ComboFix 09-05-26.05 - Li 2009-05-28 0:16.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.3066.1625 [GMT 2:00] Gestart vanuit: F:\ComboFix.exe SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Aanwezig AV is actief . [i] ADS - Windows: deleted 24 bytes in 1 streams. [/i] (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\-1462672020 c:\users\Li\AppData\Roaming\ezpinst.log c:\users\Li\AppData\Roaming\inst.exe c:\windows\system32\404Fix.exe c:\windows\system32\dteaecpr.ini c:\windows\system32\IOXwxFii.ini c:\windows\system32\qgqljahx.ini c:\windows\system32\SSubTmr6.dll c:\windows\system32\tmp.reg c:\windows\system32\tuvgwlrg.ini . ---- Voorgaande Run ------- . c:\program files\Acer\Acer Bio Protection\PwdFilter.dll c:\users\Li\FAVORI~1\Translator.url c:\users\Li\Favorites\Translator.url c:\windows\system32\404Fix.exe c:\windows\system32\dteaecpr.ini c:\windows\system32\dumphive.exe c:\windows\system32\IEDFix.C.exe c:\windows\system32\IEDFix.exe c:\windows\system32\IOXwxFii.ini c:\windows\system32\o4Patch.exe c:\windows\system32\qgqljahx.ini c:\windows\system32\SrchSTS.exe c:\windows\system32\sX3i02 c:\windows\system32\tmp.reg c:\windows\system32\tuvgwlrg.ini c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe . -------\Legacy_FAD (((((((((((((((((((( Bestanden Gemaakt van 2009-04-27 to 2009-05-27 )))))))))))))))))))))))))))))) . 2009-05-27 22:21 . 2009-05-27 22:25 -------- d-----w c:\users\Li\AppData\Local\temp 2009-05-27 22:21 . 2009-05-27 22:21 -------- d-----w c:\users\Administrator\AppData\Local\temp 2009-05-27 20:49 . 2009-05-27 20:49 -------- d-----w c:\users\Li\DoctorWeb 2009-05-27 20:06 . 2009-05-27 20:06 -------- d-----w c:\programdata\Hitman Pro 2009-05-26 20:08 . 2009-05-26 20:08 -------- d-----w c:\programdata\TuneUp Software(977) 2009-05-26 16:53 . 2009-05-27 19:02 -------- d-----w c:\program files\Free Window Registry Repair 2009-05-26 16:40 . 2009-05-27 19:18 -------- d-----w c:\users\Li\AppData\Local\Adobe 2009-05-25 19:11 . 2009-05-25 19:11 -------- d-----w c:\program files\Uniblue 2009-05-25 19:11 . 2009-05-27 19:02 -------- dc-h--w c:\programdata\{A613CA96-150A-4A1D-90CE-67F81379DF8C} 2009-05-25 18:45 . 2009-05-25 18:53 -------- d-----w c:\users\Li\AppData\Roaming\Ahead 2009-05-25 15:41 . 2009-05-25 15:41 -------- d-----w c:\users\Li\AppData\Roaming\iolo 2009-05-25 15:41 . 2009-05-25 15:41 -------- d-----w c:\programdata\iolo . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-27 22:24 . 2008-09-27 16:29 72864 ----a-w c:\programdata\nvModes.dat 2009-05-27 20:15 . 2008-09-29 23:46 -------- d-----w c:\programdata\Hitman Pro 3 2009-05-27 19:02 . 2008-11-01 22:00 -------- d-----w c:\programdata\VistaCodecs 2009-05-27 19:02 . 2009-04-19 21:27 -------- d-----w c:\program files\AGEIA Technologies 2009-05-27 15:49 . 2008-12-19 01:09 -------- d-----w c:\programdata\TuneUp Software(1837) 2009-05-27 15:30 . 2008-12-19 01:09 -------- d-----w c:\programdata\TuneUp Software(1430) 2009-05-26 21:50 . 2008-09-27 16:30 -------- d-----w c:\programdata\NVIDIA 2009-05-26 16:28 . 2008-11-01 22:01 -------- d-----w c:\program files\VistaCodecPack 2009-05-26 16:22 . 2009-04-01 16:21 -------- d-----w c:\program files\MSECACHE 2009-04-22 15:27 . 2009-04-20 02:54 -------- d-----w c:\program files\Common Files\Ahead 2009-04-22 15:23 . 2009-04-20 02:54 -------- d-----w c:\programdata\Nero 2009-04-21 12:09 . 2009-04-21 12:09 -------- d-----w c:\program files\RALINK 2009-04-21 12:09 . 