[OPGELOST] het venster hulprogramma voor systeemconfiguratie"

[Erwtje69]

ComboFix 09-02-21.01 - Erwtje 2009-02-23 18:39:51.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.2048.1403 [GMT 1:00]

Gestart vanuit: m:\mijn setup's\ComboFix.exe

AV: avast! antivirus 4.8.1335 [VPS 090223-0] *On-access scanning disabled* (Updated)

AV: Trend Micro Internet Security *On-access scanning disabled* (Updated)

FW: COMODO Firewall Pro *disabled*

FW: Trend Micro Personal Firewall *disabled*

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Erwtje\Application Data\inst.exe

c:\windows\system32\tmp.reg

L:\Autorun.inf

M:\Autorun.inf

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-01-23 to 2009-02-23 ))))))))))))))))))))))))))))))

.

2009-02-23 16:14 . 2009-02-23 16:14 <DIR> d-------- c:\windows\system32\beidpp

2009-02-23 16:14 . 2009-02-23 16:14 <DIR> d-------- c:\program files\Belgium Identity Card

2009-02-23 15:55 . 2009-02-23 17:33 <DIR> d--hs---- c:\documents and settings\Erwtje\Onlangs geopend

2009-02-23 14:29 . 2009-02-23 14:29 <DIR> d-------- c:\program files\Uniblue

2009-02-23 14:29 . 2009-02-23 14:29 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{38E672D5-1F19-4A24-BA49-04BE4A4DBCAE}

2009-02-22 18:32 . 2009-02-22 18:32 <DIR> d-------- c:\documents and settings\Erwtje\Bluetooth Software

2009-02-22 18:19 . 2007-03-31 06:02 876,384 --a------ c:\windows\system32\drivers\btkrnl.sys

2009-02-22 18:19 . 2007-03-23 03:49 539,072 --a------ c:\windows\system32\drivers\btaudio.sys

2009-02-22 18:19 . 2007-03-23 03:50 149,123 --a------ c:\windows\system32\drivers\btwdndis.sys

2009-02-22 18:19 . 2007-03-31 06:02 55,352 --a------ c:\windows\system32\drivers\btwhid.sys

2009-02-22 18:19 . 2007-03-23 03:50 37,424 --a------ c:\windows\system32\drivers\btport.sys

2009-02-22 18:08 . 2007-03-23 03:50 106,557 -ra------ c:\windows\system32\btw_ci.dll

2009-02-22 18:08 . 2007-03-23 03:50 67,960 --a------ c:\windows\system32\drivers\btwusb.sys

2009-02-22 00:58 . 2009-02-22 00:58 <DIR> d-------- c:\program files\WIDCOMM

2009-02-21 16:42 . 2009-02-21 16:42 <DIR> d-------- c:\documents and settings\Erwtje\Application Data\Ashampoo

2009-02-21 16:27 . 2009-02-21 16:27 103,424 --a------ c:\windows\system32\PowerUp3_nat.dll

2009-02-20 22:06 . 2009-02-20 22:07 <DIR> d-------- c:\program files\PDFCreator

2009-02-20 22:06 . 2001-10-28 17:42 116,224 --a------ c:\windows\system32\pdfcmnnt.dll

2009-02-20 21:50 . 2006-11-30 22:24 86,016 --a------ c:\windows\system32\custmon32.dll

2009-02-20 20:44 . 2009-02-20 20:44 <DIR> d--h----- c:\windows\system32\CanonMP Uninstaller Information

2009-02-20 20:43 . 2009-02-20 20:43 <DIR> d--h----- C:\CanonMP

2009-02-19 17:37 . 2009-02-19 17:37 <DIR> d--h----- c:\documents and settings\All Users\Application Data\CanonBJ

2009-02-18 21:14 . 2009-02-18 21:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\pdf995

2009-02-18 21:14 . 2009-02-18 21:21 249,856 --a------ c:\windows\system32\pdfmona.dll

2009-02-18 21:14 . 2009-02-18 21:21 51,716 --a------ c:\windows\system32\pdf995mon.dll

2009-02-18 21:14 . 2009-02-18 21:21 25 --a------ c:\windows\wpd99.drv

2009-02-18 21:13 . 2009-02-20 21:09 <DIR> d-------- C:\pdf995

2009-02-15 18:07 . 2009-02-15 18:07 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition

2009-02-15 17:05 . 2009-02-15 17:05 126 --a------ c:\windows\system32\{BDA126A1-7D91-4638-B52F-49D9E6F6F87E}.dat

2009-02-15 16:03 . 2009-02-20 20:51 0 --a------ c:\windows\system32\PDFtypewriter

2009-02-15 14:26 . 2009-02-15 14:26 <DIR> d-------- c:\documents and settings\Erwtje\Application Data\CTdeveloping

2009-02-15 14:26 . 2009-02-15 14:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\CTdeveloping

2009-02-14 17:25 . 2009-02-14 17:25 <DIR> d-------- c:\documents and settings\Erwtje\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2009-02-14 17:14 . 2009-02-20 21:59 <DIR> d-------- c:\program files\Capsoft

2009-02-14 16:10 . 2009-02-14 16:10 <DIR> d-------- C:\MIR

2009-02-14 14:44 . 2009-02-14 14:44 <DIR> d-------- c:\program files\Multiple Image Resizer .NET

2009-02-12 00:11 . 2008-05-02 14:30 465,920 --------- c:\windows\system32\imapi2fs.dll

2009-02-12 00:11 . 2008-05-02 14:30 465,920 -----c--- c:\windows\system32\dllcache\imapi2fs.dll

2009-02-12 00:11 . 2008-05-02 14:30 317,952 --------- c:\windows\system32\imapi2.dll

2009-02-12 00:11 . 2008-05-02 14:30 317,952 -----c--- c:\windows\system32\dllcache\imapi2.dll

2009-02-12 00:11 . 2008-05-02 11:49 62,976 -----c--- c:\windows\system32\dllcache\cdrom.sys

2009-02-12 00:10 . 2008-04-17 05:59 407,040 -----c--- c:\windows\system32\dllcache\netlogon.dll

2009-02-12 00:10 . 2008-04-17 05:59 344,576 -----c--- c:\windows\system32\dllcache\localspl.dll

2009-02-12 00:10 . 2008-04-17 05:59 176,128 -----c--- c:\windows\system32\dllcache\w32time.dll

2009-02-12 00:10 . 2008-04-17 05:59 134,144 -----c--- c:\windows\system32\dllcache\wkssvc.dll

2009-02-12 00:10 . 2008-05-05 12:07 132,608 -----c--- c:\windows\system32\dllcache\msv1_0.dll

2009-02-12 00:10 . 2008-04-17 05:59 113,664 -----c--- c:\windows\system32\dllcache\dsuiext.dll

2009-02-12 00:10 . 2008-04-17 05:59 68,096 -----c--- c:\windows\system32\dllcache\ntdsapi.dll

2009-02-12 00:07 . 2009-02-12 00:07 <DIR> d-------- c:\program files\Dir2File

2009-02-12 00:06 . 2004-12-09 08:17 61,440 --a------ c:\windows\ContextMenuExt.dll

2009-02-12 00:05 . 2007-07-10 20:27 40,960 --a------ c:\windows\system32\SSUBTMR6.DLL

2009-02-11 23:50 . 2007-10-07 11:27 10,752 --a------ c:\windows\system32\aamd532.dll

2009-02-07 18:04 . 2009-02-07 18:04 <DIR> d-------- c:\documents and settings\Erwtje\Application Data\Kodak

2009-02-07 18:03 . 2009-02-07 18:03 <DIR> d-------- c:\program files\Kodak

2009-02-06 20:35 . 2009-02-06 20:35 <DIR> d-------- c:\program files\BatchPhoto

2009-02-04 23:16 . 2009-02-04 23:17 <DIR> d-------- c:\program files\Photobie

2009-02-02 13:31 . 2009-02-02 13:31 360,448 --a------ c:\windows\system32\beid35applayer.dll

2009-02-02 13:31 . 2009-02-02 13:31 86,016 --a------ c:\windows\system32\Belgium Identity Card PKCS11.dll

2009-02-02 13:31 . 2009-02-02 13:31 86,016 --a------ c:\windows\system32\beidpkcs11.dll

2009-02-02 13:31 . 2009-02-02 13:31 69,632 --a------ c:\windows\system32\beidCSPlib.dll

2009-02-02 13:30 . 2009-02-02 13:30 262,144 --a------ c:\windows\system32\beid35DlgsWin32.dll

2009-02-02 13:30 . 2009-02-02 13:30 192,512 --a------ c:\windows\system32\beid35cardlayer.dll

2009-02-02 13:30 . 2009-02-02 13:30 122,880 --a------ c:\windows\system32\beid35common.dll

2009-02-02 13:29 . 2009-02-02 13:29 200,704 --a------ c:\windows\system32\eidlib.dll

2009-02-02 13:29 . 2009-02-02 13:29 200,704 --a------ c:\windows\system32\beidlib.dll

2009-01-24 00:21 . 2009-01-24 00:21 <DIR> d-------- c:\program files\CDBurnerXP

2009-01-24 00:21 . 2009-01-24 00:21 <DIR> d-------- c:\documents and settings\Erwtje\Application Data\Canneverbe_Limited

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-23 17:37 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2009-02-23 15:17 0 ----a-w c:\windows\system32\drivers\lvuvc.hs

2009-02-23 15:17 0 ----a-w c:\windows\system32\drivers\logiflt.iad

2009-02-23 15:13 33,536 ----a-w c:\windows\system32\drivers\a38usb.sys

2009-02-23 15:13 110,592 ----a-w c:\windows\system32\usbr38.dll

2009-02-23 13:32 --------- d-----w c:\documents and settings\Erwtje\Application Data\Uniblue

2009-02-22 22:40 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-02-21 15:26 --------- d-----w c:\program files\Ashampoo

2009-02-20 20:44 --------- d-----w c:\program files\PDFCreator Toolbar

2009-02-20 19:48 --------- d-----w c:\documents and settings\Erwtje\Application Data\Canon

2009-02-19 21:59 --------- d-----w c:\program files\Common Files\ScanSoft Shared

2009-02-19 21:57 --------- d-----w c:\program files\Canon

2009-02-18 20:31 --------- d-----w c:\documents and settings\Erwtje\Application Data\MSN6

2009-02-17 21:42 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater

2009-02-15 16:34 --------- d-----w c:\program files\Common Files\Symantec Shared

2009-02-15 16:32 --------- d-----w c:\documents and settings\All Users\Application Data\Skype

2009-02-15 15:09 --------- d-----w c:\program files\Common Files\Adobe

2009-02-14 17:20 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems

2009-02-14 16:08 --------- d-----w c:\program files\Foxit Software

2009-02-14 13:44 --------- d--h--w c:\program files\InstallShield Installation Information

