ c:\windows\System32\drivers\rimmptsk.sys

2008-11-30 00:58 . 2007-09-06 17:35 37,376 --a------ c:\windows\System32\drivers\rixdptsk.sys

2008-11-30 00:58 . 2007-09-06 17:35 16,480 --a------ c:\windows\System32\rixdicon.dll

2008-11-30 00:57 . 2008-11-30 01:15 <DIR> d-------- c:\windows\Debug

2008-11-30 00:56 . 2008-11-30 00:56 <DIR> d-------- c:\windows\System32\msmq

2008-11-30 00:56 . 2008-11-30 00:56 862 --a------ c:\windows\System32\termcap

2008-11-30 00:55 . 2008-11-30 00:55 <DIR> d-------- c:\windows\System32\OEM

2008-11-30 00:55 . 2007-02-26 20:13 36 -rah----- c:\windows\DELL_VERSION

2008-11-30 00:36 . 2008-11-30 00:36 <DIR> d--h----- C:\$WINDOWS.~Q

2008-11-30 00:24 . 2008-11-30 00:29 <DIR> d--h----- C:\$INPLACE.~TR

2008-11-30 00:17 . 2008-11-30 00:59 8,192 -ra-s---- C:\BOOTSECT.BAK

2008-11-29 23:27 . 2008-11-30 13:26 1,905 --a------ c:\windows\diagwrn.xml

2008-11-29 23:27 . 2008-11-30 13:26 1,905 --a------ c:\windows\diagerr.xml

2008-11-29 23:10 . 2008-11-30 01:48 <DIR> d-------- c:\users\All Users\Office Genuine Advantage

2008-11-29 23:10 . 2008-11-30 01:48 <DIR> d-------- c:\programdata\Office Genuine Advantage

2008-11-29 22:28 . 2008-11-30 01:48 <DIR> d-------- c:\windows\CheckSur

2008-11-29 22:28 . 2008-11-30 01:48 <DIR> d-------- c:\users\All Users\Windows Genuine Advantage

2008-11-29 13:10 . 2008-11-29 21:54 <DIR> d-------- C:\e952acb781df7695386c

2008-11-29 12:23 . 2008-11-30 01:33 <DIR> d-------- c:\program files\ffdshow

2008-11-29 12:23 . 2008-11-02 10:11 60,273 --a------ c:\windows\System32\pthreadGC2.dll

2008-11-29 12:23 . 2008-11-02 10:11 11,264 --a------ c:\windows\System32\ff_vfw.dll

2008-11-29 12:23 . 2008-11-02 10:11 547 --a------ c:\windows\System32\ff_vfw.dll.manifest

2008-11-29 12:21 . 2008-11-30 01:47 <DIR> d-------- c:\program files\Xvid

2008-11-29 12:21 . 2008-04-27 10:33 765,952 --a------ c:\windows\System32\xvidcore.dll

2008-11-29 12:21 . 2008-04-27 10:35 180,224 --a------ c:\windows\System32\xvidvfw.dll

2008-11-29 12:21 . 2007-06-28 18:55 77,824 --a------ c:\windows\System32\xvid.ax

2008-11-29 10:39 . 2008-11-30 01:48 <DIR> d--h-c--- c:\users\All Users\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}

2008-11-29 10:39 . 2008-11-30 01:48 <DIR> d--h-c--- c:\programdata\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}

2008-11-29 10:39 . 2008-11-30 01:40 <DIR> d-------- c:\program files\Uniblue

2008-11-28 23:27 . 2008-11-28 23:27 1,056,768 --a------ c:\windows\System32\defltbase.sdb

2008-11-28 20:58 . 2008-11-28 20:58 <DIR> d-------- C:\5b534c155c11e0b6d2a7d4b2

2008-11-28 18:53 . 2008-11-28 18:53 16,094 --a------ c:\windows\System32\results.xml

2008-11-28 18:16 . 2008-11-28 22:04 720,896 --a------ c:\windows\SPInstall.etl

2008-11-28 17:46 . 2008-11-30 02:00 <DIR> d-------- c:\users\Sofian\AppData\Roaming\Corel

2008-11-28 17:46 . 2008-11-28 17:47 2,828 --ahs---- c:\windows\System32\KGyGaAvL.sys

2008-11-28 17:46 . 2008-11-28 17:46 88 --ahs---- c:\windows\System32\658BC72326.sys

2008-11-28 16:05 . 2008-11-30 01:51 <DIR> d-------- c:\windows\System32\NtmsData

2008-11-26 20:58 . 2008-11-30 01:48 <DIR> d-------- c:\users\All Users\My Music

2008-11-26 20:58 . 2008-11-30 01:47 <DIR> d-------- c:\users\All Users\Corel

2008-11-26 20:58 . 2008-11-30 01:48 <DIR> d-------- c:\programdata\My Music

2008-11-26 20:58 . 2008-11-30 01:47 <DIR> d-------- c:\programdata\Corel

2008-11-26 20:57 . 2008-11-30 01:29 <DIR> d-------- c:\program files\Corel

2008-11-26 20:57 . 2008-11-30 01:29 <DIR> d-------- c:\program files\Common Files\Corel

2008-11-26 16:54 . 2008-11-30 01:48 <DIR> d-------- c:\users\All Users\PC Drivers HeadQuarters