2009-04-21 12:09 -------- d-----w c:\users\Li\AppData\Roaming\InstallShield 2009-04-21 11:26 . 2009-04-21 11:23 -------- d-----w c:\program files\Driver Magician2 2009-04-20 14:40 . 2009-04-01 15:47 -------- d-----w c:\program files\Windows Live 2009-04-20 14:40 . 2009-04-18 12:03 -------- d-----w c:\program files\VideoLAN 2009-04-20 14:40 . 2009-02-19 15:07 -------- d-----w c:\program files\Common Files\Logishrd 2009-04-20 14:40 . 2009-02-01 21:12 -------- d-----w c:\program files\Microsoft 2009-04-20 14:23 . 2008-09-27 15:48 99864 ----a-w c:\users\Li\AppData\Local\GDIPFONTCACHEV1.DAT 2009-04-20 13:14 . 2009-04-20 03:02 -------- d-----w c:\program files\Common Files\LightScribe(2644) 2009-04-20 03:03 . 2009-04-20 02:59 -------- d-----w c:\users\Administrator\AppData\Roaming\Ahead 2009-04-20 02:58 . 2009-04-20 02:58 -------- d-----w c:\programdata\Ahead 2009-04-20 02:54 . 2009-04-20 02:54 -------- d-----w c:\program files\Nero 2009-04-19 22:26 . 2009-04-19 22:14 -------- d-----w c:\program files\NVIDIA Corporation 2009-04-19 19:03 . 2008-09-27 15:48 1356 ----a-w c:\users\Li\AppData\Local\d3d9caps.dat 2009-04-19 02:33 . 2009-04-19 02:33 -------- d-----w c:\users\Administrator\AppData\Roaming\Logitech 2009-04-18 13:45 . 2009-04-18 13:45 -------- d-----w c:\programdata\LogiShrd 2009-04-18 12:03 . 2009-04-18 12:03 -------- d-----w c:\users\Li\AppData\Roaming\vlc(1481) 2009-04-18 12:03 . 2009-04-18 12:03 -------- d-----w c:\program files\VideoLAN(1413) 2009-04-17 13:33 . 2008-01-21 06:47 705296 ----a-w c:\windows\system32\perfh013.dat 2009-04-17 13:33 . 2008-01-21 06:47 144048 ----a-w c:\windows\system32\perfc013.dat 2009-04-14 21:41 . 2009-04-14 19:19 603904 ----a-w c:\windows\system32\TUProgSt.exe 2009-04-14 17:50 . 2009-04-14 17:50 -------- d-----w c:\users\Li\AppData\Roaming\TuneUp Software 2009-04-14 17:48 . 2009-03-02 13:13 -------- d-sh--w c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357} 2009-04-14 17:14 . 2009-04-14 17:13 233293260 ----a-w C:\4-14-2009--7-13-48-pm.reg 2009-04-14 16:09 . 2008-09-28 03:20 -------- d-----w c:\program files\TweakVI 2009-04-14 08:44 . 2008-10-07 18:33 -------- d-----w c:\program files\CCleaner 2009-04-10 10:23 . 2009-04-01 18:46 -------- d-----w c:\program files\MSXML 4.0 2009-04-10 09:25 . 2008-12-31 15:18 -------- d-----w c:\users\Li\AppData\Roaming\Vso 2009-04-10 09:16 . 2009-03-02 16:46 -------- d-----w c:\programdata\Systweak 2009-04-06 21:38 . 2009-04-06 21:29 -------- d-----w c:\program files\Spybot - Search & Destroy 2009-04-06 16:17 . 2009-04-06 16:17 -------- dc-h--w c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-04-06 15:35 . 2009-01-01 18:57 -------- d-----w c:\program files\Smart Recovery 2009-04-05 19:35 . 2009-03-04 17:40 -------- d-----w c:\programdata\Cyberlink 2009-04-05 19:32 . 2009-04-05 19:30 -------- d-----w c:\program files\CyberLink 2009-04-05 19:26 . 2009-03-04 17:36 29480 ----a-w c:\windows\system32\msxml3a.dll 2009-04-05 19:26 . 2007-06-15 08:21 505128 ----a-w c:\windows\system32\msvcp71.dll 2009-04-05 19:26 . 2003-02-21 03:42 353576 ----a-w c:\windows\system32\msvcr71.dll 2009-04-05 17:37 . 2008-09-27 18:28 952 --sha-w c:\programdata\KGyGaAvL.sys 2009-04-05 17:37 . 2008-09-27 18:28 952 --sha-w c:\programdata\KGyGaAvL.sys 2009-04-05 16:46 . 2009-02-25 11:05 -------- d-----w c:\users\Li\AppData\Roaming\dvdcss 2009-04-04 13:05 . 2008-11-01 22:14 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-04-02 17:23 . 