2009-02-11 23:08 --------- d-----w c:\program files\MSECache

2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-02-07 22:20 --------- d-----w c:\documents and settings\Erwtje\Application Data\XnView

2009-01-13 14:44 --------- d-----w c:\program files\CCleaner

2009-01-13 14:23 --------- d-----w c:\program files\PC Tune-Up

2009-01-05 22:33 3,751,995 ----a-w c:\windows\system32\GPhotos.scr

2008-12-29 18:58 --------- d-----w c:\documents and settings\Erwtje\Application Data\Malwarebytes

2008-12-29 18:58 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes

2008-12-23 21:21 --------- d-----w c:\program files\Apple Software Update

2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll

2008-07-27 20:53 47,360 ----a-w c:\documents and settings\Erwtje\Application Data\pcouffin.sys

2008-05-07 21:24 14,290 ----a-w c:\program files\settings.dat

2008-01-30 19:05 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT

2008-01-30 19:05 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLds.DAT

2005-08-25 20:00 48,128 ----a-w c:\documents and settings\LocalService\cnmss Canon MP500 Series Printer (Local).dll

2005-08-25 20:00 48,128 ----a-w c:\documents and settings\Erwtje\cnmss Canon MP500 Series Printer (Local).dll

2008-04-19 20:14 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll

2008-04-19 20:14 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll

2008-04-19 20:14 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll

2008-04-19 20:14 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll

2008-04-19 20:14 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll

2008-10-12 21:09 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008101220081013\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]

"COMODO Firewall Pro"="c:\program files\Comodo\Firewall\CPF.exe" [2007-12-16 1115728]

"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-02-05 81000]

"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880]

"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-09-29 970808]

"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2002-10-11 98304]

"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2006-10-31 321088]

"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]

"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]

"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2009-02-02 2035712]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-09-29 497008]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-04-01 568176]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.MJPG"= pvmjpg30.dll

"VIDC.PIM1"= pclepim1.dll

"VIDC.ACDV"= ACDV.dll

"msacm.l3codec"= l3codecp.acm

"vidc.mjpx"= Pvmjpg30.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^NkbMonitor.exe.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^ymetray.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^Canon IJ Status Monitor Canon MP500 Series Printer.lnk]

path=c:\documents and settings\Erwtje\Menu Start\Programma's\Opstarten\Canon IJ Status Monitor Canon MP500 Series Printer.lnk

backup=c:\windows\pss\Canon IJ Status Monitor Canon MP500 Series Printer.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^HDDlife.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^OpenOffice.org 2.1 .lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^RocketDock.lnk]

backup=c:\windows\pss\RocketDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^Shrink Pic.lnk]

backup=c:\windows\pss\Shrink Pic.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^TransBar.lnk]

backup=c:\windows\pss\TransBar.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^UberIcon.lnk]

backup=c:\windows\pss\UberIcon.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^Y'z Shadow.lnk]

backup=c:\windows\pss\Y'z Shadow.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^Zita Nieuwsflash.lnk]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistrySmart

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

--a------ 2005-07-14 15:09 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

--a------ 2008-03-20 17:42 217544 c:\program files\Alcohol Soft\Alcohol 52\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Probe]

--a------ 2002-12-06 16:07 617984 c:\program files\ASUS\Probe\AsusProb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid]

--a------ 2009-02-02 13:32 2035712 c:\program files\Belgium Identity Card\beid35gui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]

--a------ 2007-09-10 11:08 258134 c:\program files\IVT Corporation\BlueSoleil\BtTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go]

-----c--- 2004-11-30 11:00 135168 c:\program files\Creative\MediaSource\Go\CTCMSGo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2008-04-14 18:02 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]

--a------ 2006-11-13 17:34 1289000 c:\progra~1\MI3AA1~1\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTpatch]

-ra------ 2002-10-30 10:40 28672 c:\windows\htpatch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]

--a------ 2008-08-14 16:11 565008 c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

--a------ 2008-08-14 16:15 2407184 c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRC]

--a------ 2007-09-20 10:16 2419200 c:\program files\PC Tune-Up\PCTuneUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2008-04-14 18:03 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE]

--a------ 2008-09-29 14:08 497008 c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]

--a------ 2003-05-08 11:00 49152 c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEPCI]

--a------ 2004-08-30 17:31 36864 c:\progra~1\Pinnacle\PPE\PPE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PicoBackupOE]

--a------ 2005-06-17 14:52 1129472 c:\program files\PicoBackupOE\PicoBackupAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-06-29 05:24 286720 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]

--a------ 2007-03-18 23:05 630784 c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]

--------- 2005-07-28 08:32 94208 c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Calendar Checker]

--a--c--- 2005-08-22 09:10 69632 c:\program files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

--------- 2000-05-11 01:00 90112 c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]

--a--c--- 2006-02-17 10:14 163840 c:\program files\A4TECH\Mouse\Amoumain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]

--a------ 2005-08-07 23:10 16384 c:\windows\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]

--a------ 2005-08-07 23:10 18944 c:\windows\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Audio Engine]

--a------ 2008-06-23 16:43 70144 c:\windows\system32\mmrtkrnl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"usnjsvc"=3 (0x3)

"rpcapd"=3 (0x3)

"ose"=3 (0x3)

"odserv"=3 (0x3)

"MDM"=2 (0x2)

"LVCOMSer"=2 (0x2)

"iPod Service"=3 (0x3)

"gusvc"=2 (0x2)

"FirebirdServerMAGIXInstance"=3 (0x3)

"BsHelpCS"=3 (0x3)

"BlueSoleilCS"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"a2free"=2 (0x2)

"StarWindServiceAE"=2 (0x2)

"TapiSrv"=3 (0x3)

"Schedule"=2 (0x2)

"LVPrcSrv"=2 (0x2)

"IDriverT"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"c:\\Program Files\\CCleaner\\ccleaner.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Piolet\\Piolet.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\ASUS\\AsusUpdate\\Update.exe"=

"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=

"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=

"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=

"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=

"c:\\Program Files\\Outlook Express\\msimn.exe"=

"c:\\Program Files\\Linksys Wireless-G PCI Wireless Network Monitor\\InvokeSvc2.exe"=

"c:\\Program Files\\Windows Live\\Mail\\wlmail.exe"=

"c:\\Program Files\\Windows Live\\Writer\\WindowsLiveWriter.exe"=

"c:\\Program Files\\PrinterAnywhere\\paConsole.exe"=

"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\1 Click PC Fix\\1clickpcfix.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-29 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-29 20560]

R2 dvdmrp;dvdmrp;c:\windows\system32\drivers\dvdmrp.sys [2005-08-03 5504]

R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [2006-03-24 33536]

R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2006-05-09 13824]

R3 BENDER;Pinnacle AV/DV2 Capture;c:\windows\system32\drivers\bender.sys [2006-11-20 200320]

S2 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;f:\magix\Common\Database\bin\fbserver.exe --> f:\magix\Common\Database\bin\fbserver.exe [?]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]

--- Andere Services/Drivers In Geheugen ---

*NewlyCreated* - GTNDIS5

*Deregistered* - ImapiService

*Deregistered* - lanmanserver

*Deregistered* - lanmanworkstation

*Deregistered* - LmHosts

*Deregistered* - mnmsrvc

*Deregistered* - Netman

*Deregistered* - Nla

*Deregistered* - NMSAccessU

*Deregistered* - nmservice

*Deregistered* - PolicyAgent

*Deregistered* - ProtectedStorage

*Deregistered* - RasMan

*Deregistered* - rpcapd

*Deregistered* - RpcSs

*Deregistered* - SamSs

*Deregistered* - SCardSvr

*Deregistered* - seclogon

*Deregistered* - SENS

*Deregistered* - SharedAccess

*Deregistered* - ShellHWDetection

*Deregistered* - SoundMAX Agent Service (default)

*Deregistered* - Spooler

*Deregistered* - srservice

*Deregistered* - stisvc

*Deregistered* - TapiSrv

*Deregistered* - TermService

*Deregistered* - Themes

*Deregistered* - TrkWks

*Deregistered* - Uniblue DiskRescue

*Deregistered* - WebClient

*Deregistered* - WinDefend

*Deregistered* - winmgmt

*Deregistered* - WMP54Gv4SVC

*Deregistered* - wscsvc

*Deregistered* - wuauserv

*Deregistered* - WZCSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]

\Shell\AutoRun\command - L:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]

\Shell\AutoRun\command - M:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33ff8e03-1f8d-11dd-9071-0011675a9d92}]

\Shell\AutoRun\command - H:\ClickMe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]

msiexec /fums {3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E} /qb

.

Inhoud van de 'Gedeelde Taken' map

2008-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-12-24 c:\windows\Tasks\At1.job

- c:\windows\system32\3AA45Enp.exe []

2008-10-11 c:\windows\Tasks\At10.job

- c:\windows\system32\3AA45Enp.exe []

2008-12-23 c:\windows\Tasks\At11.job

- c:\windows\system32\3AA45Enp.exe []

2008-12-23 c:\windows\Tasks\At12.job

- c:\windows\system32\3AA45Enp.exe []

2008-12-23 c:\windows\Tasks\At13.job

- c:\windows\system32\3AA45Enp.exe []

2008-12-23 c:\windows\Tasks\At14.job

- c:\windows\system32\3AA45Enp.exe []

2008-12-25 c:\windows\Tasks\At15.job

- c:\windows\system32\3AA45Enp.exe []

2008-12-25 c:\windows\Tasks\At16.job

- c:\windows\system32\3AA45Enp.exe []

2008-12-25 c:\windows\Tasks\At17.job

- c:\windows\system32\3AA45Enp.exe []

2008-12-25 c:\windows\Tasks\At18.job

- c:\windows\system32\3AA45Enp.exe []

2008-12-24 c:\windows\Tasks\At19.job

- c:\windows\system32\3AA45Enp.exe []

2008-12-25 c:\windows\Tasks\At2.job

- c:\windows\system32\3AA45Enp.exe []

2008-12-24 c:\windows\Tasks\At20.job

- c:\windows\system32\3AA45Enp.exe []

2008-12-24 c:\windows\Tasks\At21.job

- c:\windows\system32\3AA45Enp.exe []

2009-02-17 c:\windows\Tasks\At22.job

- c:\windows\system32\3AA45Enp.exe []

2009-02-17 c:\windows\Tasks\At23.job

- c:\windows\system32\3AA45Enp.exe []

2008-12-24 c:\windows\Tasks\At24.job

- c:\windows\system32\3AA45Enp.exe []

2008-12-25 c:\windows\Tasks\At3.job

- c:\windows\system32\3AA45Enp.exe []

2008-12-24 c:\windows\Tasks\At4.job

- c:\windows\system32\3AA45Enp.exe []

2008-12-24 c:\windows\Tasks\At5.job

- c:\windows\system32\3AA45Enp.exe []

2008-09-06 c:\windows\Tasks\At6.job

- c:\windows\system32\3AA45Enp.exe []

2008-09-06 c:\windows\Tasks\At7.job

- c:\windows\system32\3AA45Enp.exe []

2008-09-06 c:\windows\Tasks\At8.job

- c:\windows\system32\3AA45Enp.exe []

2008-10-11 c:\windows\Tasks\At9.job

- c:\windows\system32\3AA45Enp.exe []

2008-12-05 c:\windows\Tasks\Norton Security Scan.job

- c:\program files\Norton Security Scan\Nss.exe [2007-09-18 23:42]

2008-12-24 c:\windows\Tasks\RegistrySmart Scheduled Scan.job

- c:\program files\RegistrySmart\RegistrySmart.exe []

2008-12-24 c:\windows\Tasks\RegistrySmart Scheduled Scan.job

- c:\program files\RegistrySmart []

2009-02-23 c:\windows\Tasks\Uniblue DiskRescue 2009.job

- c:\program files\Uniblue\DiskRescue\UBDiskRescue.exe [2008-09-10 16:22]

2007-02-18 c:\windows\Tasks\Uniblue SpyEraser.job

- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []

.