2008-11-26 16:54 . 2008-11-30 01:48 <DIR> d-------- c:\programdata\PC Drivers HeadQuarters

2008-11-24 19:05 . 2008-11-25 22:49 <DIR> d-------- C:\2de431c060eb2340c01eaf598ea0

2008-11-24 18:58 . 2007-09-04 17:56 164,352 --a------ c:\windows\System32\unrar.dll

2008-11-23 19:30 . 2008-11-23 19:30 307,968 --a------ c:\windows\System32\TuneUpDefragService.exe

2008-11-23 19:30 . 2008-02-27 13:15 28,416 --a------ c:\windows\System32\uxtuneup.dll

2008-11-23 19:30 . 2008-02-27 13:15 16,640 --a------ c:\windows\System32\authuitu.dll

2008-11-23 19:29 . 2008-11-30 02:01 <DIR> d-------- c:\users\Sofian\AppData\Roaming\TuneUp Software

2008-11-23 19:29 . 2008-11-30 01:48 <DIR> d-------- c:\users\All Users\TuneUp Software

2008-11-23 19:29 . 2008-11-30 01:48 <DIR> d-------- c:\programdata\TuneUp Software

2008-11-23 19:29 . 2008-11-30 01:40 <DIR> d-------- c:\program files\TuneUp Utilities 2008

2008-11-23 18:54 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\System32\D3DX9_38.dll

2008-11-23 13:02 . 2008-11-30 01:30 <DIR> d-------- c:\program files\Counter-Strike Source

2008-11-22 22:56 . 2008-11-22 22:56 <DIR> d-------- c:\program files\MSXML 4.0

2008-11-22 22:41 . 2008-11-30 01:40 <DIR> d-------- c:\program files\VALVe

2008-11-22 18:43 . 2008-11-30 01:40 <DIR> d-------- c:\program files\SystemRequirementsLab

2008-11-22 13:11 . 2008-11-30 01:48 <DIR> d-------- c:\users\All Users\Stardock

2008-11-22 13:11 . 2008-11-30 01:48 <DIR> d-------- c:\programdata\Stardock

2008-11-22 13:11 . 2008-11-30 01:40 <DIR> d-------- c:\program files\Stardock

2008-11-22 13:11 . 2007-06-05 11:26 567,040 --a------ c:\windows\System32\wbocx.ocx

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-09 10:53 --------- d-----w c:\users\Sofian\AppData\Roaming\OpenOffice.org2