2009-04-02 17:23 -------- d-----w c:\users\Administrator\AppData\Roaming\InstallShield 2009-04-02 15:17 . 2008-06-11 01:41 -------- d-----w c:\program files\Intel 2009-04-02 14:51 . 2008-10-19 20:24 -------- d-----w c:\program files\Common Files\Adobe 2009-04-02 13:20 . 2009-02-24 15:49 -------- d-----w c:\program files\Forex setups 2009-04-02 13:13 . 2009-04-02 13:13 3584 ----a-w c:\users\Li\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe 2009-04-02 10:29 . 2009-04-02 10:26 14922096 ----a-w c:\program files\IE8-WindowsVista-x86-NLD.exe 2009-04-01 15:48 . 2009-04-01 15:48 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition 2009-04-01 15:37 . 2009-04-01 15:37 -------- d-----w c:\program files\Common Files\Windows Live 2009-03-29 18:27 . 2008-12-17 18:48 -------- d-----w c:\users\Li\AppData\Roaming\Skype 2009-03-29 18:25 . 2008-12-17 18:50 -------- d-----w c:\users\Li\AppData\Roaming\skypePM 2009-03-26 14:49 . 2008-11-01 22:14 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-26 14:49 . 2008-11-01 22:14 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-03-26 13:28 . 2009-02-18 16:21 10520 ----a-w c:\windows\system32\avgrsstx.dll 2009-03-26 13:28 . 2009-02-18 16:21 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-03-26 13:27 . 2009-02-18 16:21 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-03-17 03:38 . 2009-04-17 21:48 13824 ----a-w c:\windows\system32\apilogen.dll 2009-03-17 03:38 . 2009-04-17 21:48 24064 ----a-w c:\windows\system32\amxread.dll 2009-03-09 04:19 . 2008-11-01 23:44 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-08 11:34 . 2009-04-02 10:30 914944 ----a-w c:\windows\system32\wininet.dll 2009-03-08 11:34 . 2009-04-02 10:30 43008 ----a-w c:\windows\system32\licmgr10.dll 2009-03-08 11:33 . 2009-04-02 10:30 18944 ----a-w c:\windows\system32\corpol.dll 2009-03-08 11:33 . 2009-04-02 10:30 109056 ----a-w c:\windows\system32\iesysprep.dll 2009-03-08 11:33 . 2009-04-02 10:30 109568 ----a-w c:\windows\system32\PDMSetup.exe 2009-03-08 11:33 . 2009-04-02 10:30 132608 ----a-w c:\windows\system32\ieUnatt.exe 2009-03-08 11:33 . 2009-04-02 10:30 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe 2009-03-08 11:33 . 2009-04-02 10:30 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe 2009-03-08 11:33 . 2009-04-02 10:30 103936 ----a-w c:\windows\system32\SetDepNx.exe 2009-03-08 11:33 . 2009-04-02 10:30 420352 ----a-w c:\windows\system32\vbscript.dll 2009-03-08 11:32 . 2009-04-02 10:30 72704 ----a-w c:\windows\system32\admparse.dll 2009-03-08 11:32 . 2009-04-02 10:30 71680 ----a-w c:\windows\system32\iesetup.dll 2009-03-08 11:32 . 2009-04-02 10:30 66560 ----a-w c:\windows\system32\wextract.exe 2009-03-08 11:32 . 2009-04-02 10:30 169472 ----a-w c:\windows\system32\iexpress.exe 2009-03-08 11:31 . 2009-04-02 10:30 34816 ----a-w c:\windows\system32\imgutil.dll 2009-03-08 11:31 . 2009-04-02 10:30 48128 ----a-w c:\windows\system32\mshtmler.dll 2009-03-08 11:31 . 2009-04-02 10:30 45568 ----a-w c:\windows\system32\mshta.exe 2009-03-08 11:22 . 2009-04-02 10:30 156160 ----a-w c:\windows\system32\msls31.dll 2009-03-03 04:46 . 2009-04-17 21:48 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-03-03 04:46 . 2009-04-17 21:48 3547632 ----a-w c:\windows\system32\ntoskrnl.exe 2009-03-03 04:39 . 2009-04-17 21:48 183296 ----a-w c:\windows\system32\sdohlp.dll 2009-03-03 04:39 . 2009-04-17 21:48 551424 ----a-w c:\windows\system32\rpcss.dll 2009-03-03 04:39 . 2009-04-17 21:48 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll 2009-03-03 04:37 . 