- - - - ORPHANS VERWIJDERD - - - -

MSConfigStartUp-CamMonitor - f:\digital imaging\\Unload\hpqcmon.exe

MSConfigStartUp-iTunesHelper - F:\iTunesHelper.exe

MSConfigStartUp-PDFtypewriterPrinterMonitor - c:\program files\PDFtypewriter\Printer\PDFtypewriterMonitorStart.exe

MSConfigStartUp-Share-to-Web Namespace Daemon - f:\hp share-to-web\hpgs2wnd.exe

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.hln.be/

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

Trusted Zone: microsoft.com\download.windowsupdate

Trusted Zone: microsoft.com\support

Trusted Zone: microsoft.com\www.update

DPF: DirectAnimation Java Classes

DPF: Microsoft XML Parser for Java

FF - ProfilePath -

.

.

------- Bestandsassociaties -------

.

regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-23 18:41:31

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-1004336348-583907252-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{557B07D3-7DB1-3FD4-A397-E353685CF813}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"iakiachldgmohicgdc"=hex:6b,61,6e,6e,6e,6e,70,63,69,61,70,6c,67,6e,61,6f,6e,6f,

62,68,66,68,00,00

"haaiodhdphjaomoe"=hex:6b,61,6e,6e,6d,6e,69,6e,61,68,6e,70,64,70,69,65,6e,6d,

6f,62,67,66,00,00

[HKEY_USERS\S-1-5-21-1004336348-583907252-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B96E5DFF-D769-C338-7EE4-EFA8663D62F2}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,9f,6c,aa,c8,f4,

7a,a9,94,c8,28,51,af,b0,29,a3,98,13,30,66,8d,37,c5,87,12,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,9f,65,67,08,bf,

1a,28,ab,71,3b,04,66,8b,46,0d,96,6a,7e,ff,0c,f8,1c,6f,4a,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,07,db,6a,2a,c5,

7c,10,3f,25,da,ec,7e,55,20,c9,26,ab,88,e2,cf,19,41,cf,20,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,06,18,9f,85,43,

97,d3,4c,3e,1e,9e,e0,57,5a,93,61,2f,03,b3,0e,c9,a1,51,44,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,79,97,17,f6,e8,

92,06,6d,cd,44,cd,b9,a6,33,6c,cd,88,b3,8a,7d,02,c1,b7,f2,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,70,06,92,03,05,

a5,73,54,b0,18,ed,a7,3f,8d,37,a4,e2,44,3a,dc,6a,12,4e,fc,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,84,e2,96,ee,db,

c7,3b,db,31,77,e1,ba,b1,f8,68,02,c7,ca,df,bb,ee,01,ae,50,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,9a,30,dc,4d,18,

06,d5,d5,83,6c,56,8b,a0,85,96,ab,d4,24,bf,1f,10,f4,1e,50,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,b2,91,df,47,ba,

16,02,d4,51,fa,6e,91,28,9e,14,cc,b6,57,c0,ad,f5,d2,31,3b,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,f7,63,8b,20,59,

8e,b4,a2,b1,cd,45,5a,a8,c4,f8,b9,85,08,f9,99,21,eb,9f,48,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,60,76,76,6d,5a,

a8,6e,d3,e3,0e,66,d5,eb,bc,2f,6b,cb,c4,4b,9a,c8,6a,1b,13,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,60,7f,0a,df,65,

ed,ae,ce,fa,ea,66,7f,d4,3b,6b,70,10,31,34,90,a9,42,80,7d,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]

@DACL=(02 0012)

@Denied: (Full) (Everyone)

"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,

00,00,79,52,33,1c,d4,b0,80,42,b2,a5,ee,9f,d0,f1,a1,e7,04,00,00,00,04,00,00,\

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(752)

c:\windows\system32\Ati2evxx.dll

.

Voltooingstijd: 2009-02-23 18:43:23

ComboFix-quarantined-files.txt 2009-02-23 17:43:20

ComboFix2.txt 2007-05-22 19:46:20

Pre-Run: 220.994.686.976 bytes beschikbaar

Post-Run: 220,994,633,728 bytes beschikbaar

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7

567 --- E O F --- 2009-02-19 20:49:11

[Erwtje69]

Amaai,dat verliep hier niet van een leien dakje ,Fake.Ik kon zelfs geen verbinding meer maken hier op deze website.Ik kon wel het logje plakken maar tijdens het doorsturen kreeg ik telkens:"kan de pagina niet weergeven????????

Hopelijk is het nu gelukt

MVG.Erwtje69

ComboFix 09-02-21.01 - Erwtje 2009-02-23 21:47:42.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.2048.1501 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Erwtje\Bureaublad\ComboFix.exe

AV: avast! antivirus 4.8.1335 [VPS 090223-0] *On-access scanning disabled* (Updated)

AV: Trend Micro Internet Security *On-access scanning disabled* (Updated)

FW: COMODO Firewall Pro *disabled*

FW: Trend Micro Personal Firewall *disabled*

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Erwtje\Application Data\inst.exe

c:\windows\system32\tmp.reg

L:\Autorun.inf

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-01-23 to 2009-02-23 ))))))))))))))))))))))))))))))

.

2009-02-23 21:33 . 2009-02-23 21:33 <DIR> d-------- c:\windows\system32\beidpp

2009-02-23 21:33 . 2009-02-23 21:33 <DIR> d-------- c:\program files\Uniblue

2009-02-23 21:33 . 2009-02-23 21:33 <DIR> d--hs---- c:\documents and settings\Erwtje\Onlangs geopend

2009-02-23 21:33 . 2009-02-23 21:33 <DIR> d-------- c:\documents and settings\Erwtje\Bluetooth Software

2009-02-23 21:27 . 2009-02-23 21:33 <DIR> d--hs---- C:\RECYCLER(3)

2009-02-23 21:17 . 2009-02-23 21:33 <DIR> d-------- C:\RECYCLER(2)

2009-02-23 16:14 . 2009-02-23 21:33 <DIR> d-------- c:\program files\Belgium Identity Card

2009-02-23 14:29 . 2009-02-23 21:33 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{38E672D5-1F19-4A24-BA49-04BE4A4DBCAE}

2009-02-22 18:19 . 2007-03-31 06:02 876,384 --a------ c:\windows\system32\drivers\btkrnl.sys

2009-02-22 18:19 . 2007-03-23 03:49 539,072 --a------ c:\windows\system32\drivers\btaudio.sys

2009-02-22 18:19 . 2007-03-23 03:50 149,123 --a------ c:\windows\system32\drivers\btwdndis.sys

2009-02-22 18:19 . 2007-03-31 06:02 55,352 --a------ c:\windows\system32\drivers\btwhid.sys

2009-02-22 18:19 . 2007-03-23 03:50 37,424 --a------ c:\windows\system32\drivers\btport.sys

2009-02-22 18:08 . 2007-03-23 03:50 106,557 -ra------ c:\windows\system32\btw_ci.dll

2009-02-22 18:08 . 2007-03-23 03:50 67,960 --a------ c:\windows\system32\drivers\btwusb.sys

2009-02-22 00:58 . 2009-02-22 00:58 <DIR> d-------- c:\program files\WIDCOMM

2009-02-21 16:42 . 2009-02-21 16:42 <DIR> d-------- c:\documents and settings\Erwtje\Application Data\Ashampoo

2009-02-21 16:27 . 2009-02-21 16:27 103,424 --a------ c:\windows\system32\PowerUp3_nat.dll

2009-02-20 22:06 . 2009-02-20 22:07 <DIR> d-------- c:\program files\PDFCreator

2009-02-20 22:06 . 2001-10-28 17:42 116,224 --a------ c:\windows\system32\pdfcmnnt.dll

2009-02-20 21:50 . 2006-11-30 22:24 86,016 --a------ c:\windows\system32\custmon32.dll

2009-02-20 20:44 . 2009-02-20 20:44 <DIR> d--h----- c:\windows\system32\CanonMP Uninstaller Information

2009-02-20 20:43 . 2009-02-20 20:43 <DIR> d--h----- C:\CanonMP

2009-02-19 17:37 . 2009-02-19 17:37 <DIR> d--h----- c:\documents and settings\All Users\Application Data\CanonBJ

2009-02-18 21:14 . 2009-02-18 21:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\pdf995

2009-02-18 21:14 . 2009-02-18 21:21 249,856 --a------ c:\windows\system32\pdfmona.dll

2009-02-18 21:14 . 2009-02-18 21:21 51,716 --a------ c:\windows\system32\pdf995mon.dll

2009-02-18 21:14 . 2009-02-18 21:21 25 --a------ c:\windows\wpd99.drv

2009-02-18 21:13 . 2009-02-20 21:09 <DIR> d-------- C:\pdf995

2009-02-15 18:07 . 2009-02-15 18:07 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition

2009-02-15 17:05 . 2009-02-15 17:05 126 --a------ c:\windows\system32\{BDA126A1-7D91-4638-B52F-49D9E6F6F87E}.dat

2009-02-15 16:03 . 2009-02-20 20:51 0 --a------ c:\windows\system32\PDFtypewriter

2009-02-15 14:26 . 2009-02-15 14:26 <DIR> d-------- c:\documents and settings\Erwtje\Application Data\CTdeveloping

2009-02-15 14:26 . 2009-02-15 14:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\CTdeveloping