2008-12-08 21:57 --------- d-----w c:\users\Sofian\AppData\Roaming\uTorrent

2008-12-08 19:05 73,216 ----a-w c:\windows\ST6UNST.EXE

2008-12-08 19:05 249,856 ------w c:\windows\Setup1.exe

2008-12-08 19:05 --------- d-----w c:\program files\vbNFSMWMegaTrainer

2008-12-08 14:29 --------- d-----w c:\users\Sofian\AppData\Roaming\LimeWire

2008-12-08 13:18 --------- d-----w c:\users\Sofian\AppData\Roaming\Hamachi

2008-12-06 11:03 --------- d-----w c:\programdata\Webcammax

2008-12-05 15:35 --------- d-----w c:\program files\Counter-Strike 1.6

2008-11-30 09:26 --------- d-----w c:\users\Sofian\AppData\Roaming\MailWasherPro

2008-11-30 08:35 --------- d-sh--w c:\programdata\Sjablonen

2008-11-30 08:35 --------- d-sh--w c:\programdata\Menu Start

2008-11-30 08:35 --------- d-sh--w c:\programdata\Favorieten

2008-11-30 08:35 --------- d-sh--w c:\programdata\Documenten

2008-11-30 08:35 --------- d-sh--w c:\programdata\Bureaublad

2008-11-30 01:00 --------- d-----w c:\users\Sofian\AppData\Roaming\mIRC

2008-11-30 00:48 --------- d-----w c:\programdata\Xfire

2008-11-30 00:48 --------- d-----w c:\programdata\WLInstaller

2008-11-30 00:48 --------- d-----w c:\programdata\Uninstall

2008-11-30 00:48 --------- d-----w c:\programdata\Ulead Systems

2008-11-30 00:48 --------- d-----w c:\programdata\SupportSoft

2008-11-30 00:48 --------- d-----w c:\programdata\Spybot - Search & Destroy

2008-11-30 00:48 --------- d-----w c:\programdata\Sonic

2008-11-30 00:48 --------- d-----w c:\programdata\SlySoft

2008-11-30 00:48 --------- d-----w c:\programdata\ScanSoft

2008-11-30 00:48 --------- d-----w c:\programdata\PassMark

2008-11-30 00:40 --------- d-----w c:\program files\uTorrent

2008-11-30 00:40 --------- d-----w c:\program files\Trend Micro

2008-11-30 00:40 --------- d-----w c:\program files\Thrustmaster

2008-11-30 00:40 --------- d-----w c:\program files\The Privacy Guard

2008-11-30 00:40 --------- d-----w c:\program files\SubSync

2008-11-30 00:40 --------- d-----w c:\program files\StuffPlug3

2008-11-30 00:40 --------- d-----w c:\program files\Spybot - Search & Destroy

2008-11-30 00:39 --------- d-----w c:\program files\SlySoft

2008-11-30 00:39 --------- d-----w c:\program files\Sigmatel

2008-11-30 00:39 --------- d-----w c:\program files\SetPoint

2008-11-30 00:39 --------- d-----w c:\program files\SEGA

2008-11-30 00:39 --------- d-----w c:\program files\ScanSoft

2008-11-30 00:39 --------- d-----w c:\program files\Sanny Builder 3

2008-11-30 00:39 --------- d-----w c:\program files\San Andreas Mod Installer

2008-11-30 00:39 --------- d-----w c:\program files\Samsung

2008-11-30 00:39 --------- d-----w c:\program files\Roxio

2008-11-30 00:38 --------- d-----w c:\program files\Rockstar Games

2008-11-30 00:38 --------- d-----w c:\program files\Reallusion

2008-11-30 00:38 --------- d-----w c:\program files\QuickTime

2008-11-30 00:38 --------- d-----w c:\program files\PowerISO

2008-11-30 00:38 --------- d-----w c:\program files\PortTrigger

2008-11-30 00:38 --------- d-----w c:\program files\PES 2009

2008-11-30 00:38 --------- d-----w c:\program files\Pegasys Inc

2008-11-30 00:38 --------- d-----w c:\program files\Participatory Culture Foundation

2008-11-30 00:38 --------- d-----w c:\program files\OpenOffice.org 2.4

2008-11-30 00:36 --------- d-----w c:\program files\gPotato

2008-11-30 00:34 --------- d-----w c:\program files\Google Earth Pro 4.2

2008-11-30 00:34 --------- d-----w c:\program files\Google

2008-11-30 00:34 --------- d-----w c:\program files\Folder Lock

2008-11-30 00:34 --------- d-----w c:\program files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter

2008-11-30 00:34 --------- d-----w c:\program files\FireTrust

2008-11-30 00:34 --------- d-----w c:\program files\FIFA09

2008-11-30 00:33 --------- d-----w c:\program files\EZ Boosters

2008-11-30 00:32 --------- d-----w c:\program files\EA Sports

2008-11-30 00:32 --------- d-----w c:\program files\EA GAMES

2008-11-30 00:32 --------- d-----w c:\program files\DVDVideoSoft

2008-11-30 00:32 --------- d-----w c:\program files\dvdSanta

2008-11-30 00:32 --------- d-----w c:\program files\DNA

2008-11-30 00:31 --------- d-----w c:\program files\Disney Interactive

2008-11-30 00:31 --------- d-----w c:\program files\Digital Line Detect

2008-11-30 00:31 --------- d-----w c:\program files\Desktop Graffitist

2008-11-30 00:31 --------- d-----w c:\program files\Dell Support Center

2008-11-30 00:30 --------- d-----w c:\program files\Dell

2008-11-30 00:30 --------- d-----w c:\program files\DAMN NFO Viewer

2008-11-30 00:30 --------- d-----w c:\program files\DAEMON Tools Lite

2008-11-30 00:30 --------- d-----w c:\program files\CyberLink

2008-11-30 00:30 --------- d-----w c:\program files\Creative Live! Cam

2008-11-30 00:30 --------- d-----w c:\program files\Creative

2008-11-30 00:28 --------- d-----w c:\program files\Belgacom

2008-11-30 00:28 --------- d-----w c:\program files\Apple Software Update

2008-11-30 00:28 --------- d-----w c:\program files\Alwil Software

2008-11-30 00:28 --------- d-----w c:\program files\Activision

2008-11-30 00:27 --------- d-----w c:\program files\Accessories

2008-10-26 11:03 59,488 ----a-w c:\windows\System32\GenSvcInst.exe

2008-10-26 11:03 145,504 ----a-w c:\windows\System32\bgsvcgen.exe

2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll

2008-09-18 00:40 42,320 ----a-w c:\windows\System32\xfcodec.dll

2008-09-02 15:06 24 ----a-w c:\users\Sofian\jagex_runescape_preferences.dat

2008-05-18 09:28 0 ----a-w c:\users\Sofian\AppData\Roaming\wklnhst.dat

2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini

2008-04-15 23:28 76 --sha-w c:\windows\CT4CET.bin

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]

"VoipBuster"="c:\program files\VoipBuster.com\VoipBuster\voipbuster.exe" [2008-11-24 9017648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 133656]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]

"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"Belgacom"="c:\program files\Belgacom\bin\sprtcmd.exe" [2008-05-29 202016]

"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]

"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

"DeStatusMon"="c:\program files\Dell\MFP_DELL\deDvcStatus.exe" [2007-06-28 286720]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-13 16384]

"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-01-18 17920]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]

"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-01-11 101136]

"MSConfig"="c:\windows\System32\msconfig.exe" [2006-11-02 222208]

"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-03-12 79400]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]

"WebcamMaxMoniter"="c:\program files\WebcamMax\wcmmon.exe" [2007-09-16 450048]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-03-21 478800]

c:\users\Sofian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 2.4 .lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 703280]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-04-16 50688]

QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-09-07 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-991331777-2378318461-4560006-1000]

"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"UDP Query User{5CC58DDD-6000-4FB3-A854-7241EBE4C5CB}c:\\program files\\disney interactive\\treasure planet battle at procyon\\tp_game\\tp_win32.exe"= TCP:c:\program files\disney interactive\treasure planet battle at procyon\tp_game\tp_win32.exe:TP_Win32