2009-04-17 21:48 98304 ----a-w c:\windows\system32\iasrecst.dll 2009-03-03 04:37 . 2009-04-17 21:48 54784 ----a-w c:\windows\system32\iasads.dll 2009-03-03 04:37 . 2009-04-17 21:48 44032 ----a-w c:\windows\system32\iasdatastore.dll 2009-03-03 03:04 . 2009-04-17 21:48 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe 2009-03-03 02:38 . 2009-04-17 21:48 17408 ----a-w c:\windows\system32\iashost.exe 2009-03-02 13:13 . 2009-03-02 13:12 17242368 ----a-w c:\program files\Tune Up 2009.exe 2009-02-07 01:38 . 2009-02-07 01:38 458 ----a-w C:\Program Files - Snelkoppeling.lnk . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-03-04 21:38 121392 ----a-w c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-26 1932568] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13605408] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "AlwaysShowClassicMenu"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoSearchCommInStartMenu"= 1 (0x1) "NoSearchInternetInStartMenu"= 1 (0x1) "TaskbarNoNotification"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000] 2008-09-27 16:08 2938880 ----a-w c:\program files\Acer\Acer Bio Protection\WinNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]autocheck lsdelete\[u]0[/u]sasnative32\[u]0[/u]lsdelete [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Users^Li^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk] backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnk.Startup backupExtension=.Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVO Ram Optimizer HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ErrorRepairPro HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pareto_Update [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe "Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized "RegistryMechanic"=c:\program files\Registry Mechanic\RMTray.exe /H [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" "ePower_DMC"=c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe "LManager"=c:\progra~1\LAUNCH~1\QtZgAcer.EXE "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" "ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" show "RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" "PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"="0x00000000" "UacDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2842201330-3919750157-3462357949-1003] "EnableNotificationsRef"=dword:00000009 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2842201330-3919750157-3462357949-500] "EnableNotifications"=dword:00000001 "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{ECA63EDD-E8D4-4167-8E4F-48B48CE14CE3}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe "{249E9942-B2F4-4917-A1F0-9814B6378434}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe "{929676A8-3FDD-4331-84D6-9D773E4F0052}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe "{F5AA114C-6F6A-40E4-B27A-FEBF0F53E26B}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe "{E3441136-4928-46A1-B55E-BCB7A9A8DD6F}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe "{D2F70F93-1165-424F-8087-964825C461B9}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe "{9FDA1C3E-D68D-4531-95EB-AFF901C85434}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{F4402E12-0F08-43BF-AC5F-31B564F7C281}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "TCP Query