2009-02-14 17:25 . 2009-02-14 17:25 <DIR> d-------- c:\documents and settings\Erwtje\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2009-02-14 17:14 . 2009-02-20 21:59 <DIR> d-------- c:\program files\Capsoft

2009-02-14 16:10 . 2009-02-14 16:10 <DIR> d-------- C:\MIR

2009-02-14 14:44 . 2009-02-14 14:44 <DIR> d-------- c:\program files\Multiple Image Resizer .NET

2009-02-12 00:11 . 2008-05-02 14:30 465,920 --------- c:\windows\system32\imapi2fs.dll

2009-02-12 00:11 . 2008-05-02 14:30 465,920 -----c--- c:\windows\system32\dllcache\imapi2fs.dll

2009-02-12 00:11 . 2008-05-02 14:30 317,952 --------- c:\windows\system32\imapi2.dll

2009-02-12 00:11 . 2008-05-02 14:30 317,952 -----c--- c:\windows\system32\dllcache\imapi2.dll

2009-02-12 00:11 . 2008-05-02 11:49 62,976 -----c--- c:\windows\system32\dllcache\cdrom.sys

2009-02-12 00:10 . 2008-04-17 05:59 407,040 -----c--- c:\windows\system32\dllcache\netlogon.dll

2009-02-12 00:10 . 2008-04-17 05:59 344,576 -----c--- c:\windows\system32\dllcache\localspl.dll

2009-02-12 00:10 . 2008-04-17 05:59 176,128 -----c--- c:\windows\system32\dllcache\w32time.dll

2009-02-12 00:10 . 2008-04-17 05:59 134,144 -----c--- c:\windows\system32\dllcache\wkssvc.dll

2009-02-12 00:10 . 2008-05-05 12:07 132,608 -----c--- c:\windows\system32\dllcache\msv1_0.dll

2009-02-12 00:10 . 2008-04-17 05:59 113,664 -----c--- c:\windows\system32\dllcache\dsuiext.dll

2009-02-12 00:10 . 2008-04-17 05:59 68,096 -----c--- c:\windows\system32\dllcache\ntdsapi.dll

2009-02-12 00:07 . 2009-02-12 00:07 <DIR> d-------- c:\program files\Dir2File

2009-02-12 00:06 . 2004-12-09 08:17 61,440 --a------ c:\windows\ContextMenuExt.dll

2009-02-12 00:05 . 2007-07-10 20:27 40,960 --a------ c:\windows\system32\SSUBTMR6.DLL

2009-02-11 23:50 . 2007-10-07 11:27 10,752 --a------ c:\windows\system32\aamd532.dll

2009-02-07 18:04 . 2009-02-07 18:04 <DIR> d-------- c:\documents and settings\Erwtje\Application Data\Kodak

2009-02-07 18:03 . 2009-02-07 18:03 <DIR> d-------- c:\program files\Kodak

2009-02-06 20:35 . 2009-02-06 20:35 <DIR> d-------- c:\program files\BatchPhoto

2009-02-04 23:16 . 2009-02-04 23:17 <DIR> d-------- c:\program files\Photobie

2009-02-02 13:31 . 2009-02-02 13:31 360,448 --a------ c:\windows\system32\beid35applayer.dll

2009-02-02 13:31 . 2009-02-02 13:31 86,016 --a------ c:\windows\system32\Belgium Identity Card PKCS11.dll

2009-02-02 13:31 . 2009-02-02 13:31 86,016 --a------ c:\windows\system32\beidpkcs11.dll

2009-02-02 13:31 . 2009-02-02 13:31 69,632 --a------ c:\windows\system32\beidCSPlib.dll

2009-02-02 13:30 . 2009-02-02 13:30 262,144 --a------ c:\windows\system32\beid35DlgsWin32.dll

2009-02-02 13:30 . 2009-02-02 13:30 192,512 --a------ c:\windows\system32\beid35cardlayer.dll

2009-02-02 13:30 . 2009-02-02 13:30 122,880 --a------ c:\windows\system32\beid35common.dll

2009-02-02 13:29 . 2009-02-02 13:29 200,704 --a------ c:\windows\system32\eidlib.dll

2009-02-02 13:29 . 2009-02-02 13:29 200,704 --a------ c:\windows\system32\beidlib.dll

2009-01-24 00:21 . 2009-01-24 00:21 <DIR> d-------- c:\program files\CDBurnerXP

2009-01-24 00:21 . 2009-01-24 00:21 <DIR> d-------- c:\documents and settings\Erwtje\Application Data\Canneverbe_Limited

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-23 20:35 0 ----a-w c:\windows\system32\drivers\lvuvc.hs

2009-02-23 20:35 0 ----a-w c:\windows\system32\drivers\logiflt.iad

2009-02-23 20:33 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-02-23 17:37 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2009-02-23 15:13 33,536 ----a-w c:\windows\system32\drivers\a38usb.sys

2009-02-23 15:13 110,592 ----a-w c:\windows\system32\usbr38.dll

2009-02-23 13:32 --------- d-----w c:\documents and settings\Erwtje\Application Data\Uniblue

2009-02-21 15:26 --------- d-----w c:\program files\Ashampoo

2009-02-20 20:44 --------- d-----w c:\program files\PDFCreator Toolbar

2009-02-20 19:48 --------- d-----w c:\documents and settings\Erwtje\Application Data\Canon

2009-02-19 21:59 --------- d-----w c:\program files\Common Files\ScanSoft Shared

2009-02-19 21:57 --------- d-----w c:\program files\Canon

2009-02-18 20:31 --------- d-----w c:\documents and settings\Erwtje\Application Data\MSN6

2009-02-17 21:42 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater

2009-02-15 16:34 --------- d-----w c:\program files\Common Files\Symantec Shared

2009-02-15 16:32 --------- d-----w c:\documents and settings\All Users\Application Data\Skype

2009-02-15 15:09 --------- d-----w c:\program files\Common Files\Adobe

2009-02-14 17:20 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems

2009-02-14 16:08 --------- d-----w c:\program files\Foxit Software

2009-02-14 13:44 --------- d--h--w c:\program files\InstallShield Installation Information

2009-02-11 23:08 --------- d-----w c:\program files\MSECache

2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-02-07 22:20 --------- d-----w c:\documents and settings\Erwtje\Application Data\XnView

2009-01-13 14:44 --------- d-----w c:\program files\CCleaner

2009-01-13 14:23 --------- d-----w c:\program files\PC Tune-Up

2009-01-05 22:33 3,751,995 ----a-w c:\windows\system32\GPhotos.scr

2008-12-29 18:58 --------- d-----w c:\documents and settings\Erwtje\Application Data\Malwarebytes

2008-12-29 18:58 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes

2008-12-23 21:21 --------- d-----w c:\program files\Apple Software Update

2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll

2008-07-27 20:53 47,360 ----a-w c:\documents and settings\Erwtje\Application Data\pcouffin.sys

2008-05-07 21:24 14,290 ----a-w c:\program files\settings.dat

2008-01-30 19:05 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT

2008-01-30 19:05 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLds.DAT

2005-08-25 20:00 48,128 ----a-w c:\documents and settings\LocalService\cnmss Canon MP500 Series Printer (Local).dll

2005-08-25 20:00 48,128 ----a-w c:\documents and settings\Erwtje\cnmss Canon MP500 Series Printer (Local).dll

2008-04-19 20:14 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll

2008-04-19 20:14 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll

2008-04-19 20:14 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll

2008-04-19 20:14 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll

2008-04-19 20:14 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll

2008-10-12 21:09 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008101220081013\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]

"COMODO Firewall Pro"="c:\program files\Comodo\Firewall\CPF.exe" [2007-12-16 1115728]

"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-02-05 81000]

"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880]

"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-09-29 970808]

"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2002-10-11 98304]

"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2006-10-31 321088]

"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]

"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]

"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2009-02-02 2035712]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-09-29 497008]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-04-01 568176]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.MJPG"= pvmjpg30.dll

"VIDC.PIM1"= pclepim1.dll

"VIDC.ACDV"= ACDV.dll

"msacm.l3codec"= l3codecp.acm

"vidc.mjpx"= Pvmjpg30.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^NkbMonitor.exe.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^ymetray.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^Canon IJ Status Monitor Canon MP500 Series Printer.lnk]

path=c:\documents and settings\Erwtje\Menu Start\Programma's\Opstarten\Canon IJ Status Monitor Canon MP500 Series Printer.lnk

backup=c:\windows\pss\Canon IJ Status Monitor Canon MP500 Series Printer.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^HDDlife.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^OpenOffice.org 2.1 .lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^RocketDock.lnk]

backup=c:\windows\pss\RocketDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^Shrink Pic.lnk]

backup=c:\windows\pss\Shrink Pic.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^TransBar.lnk]

backup=c:\windows\pss\TransBar.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^UberIcon.lnk]

backup=c:\windows\pss\UberIcon.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^Y'z Shadow.lnk]

backup=c:\windows\pss\Y'z Shadow.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^Zita Nieuwsflash.lnk]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistrySmart

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

--a------ 2005-07-14 15:09 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

--a------ 2008-03-20 17:42 217544 c:\program files\Alcohol Soft\Alcohol 52\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Probe]

--a------ 2002-12-06 16:07 617984 c:\program files\ASUS\Probe\AsusProb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid]

--a------ 2009-02-02 13:32 2035712 c:\program files\Belgium Identity Card\beid35gui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]

--a------ 2007-09-10 11:08 258134 c:\program files\IVT Corporation\BlueSoleil\BtTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]

f:\digital imaging\\Unload\hpqcmon.exe [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go]

-----c--- 2004-11-30 11:00 135168 c:\program files\Creative\MediaSource\Go\CTCMSGo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2008-04-14 18:02 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]

--a------ 2006-11-13 17:34 1289000 c:\progra~1\MI3AA1~1\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTpatch]

-ra------ 2002-10-30 10:40 28672 c:\windows\htpatch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

F:\iTunesHelper.exe [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]

--a------ 2008-08-14 16:11 565008 c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

--a------ 2008-08-14 16:15 2407184 c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRC]

--a------ 2007-09-20 10:16 2419200 c:\program files\PC Tune-Up\PCTuneUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2008-04-14 18:03 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE]

--a------ 2008-09-29 14:08 497008 c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]

--a------ 2003-05-08 11:00 49152 c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEPCI]

--a------ 2004-08-30 17:31 36864 c:\progra~1\Pinnacle\PPE\PPE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFtypewriterPrinterMonitor]

c:\program files\PDFtypewriter\Printer\PDFtypewriterMonitorStart.exe [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PicoBackupOE]

--a------ 2005-06-17 14:52 1129472 c:\program files\PicoBackupOE\PicoBackupAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-06-29 05:24 286720 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]