"TCP Query User{54834E1A-4F46-47D1-91AA-6AFB388A49A3}c:\\program files\\disney interactive\\treasure planet battle at procyon\\tp_game\\tp_win32.exe"= UDP:c:\program files\disney interactive\treasure planet battle at procyon\tp_game\tp_win32.exe:TP_Win32

"UDP Query User{A3111D06-F8A6-4033-9D01-E0865EAEB4D9}c:\\program files\\valve\\counter-strike source\\hl2.exe"= TCP:c:\program files\valve\counter-strike source\hl2.exe:hl2

"TCP Query User{9293FB58-0420-4115-A49E-A2976C1B3564}c:\\program files\\valve\\counter-strike source\\hl2.exe"= UDP:c:\program files\valve\counter-strike source\hl2.exe:hl2

"{D346D765-9524-49F4-BDED-DDB16AE73879}"= TCP:c:\windows\System32\mqsvc.exe:Message Queuing

"{45A90E50-5152-4959-8E7F-7E7EF4F7424A}"= UDP:c:\windows\System32\mqsvc.exe:Message Queuing

"{1D9069E9-375D-44A0-9CC2-400255F8CE78}"= TCP:c:\windows\System32\mqsvc.exe:Message Queuing

"{63477523-E780-4425-82C0-55FFAA497F10}"= UDP:c:\windows\System32\mqsvc.exe:Message Queuing

"UDP Query User{1C7BFDF9-B75E-43EC-B6BB-E8A9D0B7D71D}c:\\program files\\dna\\btdna.exe"= TCP:c:\program files\dna\btdna.exe:DNA

"TCP Query User{3CA1B8DB-15AF-4500-8464-89652E56CCDD}c:\\program files\\dna\\btdna.exe"= UDP:c:\program files\dna\btdna.exe:DNA

"{ED40C921-0241-41BA-9728-57E557C93C9E}"= TCP:c:\program files\PES 2009\pes2009.exe:Pro Evolution Soccer 2009

"{D2FCE9FF-BA9C-4637-81C6-5E482A64F5AE}"= UDP:c:\program files\PES 2009\pes2009.exe:Pro Evolution Soccer 2009

"{6B4496AF-FC00-4791-BFBA-2A8BBB254869}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"UDP Query User{E5B9A067-7D56-4164-962D-4FC016F75802}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{FFE6709D-E020-4886-8070-432D9ADD0FAE}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{3245B40A-F081-4386-8E3A-2289A2C6614F}c:\\program files\\counter-strike 1.6\\hlds.exe"= TCP:c:\program files\counter-strike 1.6\hlds.exe:HLDS Launcher

"TCP Query User{C96B2973-710E-48B9-A8F9-B91A6F5DCC36}c:\\program files\\counter-strike 1.6\\hlds.exe"= UDP:c:\program files\counter-strike 1.6\hlds.exe:HLDS Launcher

"UDP Query User{E51EBB21-CF5E-4D83-9AA2-2D8C282E9AC6}c:\\program files\\counter-strike 1.6\\hl.exe"= TCP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher

"TCP Query User{3656B3D5-B7C1-45B2-998F-56B20C9E9581}c:\\program files\\counter-strike 1.6\\hl.exe"= UDP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher

"UDP Query User{2879B1FB-70EE-47C4-8654-8A1DC1DF0DFD}c:\\program files\\sega\\iron man\\ironman.exe"= TCP:c:\program files\sega\iron man\ironman.exe:A2M Game Engine

"TCP Query User{9A526FB3-485C-4E94-B333-92CE71217FED}c:\\program files\\sega\\iron man\\ironman.exe"= UDP:c:\program files\sega\iron man\ironman.exe:A2M Game Engine

"UDP Query User{514D414F-BEC6-4BEF-9EE9-7E68D1A05CEF}c:\\users\\sofian\\appdata\\roaming\\mozilla\\firefox\\profiles\\yo9qwklf.default\\extensions\\solidstateion@solidstatenetworks.com\\plugins\\solidnm.exe"= TCP:c:\users\sofian\appdata\roaming\mozilla\firefox\profiles\yo9qwklf.default\extensions\solidstateion@solidstatenetworks.com\plugins\solidnm.exe:solidnm.exe

"TCP Query User{55A58C11-6386-4375-88C1-005F988E9E3D}c:\\users\\sofian\\appdata\\roaming\\mozilla\\firefox\\profiles\\yo9qwklf.default\\extensions\\solidstateion@solidstatenetworks.com\\plugins\\solidnm.exe"= UDP:c:\users\sofian\appdata\roaming\mozilla\firefox\profiles\yo9qwklf.default\extensions\solidstateion@solidstatenetworks.com\plugins\solidnm.exe:solidnm.exe

"UDP Query User{8CF5866F-A838-4FB1-A9C1-8938F237C422}c:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= TCP:c:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon

"TCP Query User{989B7C13-1290-44EF-9FBC-842CA0D14D81}c:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= UDP:c:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon

"UDP Query User{A5EB80E9-95C2-46DA-A037-73A2764FAC35}c:\\program files\\fifa09\\fifa09.exe"= TCP:c:\program files\fifa09\fifa09.exe:FIFA09

"TCP Query User{FD7024AD-BD7F-4F6E-9614-16B288759DAC}c:\\program files\\fifa09\\fifa09.exe"= UDP:c:\program files\fifa09\fifa09.exe:FIFA09

"{238E3750-1BF9-4C39-91C5-2FE52CB02AB9}"= TCP:c:\users\Sofian\AppData\Local\Temp\IXP000.TMP\pes2009.exe:Pro Evolution Soccer 2009

"{2D0DFF56-FE02-46CA-B338-8A03C162B8CD}"= UDP:c:\users\Sofian\AppData\Local\Temp\IXP000.TMP\pes2009.exe:Pro Evolution Soccer 2009

"{5A873637-D304-44AD-B6B7-D92CAC9CB7A7}"= TCP:c:\program files\PES 2009\pes2009.exe:Pro Evolution Soccer 2009

"{71F6CAC2-2793-4B81-9419-D0E6CDE27018}"= UDP:c:\program files\PES 2009\pes2009.exe:Pro Evolution Soccer 2009

"UDP Query User{3BA73912-EFBC-445F-9FED-48D4C32F0E70}c:\\users\\sofian\\program files\\dna\\btdna.exe"= TCP:c:\users\sofian\program files\dna\btdna.exe:btdna.exe

"TCP Query User{B16AEDBA-9399-48CB-9528-0E76A6C6EBAB}c:\\users\\sofian\\program files\\dna\\btdna.exe"= UDP:c:\users\sofian\program files\dna\btdna.exe:btdna.exe

"UDP Query User{56B32E8E-6D7C-4E4D-BEAA-4143D683FA87}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent

"TCP Query User{7C790108-0887-4C66-AAA4-242BC76667BC}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent

"{FB7012F6-A0C8-4829-841C-5485A6D7DD44}"= UDP:443:Utorrent

"UDP Query User{4BA4EECA-D8F9-4C97-B7B4-0EA7AEFDB223}c:\\users\\sofian\\program files\\dna\\btdna.exe"= TCP:c:\users\sofian\program files\dna\btdna.exe:btdna.exe

"TCP Query User{961E0236-D718-46B2-A522-505DBFF4766D}c:\\users\\sofian\\program files\\dna\\btdna.exe"= UDP:c:\users\sofian\program files\dna\btdna.exe:btdna.exe

"UDP Query User{0C2368A4-D8F1-4A43-9E5A-720E391B0D21}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent

"TCP Query User{2EBC57E7-8E14-4963-84BC-D5B70D7B3084}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent

"UDP Query User{CC6F7951-1541-4A49-B98E-6908AD7BC79B}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus

"TCP Query User{657A9266-4CFF-48EC-841D-F69665BBED93}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus

"UDP Query User{6BFA36F6-AD9B-49D6-B501-B2A139A00C84}c:\\program files\\rockstar games\\gta san andreas\\samp server\\samp-server.exe"= TCP:c:\program files\rockstar games\gta san andreas\samp server\samp-server.exe:samp-server

"TCP Query User{D8D696A3-E7E5-469F-B882-07C23402EDDF}c:\\program files\\rockstar games\\gta san andreas\\samp server\\samp-server.exe"= UDP:c:\program files\rockstar games\gta san andreas\samp server\samp-server.exe:samp-server

"UDP Query User{AC851BC4-9C86-4F06-8029-6C6050F73632}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire

"TCP Query User{160A1F8E-75C0-4671-B13D-59C5ABD16251}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire

"UDP Query User{D29620AC-3F93-49AA-B939-DFDCF0B35107}c:\\program files\\voipbuster.com\\voipbuster\\voipbuster.exe"= TCP:c:\program files\voipbuster.com\voipbuster\voipbuster.exe:Client to make VoIP calls.

"TCP Query User{2F1BC6CC-18FB-4243-87D2-2C9B93CAEAFF}c:\\program files\\voipbuster.com\\voipbuster\\voipbuster.exe"= UDP:c:\program files\voipbuster.com\voipbuster\voipbuster.exe:Client to make VoIP calls.

"UDP Query User{474CF4C1-C100-466E-B971-BD205B60E352}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex00.814\\gtarumbleserver.exe"= TCP:c:\users\sofian\appdata\local\temp\rar$ex00.814\gtarumbleserver.exe:gtarumbleserver.exe

"TCP Query User{94D1A7BD-96D7-4473-8B89-8A4238224449}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex00.814\\gtarumbleserver.exe"= UDP:c:\users\sofian\appdata\local\temp\rar$ex00.814\gtarumbleserver.exe:gtarumbleserver.exe

"UDP Query User{646FBDC6-C40B-444A-B597-427E6A6E7A80}c:\\program files\\participatory culture foundation\\miro\\xulrunner\\python\\miro_downloader.exe"= TCP:c:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe:Miro_Downloader

"TCP Query User{A83BBA09-E270-48AB-879E-DE2A1FBD94E4}c:\\program files\\participatory culture foundation\\miro\\xulrunner\\python\\miro_downloader.exe"= UDP:c:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe:Miro_Downloader