--a------ 2007-03-18 23:05 630784 c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]

f:\hp share-to-web\hpgs2wnd.exe [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]

--------- 2005-07-28 08:32 94208 c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Calendar Checker]

--a--c--- 2005-08-22 09:10 69632 c:\program files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

--------- 2000-05-11 01:00 90112 c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]

--a--c--- 2006-02-17 10:14 163840 c:\program files\A4TECH\Mouse\Amoumain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]

--a------ 2005-08-07 23:10 16384 c:\windows\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]

--a------ 2005-08-07 23:10 18944 c:\windows\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Audio Engine]

--a------ 2008-06-23 16:43 70144 c:\windows\system32\mmrtkrnl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"usnjsvc"=3 (0x3)

"rpcapd"=3 (0x3)

"ose"=3 (0x3)

"odserv"=3 (0x3)

"MDM"=2 (0x2)

"LVCOMSer"=2 (0x2)

"iPod Service"=3 (0x3)

"gusvc"=2 (0x2)

"FirebirdServerMAGIXInstance"=3 (0x3)

"BsHelpCS"=3 (0x3)

"BlueSoleilCS"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"a2free"=2 (0x2)

"StarWindServiceAE"=2 (0x2)

"TapiSrv"=3 (0x3)

"Schedule"=2 (0x2)

"LVPrcSrv"=2 (0x2)

"IDriverT"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"c:\\Program Files\\CCleaner\\ccleaner.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Piolet\\Piolet.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\ASUS\\AsusUpdate\\Update.exe"=

"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=

"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=

"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=

"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=

"c:\\Program Files\\Outlook Express\\msimn.exe"=

"c:\\Program Files\\Linksys Wireless-G PCI Wireless Network Monitor\\InvokeSvc2.exe"=

"c:\\Program Files\\Windows Live\\Mail\\wlmail.exe"=

"c:\\Program Files\\Windows Live\\Writer\\WindowsLiveWriter.exe"=

"c:\\Program Files\\PrinterAnywhere\\paConsole.exe"=

"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\1 Click PC Fix\\1clickpcfix.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-29 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-29 20560]

R2 dvdmrp;dvdmrp;c:\windows\system32\drivers\dvdmrp.sys [2005-08-03 5504]

R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [2006-03-24 33536]

R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2006-05-09 13824]

R3 BENDER;Pinnacle AV/DV2 Capture;c:\windows\system32\drivers\bender.sys [2006-11-20 200320]

S2 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;f:\magix\Common\Database\bin\fbserver.exe --> f:\magix\Common\Database\bin\fbserver.exe [?]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]

--- Andere Services/Drivers In Geheugen ---

*Deregistered* - ImapiService

*Deregistered* - lanmanserver

*Deregistered* - lanmanworkstation

*Deregistered* - LmHosts

*Deregistered* - mnmsrvc

*Deregistered* - Netman

*Deregistered* - Nla

*Deregistered* - NMSAccessU

*Deregistered* - nmservice

*Deregistered* - PolicyAgent

*Deregistered* - ProtectedStorage

*Deregistered* - RasMan

*Deregistered* - rpcapd

*Deregistered* - RpcSs

*Deregistered* - SamSs

*Deregistered* - SCardSvr

*Deregistered* - seclogon

*Deregistered* - SENS

*Deregistered* - SharedAccess

*Deregistered* - ShellHWDetection

*Deregistered* - SoundMAX Agent Service (default)

*Deregistered* - Spooler

*Deregistered* - srservice

*Deregistered* - stisvc

*Deregistered* - TapiSrv

*Deregistered* - TermService

*Deregistered* - Themes

*Deregistered* - TrkWks

*Deregistered* - Uniblue DiskRescue

*Deregistered* - WebClient

*Deregistered* - WinDefend

*Deregistered* - winmgmt

*Deregistered* - WMP54Gv4SVC

*Deregistered* - wscsvc

*Deregistered* - wuauserv

*Deregistered* - WZCSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]

\Shell\AutoRun\command - L:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]

\Shell\AutoRun\command - M:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33ff8e03-1f8d-11dd-9071-0011675a9d92}]

\Shell\AutoRun\command - H:\ClickMe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]

msiexec /fums {3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E} /qb

.

Inhoud van de 'Gedeelde Taken' map

2008-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-12-24 c:\windows\Tasks\At1.job

- c:\windows\system32\3AA45Enp.exe []

2008-10-11 c:\windows\Tasks\At10.job

- c:\windows\system32\3AA45Enp.exe []

2008-12-23 c:\windows\Tasks\At11.job

- c:\windows\system32\3AA45Enp.exe []

2008-12-23 c:\windows\Tasks\At12.job

- c:\windows\system32\3AA45Enp.exe []

2008-12-23 c:\windows\Tasks\At13.job

- c:\windows\system32\3AA45Enp.exe []

2008-12-23 c:\windows\Tasks\At14.job

- c:\windows\system32\3AA45Enp.exe []

2008-12-25 c:\windows\Tasks\At15.job

- c:\windows\system32\3AA45Enp.exe []

2008-12-25 c:\windows\Tasks\At16.job

- c:\windows\system32\3AA45Enp.exe []

2008-12-25 c:\windows\Tasks\At17.job

- c:\windows\system32\3AA45Enp.exe []

2008-12-25 c:\windows\Tasks\At18.job

- c:\windows\system32\3AA45Enp.exe []

2008-12-24 c:\windows\Tasks\At19.job

- c:\windows\system32\3AA45Enp.exe []

2008-12-25 c:\windows\Tasks\At2.job

- c:\windows\system32\3AA45Enp.exe []

2008-12-24 c:\windows\Tasks\At20.job

- c:\windows\system32\3AA45Enp.exe []

2008-12-24 c:\windows\Tasks\At21.job

- c:\windows\system32\3AA45Enp.exe []

2009-02-17 c:\windows\Tasks\At22.job

- c:\windows\system32\3AA45Enp.exe []

2009-02-17 c:\windows\Tasks\At23.job

- c:\windows\system32\3AA45Enp.exe []

2008-12-24 c:\windows\Tasks\At24.job

- c:\windows\system32\3AA45Enp.exe []

2008-12-25 c:\windows\Tasks\At3.job

- c:\windows\system32\3AA45Enp.exe []

2008-12-24 c:\windows\Tasks\At4.job

- c:\windows\system32\3AA45Enp.exe []

2008-12-24 c:\windows\Tasks\At5.job

- c:\windows\system32\3AA45Enp.exe []

2008-09-06 c:\windows\Tasks\At6.job

- c:\windows\system32\3AA45Enp.exe []

2008-09-06 c:\windows\Tasks\At7.job

- c:\windows\system32\3AA45Enp.exe []

2008-09-06 c:\windows\Tasks\At8.job

- c:\windows\system32\3AA45Enp.exe []

2008-10-11 c:\windows\Tasks\At9.job

- c:\windows\system32\3AA45Enp.exe []

2008-12-05 c:\windows\Tasks\Norton Security Scan.job

- c:\program files\Norton Security Scan\Nss.exe [2007-09-18 23:42]

2008-12-24 c:\windows\Tasks\RegistrySmart Scheduled Scan.job

- c:\program files\RegistrySmart\RegistrySmart.exe []

2008-12-24 c:\windows\Tasks\RegistrySmart Scheduled Scan.job

- c:\program files\RegistrySmart []

2009-02-23 c:\windows\Tasks\Uniblue DiskRescue 2009.job

- c:\program files\Uniblue\DiskRescue\UBDiskRescue.exe [2008-09-10 16:22]

2007-02-18 c:\windows\Tasks\Uniblue SpyEraser.job

- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.hln.be/

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

Trusted Zone: microsoft.com\download.windowsupdate

Trusted Zone: microsoft.com\support

Trusted Zone: microsoft.com\www.update

DPF: DirectAnimation Java Classes

DPF: Microsoft XML Parser for Java

FF - ProfilePath -

.

.

------- Bestandsassociaties -------

.

regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-23 21:49:46

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-1004336348-583907252-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{557B07D3-7DB1-3FD4-A397-E353685CF813}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"iakiachldgmohicgdc"=hex:6b,61,6e,6e,6e,6e,70,63,69,61,70,6c,67,6e,61,6f,6e,6f,

62,68,66,68,00,00

"haaiodhdphjaomoe"=hex:6b,61,6e,6e,6d,6e,69,6e,61,68,6e,70,64,70,69,65,6e,6d,

6f,62,67,66,00,00

[HKEY_USERS\S-1-5-21-1004336348-583907252-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B96E5DFF-D769-C338-7EE4-EFA8663D62F2}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,9f,6c,aa,c8,f4,

7a,a9,94,c8,28,51,af,b0,29,a3,98,13,30,66,8d,37,c5,87,12,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,9f,65,67,08,bf,

1a,28,ab,71,3b,04,66,8b,46,0d,96,6a,7e,ff,0c,f8,1c,6f,4a,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,07,db,6a,2a,c5,

7c,10,3f,25,da,ec,7e,55,20,c9,26,ab,88,e2,cf,19,41,cf,20,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,06,18,9f,85,43,

97,d3,4c,3e,1e,9e,e0,57,5a,93,61,2f,03,b3,0e,c9,a1,51,44,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,79,97,17,f6,e8,

92,06,6d,cd,44,cd,b9,a6,33,6c,cd,88,b3,8a,7d,02,c1,b7,f2,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,70,06,92,03,05,

a5,73,54,b0,18,ed,a7,3f,8d,37,a4,e2,44,3a,dc,6a,12,4e,fc,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,84,e2,96,ee,db,

c7,3b,db,31,77,e1,ba,b1,f8,68,02,c7,ca,df,bb,ee,01,ae,50,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,9a,30,dc,4d,18,

06,d5,d5,83,6c,56,8b,a0,85,96,ab,d4,24,bf,1f,10,f4,1e,50,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,b2,91,df,47,ba,

16,02,d4,51,fa,6e,91,28,9e,14,cc,b6,57,c0,ad,f5,d2,31,3b,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,f7,63,8b,20,59,

8e,b4,a2,b1,cd,45,5a,a8,c4,f8,b9,85,08,f9,99,21,eb,9f,48,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,60,76,76,6d,5a,

a8,6e,d3,e3,0e,66,d5,eb,bc,2f,6b,cb,c4,4b,9a,c8,6a,1b,13,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,60,7f,0a,df,65,

ed,ae,ce,fa,ea,66,7f,d4,3b,6b,70,10,31,34,90,a9,42,80,7d,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]

@DACL=(02 0012)

@Denied: (Full) (Everyone)

"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,

00,00,79,52,33,1c,d4,b0,80,42,b2,a5,ee,9f,d0,f1,a1,e7,04,00,00,00,04,00,00,\

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(744)

c:\windows\system32\Ati2evxx.dll

.