"{59D77588-33BF-4B97-B10A-4897EB53AFE0}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{803E39F7-78B8-4684-99C0-0C2CB8BD4CFC}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"UDP Query User{21CC4C73-8569-45EE-997D-124B256FAAEA}c:\\users\\sofian\\appdata\\locallow\\powerchallenge\\powersoccer\\powersoccer.exe"= Disabled:TCP:c:\users\sofian\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe:powersoccer.exe

"TCP Query User{22196733-FEDE-4DA5-83FC-DACF7CC96061}c:\\users\\sofian\\appdata\\locallow\\powerchallenge\\powersoccer\\powersoccer.exe"= UDP:c:\users\sofian\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe:powersoccer.exe

"UDP Query User{DEC548EE-2047-4C50-8BFF-CDAC46870652}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex35.8289\\patch.exe"= Disabled:TCP:c:\users\sofian\appdata\local\temp\rar$ex35.8289\patch.exe:patch.exe

"TCP Query User{3614CF16-7F8A-4004-8E05-3F400E4B5E3E}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex35.8289\\patch.exe"= Disabled:UDP:c:\users\sofian\appdata\local\temp\rar$ex35.8289\patch.exe:patch.exe

"UDP Query User{F18437DC-9F41-4383-9AD6-C1A60988DDCC}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex13.6771\\patch.exe"= Disabled:TCP:c:\users\sofian\appdata\local\temp\rar$ex13.6771\patch.exe:patch.exe

"TCP Query User{224A609B-63B2-467B-912D-A681AE74AD6E}c:\\users\\sofian\\appdata\\local\\temp\\rar$ex13.6771\\patch.exe"= Disabled:UDP:c:\users\sofian\appdata\local\temp\rar$ex13.6771\patch.exe:patch.exe

"UDP Query User{C0E29B39-C25C-4FEF-A656-39E7F33E74BD}c:\\program files\\sega\\iron man\\ironman.exe"= TCP:c:\program files\sega\iron man\ironman.exe:A2M Game Engine

"TCP Query User{8437116C-045A-4735-BA3A-C780755848AF}c:\\program files\\sega\\iron man\\ironman.exe"= UDP:c:\program files\sega\iron man\ironman.exe:A2M Game Engine

"UDP Query User{8CE7B374-7E44-412D-B4E4-D6AA7886F43F}c:\\program files\\mta san andreas\\server\\mta server.exe"= TCP:c:\program files\mta san andreas\server\mta server.exe:MTA Server

"TCP Query User{B36A7935-97DA-4F7A-AB71-CDBCFECAF281}c:\\program files\\mta san andreas\\server\\mta server.exe"= UDP:c:\program files\mta san andreas\server\mta server.exe:MTA Server

"{F2923331-22E1-4E05-8FD4-EED852780340}"= TCP:c:\program files\Hide IP Platinum\hideippla.exe:Hide IP Platinum

"{A645F9A2-9908-4313-8B14-70924656A8B9}"= UDP:c:\program files\Hide IP Platinum\hideippla.exe:Hide IP Platinum

"UDP Query User{324774FA-B894-4D94-962F-0FA0D38BCBBE}c:\\program files\\ea sports\\fifa 08\\fifa08.exe"= TCP:c:\program files\ea sports\fifa 08\fifa08.exe:FIFA08

"TCP Query User{0103AA03-8BA7-4D39-99CA-4EB76E0F2FDB}c:\\program files\\ea sports\\fifa 08\\fifa08.exe"= UDP:c:\program files\ea sports\fifa 08\fifa08.exe:FIFA08

"UDP Query User{D591E3CB-061E-47F3-A798-60851B935FFC}c:\\program files\\ea games\\need for speed most wanted\\speed.exe"= TCP:c:\program files\ea games\need for speed most wanted\speed.exe:speed

"TCP Query User{D8034389-8DA4-4336-9F4F-05DC5D6D933C}c:\\program files\\ea games\\need for speed most wanted\\speed.exe"= UDP:c:\program files\ea games\need for speed most wanted\speed.exe:speed

"UDP Query User{27CA4F2C-F4A8-4CCB-B37A-58D91CDA187B}c:\\windows\\system32\\zonelabs\\vsmon.exe"= TCP:c:\windows\system32\zonelabs\vsmon.exe:TrueVector Service

"TCP Query User{09B71C24-C278-4CEE-A07D-A85FAC53D66F}c:\\windows\\system32\\zonelabs\\vsmon.exe"= UDP:c:\windows\system32\zonelabs\vsmon.exe:TrueVector Service

"{A694356B-DCE6-46B4-81C9-7F1BF6E8D0BD}"= TCP:c:\program files\Anyplace Control 4\apc_host.exe:Anyplace Control - Host Module

"{D6E0B432-B38F-4604-9C66-E8DBD0D26D85}"= UDP:c:\program files\Anyplace Control 4\apc_host.exe:Anyplace Control - Host Module

"UDP Query User{081DF3A1-A737-4B1A-8E2F-3ED3191946D9}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC

"TCP Query User{74E35358-40CC-48B1-8254-B8B0DE21EC20}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC

"UDP Query User{9E78BC5B-6B79-4A83-B420-F4FFC1C824B9}c:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= TCP:c:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon

"TCP Query User{3A67AA1E-2903-46CF-AFB3-13EDE809CC1C}c:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= UDP:c:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon

"UDP Query User{3E3F2425-7523-4869-BF0B-948EE453792B}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{1E068C53-2CF4-45B3-B8D6-D5D2C758CC47}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox

"{A60A5777-3712-4781-909A-E562EC13F6AB}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent

"{1850859D-E62C-4D16-A780-4968346CA9C4}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent

"UDP Query User{E7EDA855-37AB-4B36-8022-BACE3FC8ADA0}c:\\program files\\disney interactive\\treasure planet battle at procyon\\tp_game\\tp_win32.exe"= TCP:c:\program files\disney interactive\treasure planet battle at procyon\tp_game\tp_win32.exe:tp_win32

"TCP Query User{B233138C-50A1-4A52-A313-9863D95F0E53}c:\\program files\\disney interactive\\treasure planet battle at procyon\\tp_game\\tp_win32.exe"= UDP:c:\program files\disney interactive\treasure planet battle at procyon\tp_game\tp_win32.exe:tp_win32

"{44532AF2-7C13-40D8-9DD2-BD9B00FAC573}"= TCP:c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe:VoipBuster

"{CD223108-C909-4C5F-A619-812D6AD86666}"= UDP:c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe:VoipBuster

"{9AC21C58-6565-4B09-A236-1C6E53E234D8}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{11B576E1-B887-47A7-A55D-9EDD18EFE2C6}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire

"{F8E3F7D3-F590-4016-9007-3EAE21EAA446}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire

"{369C3E79-E41A-44B4-A978-2B93CFF0CE3C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{DDB069C9-E320-4264-9A6D-6EC50BF098F3}"= TCP:c:\users\Sofian\Program Files\uTorrent\uTorrent.exe:µTorrent

"{3522FAAA-E7CC-4D52-8A11-379115C6D72E}"= UDP:c:\users\Sofian\Program Files\uTorrent\uTorrent.exe:µTorrent

"{C54D7D3B-57AF-4522-89AA-159E577773D0}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server

"{3DB6E3AB-1D74-4F00-A772-795E4A26D6D8}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine

"{3CABAA43-9F86-4D02-AB76-8FE8F562D6AD}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program

"{D874EB75-B187-4F66-9E24-8BDB71152578}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect

"{B47A655A-053C-4B47-BC89-646ACA1D9DF1}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{149CA782-81E2-49E4-B14A-D23BCA105DAC}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{AEC7333B-4641-4907-A68C-64304FC929E1}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{6F77D1F2-B3BB-40F5-B0CC-1A129BBEBB37}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"TCP Query User{98FAEA70-FFDF-4465-9FED-0D9E424E96CC}c:\\program files\\rainbow six vegas\\binaries\\r6vegas2_game.exe"= UDP:c:\program files\rainbow six vegas\binaries\r6vegas2_game.exe:R6Vegas2_Game

"UDP Query User{06AF7056-339E-4B4B-ACED-28D9AED1B00A}c:\\program files\\rainbow six vegas\\binaries\\r6vegas2_game.exe"= TCP:c:\program files\rainbow six vegas\binaries\r6vegas2_game.exe:R6Vegas2_Game

"{A72FA228-4027-4C09-9E5D-16CCCADDE895}"= UDP:27015:cs

"{6F58EE41-EE56-466A-811E-B91231C6B098}"= TCP:27015:cs2

"TCP Query User{89D619DA-8462-47D2-B87A-F65465542D13}c:\\program files\\ea games\\need for speed most wanted\\speed.exe"= UDP:c:\program files\ea games\need for speed most wanted\speed.exe:speed

"UDP Query User{81D927CC-9991-4D31-BA21-F5D597770B4C}c:\\program files\\ea games\\need for speed most wanted\\speed.exe"= TCP:c:\program files\ea games\need for speed most wanted\speed.exe:speed

"TCP Query User{CF28231D-A4AB-4EC6-A8A1-3435FEDA5975}c:\\program files\\free download manager\\fdm.exe"= UDP:c:\program files\free download manager\fdm.exe:Free Download Manager

"UDP Query User{467F41AF-99A6-455D-B1B2-CE2308C3AE3D}c:\\program files\\free download manager\\fdm.exe"= TCP:c:\program files\free download manager\fdm.exe:Free Download Manager

"TCP Query User{8A7D27FA-DA13-49A0-A28C-6CEA99A48ED0}c:\\program files\\electronic arts\\need for speed prostreet\\online\\bombd.exe"= UDP:c:\program files\electronic arts\need for speed prostreet\online\bombd.exe:bombd

"UDP Query User{1AFCE24B-B976-41BB-8277-5EF44F459ADD}c:\\program files\\electronic arts\\need for speed prostreet\\online\\bombd.exe"= TCP:c:\program files\electronic arts\need for speed prostreet\online\bombd.exe:bombd

"TCP Query User{B8B3C1A0-DAAC-4EE9-A6F9-64EAF9419DE5}c:\\program files\\midnight club 2\\mc2.exe"= UDP:c:\program files\midnight club 2\mc2.exe:mc2

"UDP Query User{6A29C6CE-3831-4646-B400-5F783BCAEACD}c:\\program files\\midnight club 2\\mc2.exe"= TCP:c:\program files\midnight club 2\mc2.exe:mc2