Voltooingstijd: 2009-02-23 21:51:34

ComboFix-quarantined-files.txt 2009-02-23 20:51:31

ComboFix2.txt 2009-02-23 17:43:24

ComboFix3.txt 2007-05-22 19:46:20

Pre-Run: 220,685,168,640 bytes beschikbaar

Post-Run: 220,614,356,992 bytes beschikbaar

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7

570 --- E O F --- 2009-02-19 20:49:11

[Erwtje69]

Ik snap hier echt niks meer van,he Fake.

telkens ik hier het combofix logje wilde publiceren ,ging de webbrowser zo traag dat ik telkens de volgende foutmelding kreeg:"de pagina kan niet weergegeven worden."Ik mocht doen wat ik wilde ik geraakte niet meer op deze discussie,wel op de website,maar het geplakte logje draaide telkens uit op een foutmelding.Nu blijkt dat het hier ettelijke keren toch gepost is???

Nu kan ik niet meer volgen,zulle.Erzit hier ergens een serieuze trojan of zo verscholen volgens mij.Nu is ook plotseling mijn werkbalk dubbel zo groot geworden zonder dat ik ook maar iets gewijzigd heb??

Help!!

[kape]

Er zit behoorlijk wat fout op deze PC ... dat wordt een heel werkje. Een uurtje onderzoek of zo, maar het resultaat zal voor morgen zijn, vrees ik :s

[Erwtje69]

Dat is geen probleem voor mij,Fake.

Hopelijk kan jij het oplossen .Doe maar rustig aan hoor.

Heb nog een desktop met xp home servicepack 3 en een Dell laptop met vista premium erop in geval van nood.

Nog een goed nacht toegewenst vanwege,

Mvg .erwtje69

[kape]

Hier zijn we er dan mee

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\wpd99.drv

c:\windows\system32\{BDA126A1-7D91-4638-B52F-49D9E6F6F87E}.dat

c:\windows\system32\3AA45Enp.exe

c:\windows\Tasks\At1.job

c:\windows\Tasks\At10.job

c:\windows\Tasks\At11.job

c:\windows\Tasks\At12.job

c:\windows\Tasks\At13.job

c:\windows\Tasks\At14.job

c:\windows\Tasks\At15.job

c:\windows\Tasks\At16.job

c:\windows\Tasks\At17.job

c:\windows\Tasks\At18.job

c:\windows\Tasks\At19.job

c:\windows\Tasks\At2.job

c:\windows\Tasks\At20.job

c:\windows\Tasks\At21.job

c:\windows\Tasks\At22.job

c:\windows\Tasks\At23.job

c:\windows\Tasks\At24.job

c:\windows\Tasks\At3.job

c:\windows\Tasks\At4.job

c:\windows\Tasks\At5.job

c:\windows\Tasks\At6.job

c:\windows\Tasks\At7.job

c:\windows\Tasks\At8.job

c:\windows\Tasks\At9.job

Folder::

C:\RECYCLER(3)

C:\RECYCLER(2)

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33ff8e03-1f8d-11dd-9071-0011675a9d92}]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

[Erwtje69]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:36:55, on 24/02/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

C:\Program Files\Comodo\Firewall\cmdagent.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\Program Files\WinPcap\rpcapd.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe

C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

C:\Program Files\Pure Networks\Network Magic\nmapp.exe

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\Program Files\Belgium Identity Card\beid35gui.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\PROGRA~1\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Windows Live\Mail\wlmail.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HLN home

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Call HoverToCall class - {7E853D72-626A-48EC-A868-BA8D5E23E045} - C:\Program Files\Windows Live\Messenger\HTC.DLL

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: (no name) - -{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - (no file)

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background

O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r

O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup

O4 - HKCU\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.0.6.5.cab

O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/e/38.09/f-6tcHDGwoY/uploader2.cab

O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - https://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.nl/downloads/BUM/BUM_WIN_IE_2/axofupld.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1218922213856&h=1228216423e2b904dbf135487519793c/&filename=jinstall-6u7-windows-i586-jc.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/nl/TSEasyInstallX.CAB

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - F:\MAGIX\Common\Database\bin\fbserver.exe (file missing)

O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Uniblue DiskRescue - Uniblue - C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe

O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--

End of file - 12424 bytes

[Erwtje69]

ComboFix 09-02-21.01 - Erwtje 2009-02-24 13:21:49.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.2048.1503 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Erwtje\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Erwtje\Bureaublad\CFScript.txt

AV: avast! antivirus 4.8.1335 [VPS 090223-0] *On-access scanning disabled* (Updated)

AV: Trend Micro Internet Security *On-access scanning disabled* (Updated)

FW: COMODO Firewall Pro *disabled*

FW: Trend Micro Personal Firewall *disabled*

* Nieuw herstelpunt werd aangemaakt

FILE ::

c:\windows\system32\{BDA126A1-7D91-4638-B52F-49D9E6F6F87E}.dat

c:\windows\system32\3AA45Enp.exe

c:\windows\Tasks\At1.job

c:\windows\Tasks\At10.job

c:\windows\Tasks\At11.job

c:\windows\Tasks\At12.job

c:\windows\Tasks\At13.job

c:\windows\Tasks\At14.job

c:\windows\Tasks\At15.job

c:\windows\Tasks\At16.job

c:\windows\Tasks\At17.job

c:\windows\Tasks\At18.job

c:\windows\Tasks\At19.job

c:\windows\Tasks\At2.job

c:\windows\Tasks\At20.job

c:\windows\Tasks\At21.job

c:\windows\Tasks\At22.job

c:\windows\Tasks\At23.job

c:\windows\Tasks\At24.job

c:\windows\Tasks\At3.job

c:\windows\Tasks\At4.job

c:\windows\Tasks\At5.job

c:\windows\Tasks\At6.job

c:\windows\Tasks\At7.job

c:\windows\Tasks\At8.job

c:\windows\Tasks\At9.job

c:\windows\wpd99.drv

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\RECYCLER(2)

c:\recycler(2)\S-1-5-21-1004336348-583907252-839522115-1004(2)\INFO2

C:\RECYCLER(3)

c:\recycler(3)\S-1-5-21-1004336348-583907252-839522115-1004(2)\INFO2

c:\windows\system32\{BDA126A1-7D91-4638-B52F-49D9E6F6F87E}.dat

c:\windows\Tasks\At1.job

c:\windows\Tasks\At10.job

c:\windows\Tasks\At11.job

c:\windows\Tasks\At12.job

c:\windows\Tasks\At13.job

c:\windows\Tasks\At14.job

c:\windows\Tasks\At15.job

c:\windows\Tasks\At16.job

c:\windows\Tasks\At17.job

c:\windows\Tasks\At18.job

c:\windows\Tasks\At19.job

c:\windows\Tasks\At2.job

c:\windows\Tasks\At20.job

c:\windows\Tasks\At21.job

c:\windows\Tasks\At22.job

c:\windows\Tasks\At23.job

c:\windows\Tasks\At24.job

c:\windows\Tasks\At3.job

c:\windows\Tasks\At4.job

c:\windows\Tasks\At5.job

c:\windows\Tasks\At6.job

c:\windows\Tasks\At7.job

c:\windows\Tasks\At8.job

c:\windows\Tasks\At9.job

c:\windows\wpd99.drv

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-01-24 to 2009-02-24 ))))))))))))))))))))))))))))))

.

2009-02-23 21:33 . 2009-02-23 21:33 <DIR> d-------- c:\windows\system32\beidpp

2009-02-23 21:33 . 2009-02-23 21:33 <DIR> d-------- c:\program files\Uniblue

2009-02-23 21:33 . 2009-02-24 13:19 <DIR> d--hs---- c:\documents and settings\Erwtje\Onlangs geopend

2009-02-23 21:33 . 2009-02-23 21:33 <DIR> d-------- c:\documents and settings\Erwtje\Bluetooth Software

2009-02-23 16:14 . 2009-02-23 21:33 <DIR> d-------- c:\program files\Belgium Identity Card

2009-02-23 14:29 . 2009-02-23 21:33 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{38E672D5-1F19-4A24-BA49-04BE4A4DBCAE}

2009-02-22 18:19 . 2007-03-31 06:02 876,384 --a------ c:\windows\system32\drivers\btkrnl.sys

2009-02-22 18:19 . 2007-03-23 03:49 539,072 --a------ c:\windows\system32\drivers\btaudio.sys

2009-02-22 18:19 . 2007-03-23 03:50 149,123 --a------ c:\windows\system32\drivers\btwdndis.sys

2009-02-22 18:19 . 2007-03-31 06:02 55,352 --a------ c:\windows\system32\drivers\btwhid.sys

2009-02-22 18:19 . 2007-03-23 03:50 37,424 --a------ c:\windows\system32\drivers\btport.sys

2009-02-22 18:08 . 2007-03-23 03:50 106,557 -ra------ c:\windows\system32\btw_ci.dll

2009-02-22 18:08 . 2007-03-23 03:50 67,960 --a------ c:\windows\system32\drivers\btwusb.sys

2009-02-22 00:58 . 2009-02-22 00:58 <DIR> d-------- c:\program files\WIDCOMM

2009-02-21 16:42 . 2009-02-21 16:42 <DIR> d-------- c:\documents and settings\Erwtje\Application Data\Ashampoo

2009-02-21 16:27 . 2009-02-21 16:27 103,424 --a------ c:\windows\system32\PowerUp3_nat.dll

2009-02-20 22:06 . 2009-02-20 22:07 <DIR> d-------- c:\program files\PDFCreator

2009-02-20 22:06 . 2001-10-28 17:42 116,224 --a------ c:\windows\system32\pdfcmnnt.dll

2009-02-20 21:50 . 2006-11-30 22:24 86,016 --a------ c:\windows\system32\custmon32.dll

2009-02-20 20:44 . 2009-02-20 20:44 <DIR> d--h----- c:\windows\system32\CanonMP Uninstaller Information

2009-02-20 20:43 . 2009-02-20 20:43 <DIR> d--h----- C:\CanonMP

2009-02-19 17:37 . 2009-02-19 17:37 <DIR> d--h----- c:\documents and settings\All Users\Application Data\CanonBJ

2009-02-18 21:14 . 2009-02-18 21:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\pdf995

2009-02-18 21:14 . 2009-02-18 21:21 249,856 --a------ c:\windows\system32\pdfmona.dll

2009-02-18 21:14 . 2009-02-18 21:21 51,716 --a------ c:\windows\system32\pdf995mon.dll

2009-02-18 21:13 . 2009-02-20 21:09 <DIR> d-------- C:\pdf995

2009-02-15 18:07 . 2009-02-15 18:07 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition

2009-02-15 16:03 . 2009-02-20 20:51 0 --a------ c:\windows\system32\PDFtypewriter

2009-02-15 14:26 . 2009-02-15 14:26 <DIR> d-------- c:\documents and settings\Erwtje\Application Data\CTdeveloping

2009-02-15 14:26 . 2009-02-15 14:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\CTdeveloping

2009-02-14 17:25 . 2009-02-14 17:25 <DIR> d-------- c:\documents and settings\Erwtje\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2009-02-14 17:14 . 2009-02-20 21:59 <DIR> d-------- c:\program files\Capsoft

2009-02-14 16:10 . 2009-02-14 16:10 <DIR> d-------- C:\MIR

2009-02-14 14:44 . 2009-02-14 14:44 <DIR> d-------- c:\program files\Multiple Image Resizer .NET

2009-02-12 00:11 . 2008-05-02 14:30 465,920 --------- c:\windows\system32\imapi2fs.dll

2009-02-12 00:11 . 2008-05-02 14:30 465,920 -----c--- c:\windows\system32\dllcache\imapi2fs.dll

2009-02-12 00:11 . 2008-05-02 14:30 317,952 --------- c:\windows\system32\imapi2.dll

2009-02-12 00:11 . 2008-05-02 14:30 317,952 -----c--- c:\windows\system32\dllcache\imapi2.dll

2009-02-12 00:11 . 2008-05-02 11:49 62,976 -----c--- c:\windows\system32\dllcache\cdrom.sys

2009-02-12 00:10 . 2008-04-17 05:59 407,040 -----c--- c:\windows\system32\dllcache\netlogon.dll

2009-02-12 00:10 . 2008-04-17 05:59 344,576 -----c--- c:\windows\system32\dllcache\localspl.dll

2009-02-12 00:10 . 2008-04-17 05:59 176,128 -----c--- c:\windows\system32\dllcache\w32time.dll

2009-02-12 00:10 . 2008-04-17 05:59 134,144 -----c--- c:\windows\system32\dllcache\wkssvc.dll

2009-02-12 00:10 . 2008-05-05 12:07 132,608 -----c--- c:\windows\system32\dllcache\msv1_0.dll

2009-02-12 00:10 . 2008-04-17 05:59 113,664 -----c--- c:\windows\system32\dllcache\dsuiext.dll

2009-02-12 00:10 . 2008-04-17 05:59 68,096 -----c--- c:\windows\system32\dllcache\ntdsapi.dll

2009-02-12 00:07 . 2009-02-12 00:07 <DIR> d-------- c:\program files\Dir2File

2009-02-12 00:06 . 2004-12-09 08:17 61,440 --a------ c:\windows\ContextMenuExt.dll

2009-02-12 00:05 . 2007-07-10 20:27 40,960 --a------ c:\windows\system32\SSUBTMR6.DLL

2009-02-11 23:50 . 2007-10-07 11:27 10,752 --a------ c:\windows\system32\aamd532.dll

2009-02-07 18:04 . 2009-02-07 18:04 <DIR> d-------- c:\documents and settings\Erwtje\Application Data\Kodak

2009-02-07 18:03 . 2009-02-07 18:03 <DIR> d-------- c:\program files\Kodak

2009-02-06 20:35 . 2009-02-06 20:35 <DIR> d-------- c:\program files\BatchPhoto

2009-02-04 23:16 . 2009-02-04 23:17 <DIR> d-------- c:\program files\Photobie

2009-02-02 13:31 . 2009-02-02 13:31 360,448 --a------ c:\windows\system32\beid35applayer.dll

2009-02-02 13:31 . 2009-02-02 13:31 86,016 --a------ c:\windows\system32\Belgium Identity Card PKCS11.dll

2009-02-02 13:31 . 2009-02-02 13:31 86,016 --a------ c:\windows\system32\beidpkcs11.dll

2009-02-02 13:31 . 2009-02-02 13:31 69,632 --a------ c:\windows\system32\beidCSPlib.dll

2009-02-02 13:30 . 2009-02-02 13:30 262,144 --a------ c:\windows\system32\beid35DlgsWin32.dll

2009-02-02 13:30 . 2009-02-02 13:30 192,512 --a------ c:\windows\system32\beid35cardlayer.dll

2009-02-02 13:30 . 2009-02-02 13:30 122,880 --a------ c:\windows\system32\beid35common.dll

2009-02-02 13:29 . 2009-02-02 13:29 200,704 --a------ c:\windows\system32\eidlib.dll

2009-02-02 13:29 . 2009-02-02 13:29 200,704 --a------ c:\windows\system32\beidlib.dll

2009-01-24 00:21 . 2009-01-24 00:21 <DIR> d-------- c:\program files\CDBurnerXP

2009-01-24 00:21 . 2009-01-24 00:21 <DIR> d-------- c:\documents and settings\Erwtje\Application Data\Canneverbe_Limited

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-24 08:47 0 ----a-w c:\windows\system32\drivers\lvuvc.hs

2009-02-24 08:47 0 ----a-w c:\windows\system32\drivers\logiflt.iad

2009-02-23 21:56 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2009-02-23 20:33 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-02-23 15:13 33,536 ----a-w c:\windows\system32\drivers\a38usb.sys

2009-02-23 15:13 110,592 ----a-w c:\windows\system32\usbr38.dll

2009-02-23 13:32 --------- d-----w c:\documents and settings\Erwtje\Application Data\Uniblue

2009-02-21 15:26 --------- d-----w c:\program files\Ashampoo

2009-02-20 20:44 --------- d-----w c:\program files\PDFCreator Toolbar

2009-02-20 19:48 --------- d-----w c:\documents and settings\Erwtje\Application Data\Canon

2009-02-19 21:59 --------- d-----w c:\program files\Common Files\ScanSoft Shared

2009-02-19 21:57 --------- d-----w c:\program files\Canon

2009-02-18 20:31 --------- d-----w c:\documents and settings\Erwtje\Application Data\MSN6

2009-02-17 21:42 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater

2009-02-15 16:34 --------- d-----w c:\program files\Common Files\Symantec Shared

2009-02-15 16:32 --------- d-----w c:\documents and settings\All Users\Application Data\Skype

2009-02-15 15:09 --------- d-----w c:\program files\Common Files\Adobe

2009-02-14 17:20 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems

2009-02-14 16:08 --------- d-----w c:\program files\Foxit Software

2009-02-14 13:44 --------- d--h--w c:\program files\InstallShield Installation Information

2009-02-11 23:08 --------- d-----w c:\program files\MSECache

2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-02-07 22:20 --------- d-----w c:\documents and settings\Erwtje\Application Data\XnView

2009-01-13 14:44 --------- d-----w c:\program files\CCleaner

2009-01-13 14:23 --------- d-----w c:\program files\PC Tune-Up

2009-01-05 22:33 3,751,995 ----a-w c:\windows\system32\GPhotos.scr

2008-12-29 18:58 --------- d-----w c:\documents and settings\Erwtje\Application Data\Malwarebytes

2008-12-29 18:58 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes

2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll

2008-07-27 20:53 47,360 ----a-w c:\documents and settings\Erwtje\Application Data\pcouffin.sys

2008-05-07 21:24 14,290 ----a-w c:\program files\settings.dat

2008-01-30 19:05 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT

2008-01-30 19:05 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLds.DAT

2005-08-25 20:00 48,128 ----a-w c:\documents and settings\LocalService\cnmss Canon MP500 Series Printer (Local).dll

2005-08-25 20:00 48,128 ----a-w c:\documents and settings\Erwtje\cnmss Canon MP500 Series Printer (Local).dll

2008-04-19 20:14 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll

2008-04-19 20:14 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll

2008-04-19 20:14 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll

2008-04-19 20:14 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll

2008-04-19 20:14 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll

2008-10-12 21:09 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008101220081013\index.dat

.

((((((((((((((((((((((((((((( SnapShot@2009-02-23_21.50.22.15 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-02-23 20:40:02 60,760 ----a-w c:\windows\system32\perfc009.dat

+ 2009-02-24 08:52:17 60,760 ----a-w c:\windows\system32\perfc009.dat

- 2009-02-23 20:40:02 79,912 ----a-w c:\windows\system32\perfc013.dat

+ 2009-02-24 08:52:17 79,912 ----a-w c:\windows\system32\perfc013.dat

- 2009-02-23 20:40:02 400,600 ----a-w c:\windows\system32\perfh009.dat

+ 2009-02-24 08:52:17 400,600 ----a-w c:\windows\system32\perfh009.dat

- 2009-02-23 20:40:02 465,120 ----a-w c:\windows\system32\perfh013.dat

+ 2009-02-24 08:52:17 465,120 ----a-w c:\windows\system32\perfh013.dat

+ 2009-02-24 08:47:59 16,384 ----atw c:\windows\temp\Perflib_Perfdata_618.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]

"COMODO Firewall Pro"="c:\program files\Comodo\Firewall\CPF.exe" [2007-12-16 1115728]

"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-02-05 81000]

"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880]

"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-09-29 970808]

"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2002-10-11 98304]

"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2006-10-31 321088]

"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]

"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]

"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2009-02-02 2035712]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-09-29 497008]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-04-01 568176]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.MJPG"= pvmjpg30.dll

"VIDC.PIM1"= pclepim1.dll

"VIDC.ACDV"= ACDV.dll

"msacm.l3codec"= l3codecp.acm

"vidc.mjpx"= Pvmjpg30.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^NkbMonitor.exe.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^ymetray.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^Canon IJ Status Monitor Canon MP500 Series Printer.lnk]

path=c:\documents and settings\Erwtje\Menu Start\Programma's\Opstarten\Canon IJ Status Monitor Canon MP500 Series Printer.lnk

backup=c:\windows\pss\Canon IJ Status Monitor Canon MP500 Series Printer.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^HDDlife.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^OpenOffice.org 2.1 .lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^RocketDock.lnk]

backup=c:\windows\pss\RocketDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^Shrink Pic.lnk]

backup=c:\windows\pss\Shrink Pic.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^TransBar.lnk]

backup=c:\windows\pss\TransBar.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^UberIcon.lnk]

backup=c:\windows\pss\UberIcon.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^Y'z Shadow.lnk]

backup=c:\windows\pss\Y'z Shadow.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Erwtje^Menu Start^Programma's^Opstarten^Zita Nieuwsflash.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

--a------ 2005-07-14 15:09 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

--a------ 2008-03-20 17:42 217544 c:\program files\Alcohol Soft\Alcohol 52\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Probe]

--a------ 2002-12-06 16:07 617984 c:\program files\ASUS\Probe\AsusProb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid]