"{B9BC18A5-EFE4-46EB-AC93-72A2B6F801D7}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Configurable\System]

"Rip-Listener-1"= TCP:520|%SystemRoot%\System32\svchost.exe|Svc=iprip:@iprip.dll,-200|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

"SNMP-1"= TCP:%SystemRoot%\system32\snmp.exe|Svc=SNMP:@%SystemRoot%\system32\snmp.exe,-5|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-30 111184]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-04-16 73728]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-30 20560]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-11-30 51792]

R2 CamthWDM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\CamthWDM.sys [2008-11-30 935936]

R2 deMntrService;Dell AIO Center Service;"c:\program files\Dell\MFP_DELL\deMntrService.exe" [2007-06-28 131072]

R2 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);c:\program files\Belgacom\bin\sprtsvc.exe /service /p belgacom []

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-11-30 111616]

R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\DRIVERS\OEM02Dev.sys [2008-11-30 235648]

R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\DRIVERS\OEM02Vfx.sys [2008-11-30 7424]

S3 DESVUSB;Dell service driver;c:\windows\system32\DRIVERS\desrvusb.sys [2008-11-30 17536]

S3 WMSvc;Web Management-service;c:\windows\system32\inetsrv\wmsvc.exe [2006-11-02 10752]

S4 Anyplace Control Security;Anyplace Control Security;c:\windows\svcadmin.exe /service [2008-04-24 104960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LPDService REG_MULTI_SZ LPDSVC

rsmsvcs REG_MULTI_SZ ntmssvc

ipripsvc REG_MULTI_SZ iprip

bthsvcs REG_MULTI_SZ BthServ

.

Inhoud van de 'Gedeelde Taken' map

2008-12-09 c:\windows\Tasks\1-Click Maintenance.job

- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 14:24]

.

- - - - ORPHANS VERWIJDERD - - - -

MSConfigStartUp-MSSMSGS - winlft32.rom

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/ig/dell?hl=nl&client=dell-row&channel=be&ibd=0080416

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

c:\windows\Downloaded Program Files\sysreqlab_srl.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}

hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab

c:\windows\Downloaded Program Files\sysreqlab.osd

c:\windows\Downloaded Program Files\GoPetsWeb.ocx - O16 -: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8}

hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab

c:\windows\Downloaded Program Files\GoPetsWeb.inf

FireFox -: Profile - c:\users\Sofian\AppData\Roaming\Mozilla\Firefox\Profiles\yo9qwklf.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FireFox -: prefs.js - STARTUP.HOMEPAGE - about:blank

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-09 17:59:24

Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

c:\windows\TEMP\TMP00000044F88D48E8718CB0EC

Scan succesvol afgerond

verborgen bestanden: 1

**************************************************************************

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\System32\audiodg.exe

c:\program files\Lavasoft\Ad-Aware\aawservice.exe

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\windows\System32\bgsvcgen.exe

c:\windows\System32\CISVC.EXE

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

c:\windows\System32\PSIService.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\windows\System32\TCPSVCS.EXE

c:\windows\System32\snmp.exe

c:\program files\Belgacom\bin\sprtsvc.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\windows\System32\drivers\XAudio.exe

c:\program files\Alwil Software\Avast4\ashMaiSv.exe

c:\program files\Alwil Software\Avast4\ashWebSv.exe

c:\windows\System32\conime.exe

c:\windows\System32\igfxsrvc.exe

c:\program files\Alwil Software\Avast4\ashDisp.exe

c:\windows\System32\wbem\unsecapp.exe

c:\program files\OpenOffice.org 2.4\program\soffice.exe

c:\windows\ehome\ehmsas.exe

c:\program files\OpenOffice.org 2.4\program\soffice.bin

c:\program files\DellTPad\ApMsgFwd.exe

c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe

c:\program files\DellTPad\hidfind.exe

c:\program files\DellTPad\ApntEx.exe

c:\windows\System32\dllhost.exe

.

**************************************************************************

.

Voltooingstijd: 2008-12-09 18:03:39 - machine werd herstart

ComboFix-quarantined-files.txt 2008-12-09 17:03:35

Pre-Run: 98.489.737.216 bytes beschikbaar

Post-Run: 98,407,874,560 bytes beschikbaar

495

Link naar reactie
Delen op andere sites

Het besmette bestand is inderdaad opgeruimd. Maar dit moet je nog wel even doen om alle resten te verwijderen :

Verwijder Combofix: Start -> Uitvoeren en typ: combofix /u

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Download CCleaner.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Opschonen'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

Je Java software is verouderd.

Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.

Download Java Runtime Environment (JRE) 6u11 naar je Bureaublad

Sluit alle programma's die eventueel open zijn - Zeker je web browser!

  • Ga dan naar Start> Configuratiescherm> Software en verwijder alle oudere versies van Java uit de Softwarelijst.
  • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
  • Klik dan op Verwijderenof op de Wijzig/Verwijderknop.
  • Herhaal dit tot alle oudere versies verdwenen zijn.
  • Na het verwijderen van alle oudere versies, herstart je pc.
  • Dubbelklik vervolgens op jre-6u11-windows-i586-p.s.exeop je Bureaublad om de nieuwste versie van Java te installeren.

That’s it !

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen

×
×
  • Nieuwe aanmaken...