--a------ 2009-02-02 13:32 2035712 c:\program files\Belgium Identity Card\beid35gui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]

--a------ 2007-09-10 11:08 258134 c:\program files\IVT Corporation\BlueSoleil\BtTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]

f:\digital imaging\\Unload\hpqcmon.exe [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go]

-----c--- 2004-11-30 11:00 135168 c:\program files\Creative\MediaSource\Go\CTCMSGo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2008-04-14 18:02 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]

--a------ 2006-11-13 17:34 1289000 c:\progra~1\MI3AA1~1\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTpatch]

-ra------ 2002-10-30 10:40 28672 c:\windows\htpatch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

F:\iTunesHelper.exe [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]

--a------ 2008-08-14 16:11 565008 c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

--a------ 2008-08-14 16:15 2407184 c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRC]

--a------ 2007-09-20 10:16 2419200 c:\program files\PC Tune-Up\PCTuneUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2008-04-14 18:03 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE]

--a------ 2008-09-29 14:08 497008 c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]

--a------ 2003-05-08 11:00 49152 c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEPCI]

--a------ 2004-08-30 17:31 36864 c:\progra~1\Pinnacle\PPE\PPE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFtypewriterPrinterMonitor]

c:\program files\PDFtypewriter\Printer\PDFtypewriterMonitorStart.exe [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PicoBackupOE]

--a------ 2005-06-17 14:52 1129472 c:\program files\PicoBackupOE\PicoBackupAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-06-29 05:24 286720 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]

--a------ 2007-03-18 23:05 630784 c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]

f:\hp share-to-web\hpgs2wnd.exe [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]

--------- 2005-07-28 08:32 94208 c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Calendar Checker]

--a--c--- 2005-08-22 09:10 69632 c:\program files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

--------- 2000-05-11 01:00 90112 c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]

--a--c--- 2006-02-17 10:14 163840 c:\program files\A4TECH\Mouse\Amoumain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]

--a------ 2005-08-07 23:10 16384 c:\windows\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]

--a------ 2005-08-07 23:10 18944 c:\windows\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Audio Engine]

--a------ 2008-06-23 16:43 70144 c:\windows\system32\mmrtkrnl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"usnjsvc"=3 (0x3)

"rpcapd"=3 (0x3)

"ose"=3 (0x3)

"odserv"=3 (0x3)

"MDM"=2 (0x2)

"LVCOMSer"=2 (0x2)

"iPod Service"=3 (0x3)

"gusvc"=2 (0x2)

"FirebirdServerMAGIXInstance"=3 (0x3)

"BsHelpCS"=3 (0x3)

"BlueSoleilCS"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"a2free"=2 (0x2)

"StarWindServiceAE"=2 (0x2)

"TapiSrv"=3 (0x3)

"Schedule"=2 (0x2)

"LVPrcSrv"=2 (0x2)

"IDriverT"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"c:\\Program Files\\CCleaner\\ccleaner.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Piolet\\Piolet.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\ASUS\\AsusUpdate\\Update.exe"=

"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=

"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=

"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=

"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=

"c:\\Program Files\\Outlook Express\\msimn.exe"=

"c:\\Program Files\\Linksys Wireless-G PCI Wireless Network Monitor\\InvokeSvc2.exe"=

"c:\\Program Files\\Windows Live\\Mail\\wlmail.exe"=

"c:\\Program Files\\Windows Live\\Writer\\WindowsLiveWriter.exe"=

"c:\\Program Files\\PrinterAnywhere\\paConsole.exe"=

"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\1 Click PC Fix\\1clickpcfix.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-29 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-29 20560]

R2 dvdmrp;dvdmrp;c:\windows\system32\drivers\dvdmrp.sys [2005-08-03 5504]

R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2006-05-09 13824]

R3 BENDER;Pinnacle AV/DV2 Capture;c:\windows\system32\drivers\bender.sys [2006-11-20 200320]

S2 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;f:\magix\Common\Database\bin\fbserver.exe --> f:\magix\Common\Database\bin\fbserver.exe [?]

S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [2006-03-24 33536]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]

--- Andere Services/Drivers In Geheugen ---

*Deregistered* - ImapiService

*Deregistered* - lanmanserver

*Deregistered* - lanmanworkstation

*Deregistered* - LmHosts

*Deregistered* - mnmsrvc

*Deregistered* - Netman

*Deregistered* - Nla

*Deregistered* - NMSAccessU

*Deregistered* - nmservice

*Deregistered* - PolicyAgent

*Deregistered* - ProtectedStorage

*Deregistered* - RasMan

*Deregistered* - rpcapd

*Deregistered* - RpcSs

*Deregistered* - SamSs

*Deregistered* - SCardSvr

*Deregistered* - seclogon

*Deregistered* - SENS

*Deregistered* - SharedAccess

*Deregistered* - ShellHWDetection

*Deregistered* - SoundMAX Agent Service (default)

*Deregistered* - Spooler

*Deregistered* - srservice

*Deregistered* - stisvc

*Deregistered* - TapiSrv

*Deregistered* - TermService

*Deregistered* - Themes

*Deregistered* - TrkWks

*Deregistered* - Uniblue DiskRescue

*Deregistered* - WebClient

*Deregistered* - WinDefend

*Deregistered* - winmgmt

*Deregistered* - WMP54Gv4SVC

*Deregistered* - wscsvc

*Deregistered* - wuauserv

*Deregistered* - WZCSVC

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]

msiexec /fums {3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E} /qb

.

Inhoud van de 'Gedeelde Taken' map

2008-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-12-05 c:\windows\Tasks\Norton Security Scan.job

- c:\program files\Norton Security Scan\Nss.exe [2007-09-18 23:42]

2008-12-24 c:\windows\Tasks\RegistrySmart Scheduled Scan.job

- c:\program files\RegistrySmart\RegistrySmart.exe []

2008-12-24 c:\windows\Tasks\RegistrySmart Scheduled Scan.job

- c:\program files\RegistrySmart []

2009-02-23 c:\windows\Tasks\Uniblue DiskRescue 2009.job

- c:\program files\Uniblue\DiskRescue\UBDiskRescue.exe [2008-09-10 16:22]

2007-02-18 c:\windows\Tasks\Uniblue SpyEraser.job

- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.hln.be/

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

Trusted Zone: microsoft.com\download.windowsupdate

Trusted Zone: microsoft.com\support

Trusted Zone: microsoft.com\www.update

DPF: DirectAnimation Java Classes

DPF: Microsoft XML Parser for Java

FF - ProfilePath -

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-24 13:23:56

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-1004336348-583907252-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{557B07D3-7DB1-3FD4-A397-E353685CF813}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"iakiachldgmohicgdc"=hex:6b,61,6e,6e,6e,6e,70,63,69,61,70,6c,67,6e,61,6f,6e,6f,

62,68,66,68,00,00

"haaiodhdphjaomoe"=hex:6b,61,6e,6e,6d,6e,69,6e,61,68,6e,70,64,70,69,65,6e,6d,

6f,62,67,66,00,00

[HKEY_USERS\S-1-5-21-1004336348-583907252-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B96E5DFF-D769-C338-7EE4-EFA8663D62F2}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,9f,6c,aa,c8,f4,

7a,a9,94,c8,28,51,af,b0,29,a3,98,13,30,66,8d,37,c5,87,12,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,9f,65,67,08,bf,

1a,28,ab,71,3b,04,66,8b,46,0d,96,6a,7e,ff,0c,f8,1c,6f,4a,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,07,db,6a,2a,c5,

7c,10,3f,25,da,ec,7e,55,20,c9,26,ab,88,e2,cf,19,41,cf,20,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,06,18,9f,85,43,

97,d3,4c,3e,1e,9e,e0,57,5a,93,61,2f,03,b3,0e,c9,a1,51,44,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,79,97,17,f6,e8,

92,06,6d,cd,44,cd,b9,a6,33,6c,cd,88,b3,8a,7d,02,c1,b7,f2,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,70,06,92,03,05,

a5,73,54,b0,18,ed,a7,3f,8d,37,a4,e2,44,3a,dc,6a,12,4e,fc,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,84,e2,96,ee,db,

c7,3b,db,31,77,e1,ba,b1,f8,68,02,c7,ca,df,bb,ee,01,ae,50,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,9a,30,dc,4d,18,

06,d5,d5,83,6c,56,8b,a0,85,96,ab,d4,24,bf,1f,10,f4,1e,50,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,b2,91,df,47,ba,

16,02,d4,51,fa,6e,91,28,9e,14,cc,b6,57,c0,ad,f5,d2,31,3b,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,f7,63,8b,20,59,

8e,b4,a2,b1,cd,45,5a,a8,c4,f8,b9,85,08,f9,99,21,eb,9f,48,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,60,76,76,6d,5a,

a8,6e,d3,e3,0e,66,d5,eb,bc,2f,6b,cb,c4,4b,9a,c8,6a,1b,13,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,60,7f,0a,df,65,

ed,ae,ce,fa,ea,66,7f,d4,3b,6b,70,10,31,34,90,a9,42,80,7d,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]

@DACL=(02 0012)

@Denied: (Full) (Everyone)

"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,

00,00,79,52,33,1c,d4,b0,80,42,b2,a5,ee,9f,d0,f1,a1,e7,04,00,00,00,04,00,00,\

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(744)

c:\windows\system32\Ati2evxx.dll

.

Voltooingstijd: 2009-02-24 13:25:43

ComboFix-quarantined-files.txt 2009-02-24 12:25:41

ComboFix2.txt 2009-02-23 21:28:59

ComboFix3.txt 2009-02-23 20:51:35

ComboFix4.txt 2009-02-23 17:43:24

ComboFix5.txt 2009-02-24 12:21:19

Pre-Run: 220.624.482.304 bytes beschikbaar

Post-Run: 220,602,757,120 bytes beschikbaar

Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7

561 --- E O F --- 2009-02-19 20:49:11

[Erwtje69]

Fake,

ik heb ontdekt dat wanneer ik beide logjes elk appart op deze site post,dat dat geen problemen geeft.

Wanneer ik ze beiden terzelfdertijd ,dus in één -en dezelfde post, hier post,ik steevast de melding :"de pagina kan niet weergegeven worden" ,krijg ,waarschijnlijk omdat de time -out telkens is verstreken,want het duurt een tijdje alvorens die pagina met die foutmelding op de proppen komt.

Of is er hier een limiet ingesteld qua groote van geposte bestanden??

Alvast bedankt.

Ben al blij dat het mij na drie of vier keer proberen te posten het mij uiteindelijk toch weer gelukt is.

mvg.Erwtje69

[kape]

Dit heeft behoorlijk wat "rommel" op de PC opgeruimd. Hoe staat het nu met de eerst gemelde problemen ?