User{DC1BC2BD-C704-46B4-8EE3-77DA7203BE44}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{0169B84C-BA8D-420F-BE12-25948600BB0E}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{8C3FFB7E-9EA1-445B-A7FB-C2C33609DA6C}"= UDP:c:\program files\utorrent.exe:µTorrent (TCP-In) "{9640D55E-D4C5-4B1F-AB5A-DADDBA17CD61}"= TCP:c:\program files\utorrent.exe:µTorrent (UDP-In) "TCP Query User{7C982C9B-F070-42C6-9F55-CB2A6D0191B7}c:\\program files\\utorrent.exe"= UDP:c:\program files\utorrent.exe:µTorrent "UDP Query User{F9C90904-14E1-4C30-8A88-07EC026DBC61}c:\\program files\\utorrent.exe"= TCP:c:\program files\utorrent.exe:µTorrent "{4FD68E07-32D2-4E2D-8B33-1867144E0791}"= Disabled:UDP:6881:Port 6881_TCP "{6B9A71A9-0A31-4AA7-BC92-EEDDD2430B5A}"= Disabled:TCP:6881:Port 6881_UDP "{3F8A38B5-2150-44EC-BB7C-D01B274307A9}"= Disabled:UDP:6882:Port 6882_TCP "{11C03E43-FA76-4A9C-BB0C-7E9B1B92B908}"= Disabled:TCP:6882:Port 6882_UDP "{DD1540B2-7CDA-4F95-B999-116A201374B8}"= Disabled:UDP:6883:Port 6883_TCP "{731D2157-1D67-4208-ADE4-F01238AF0EA5}"= Disabled:TCP:6883:Port 6883_UDP "{AD87F4F9-6935-4A8F-98DB-D15F8C7AA3F1}"= Disabled:UDP:6884:Port 6884_TCP "{DEA033AE-B6B9-4A14-A381-D09494716DDD}"= Disabled:TCP:6884:Port 6884_UDP "{FFED1F9F-C660-4111-848E-DE273E05273C}"= Disabled:UDP:6885:Port 6885_TCP "{F0230582-C582-4CB1-921F-120AE775349E}"= Disabled:TCP:6885:Port 6885_UDP "{AFFF9CE9-7FBF-45E8-9373-CC2F8C7E7413}"= Disabled:UDP:6886:Port 6886_TCP "{C251F85B-039F-430D-B9C9-C94B507CA059}"= Disabled:TCP:6886:Port 6886_UDP "{2FEE48DF-504E-4FBD-8912-78457ECD7260}"= Disabled:UDP:6887:Port 6887_TCP "{5EA97BE9-4450-4106-9A32-81534DC544FE}"= Disabled:TCP:6887:Port 6887_UDP "{3A7AF5B1-D10E-4520-9B20-8A96B7C03A79}"= Disabled:UDP:6888:Port 6888_TCP "{210718EB-7EA5-4C2E-B95D-ADB7377106BA}"= Disabled:TCP:6888:Port 6888_UDP "{D863E86A-A1C3-43E1-B20A-610DC228D0EB}"= Disabled:UDP:6889:Port 6889_TCP "{3ED148E8-4F33-49B9-B071-FD18EC7571AE}"= Disabled:TCP:6889:Port 6889_UDP "{A6165231-80A3-4205-96BA-A27F8821E56B}"= Disabled:UDP:6870:Port 6870_TCP "{E9610747-9342-4FC5-A43F-A5E8AB457947}"= Disabled:TCP:6870:Port 6870_UDP "{D110B6EC-8ED8-49AD-8D0F-C611815A1341}"= Disabled:UDP:6871:Port 6871_TCP "{4D54A99E-5947-4D5B-98C7-26F492FF5FFE}"= Disabled:TCP:6871:Port 6871_UDP "{96B17C5D-9D27-4E40-8926-67454A63CBA0}"= Disabled:UDP:6872:Port 6872_TCP "{DDA51903-BF4D-40F7-93D6-0FCBDF475DA7}"= Disabled:TCP:6872:Port 6872_UDP "{BF448B51-3B98-47BD-BCFC-B7794B937F68}"= Disabled:UDP:6873:Port 6873_TCP "{641A0DED-847B-461D-8DF3-D71718F3FC15}"= Disabled:TCP:6873:Port 6873_UDP "{D67D6552-E903-4A2E-A7C6-28B38088C727}"= UDP:6874:Port 6874_TCP "{57FE68CB-3E15-4B51-BE5B-FF6FAF0B5BEB}"= TCP:6874:Port 6874_UDP "{5D3E8D94-C6E2-442B-813C-D8044AA4BA7C}"= Disabled:UDP:6875:Port 6875_TCP "{D1658F2C-82B7-4B89-A982-5817AB8EDFD4}"= Disabled:TCP:6875:Port 6875_UDP "{2A8B5E86-CF40-476C-8B34-D408BF4E39FD}"= Disabled:UDP:6876:Port 6876_TCP "{50EE5275-81E4-4BFE-A61C-B9B9ADB9D256}"= Disabled:TCP:6876:Port 6876_UDP "{31D6D3E0-3C04-4F43-BBA0-95964DD3C2C0}"= Disabled:UDP:6877:Port 6877_TCP "{A70089B8-5D0D-44A4-8F45-0B10F75E4BC7}"= Disabled:TCP:6877:Port 6877_UDP "{4AE55606-1192-4478-A084-4D02A26D9F45}"= Disabled:UDP:6878:Port 6878_TCP "{BCDE4393-8A48-41D4-8E82-07A2EF548A4C}"= Disabled:TCP:6878:Port 6878_UDP "{362EF043-789A-41F0-B007-481C150F5366}"= Disabled:UDP:6879:Port 6879_TCP "{57F79410-0F3B-405F-983B-A25F39E9DBD2}"= Disabled:TCP:6879:Port 6879_UDP "{9F65CA37-CB8B-4D5C-9326-FF2A47273879}"= Disabled:UDP:6880:Port 6880_TCP "{031A789D-4069-4A70-BB59-BF99BCDFABAD}"= Disabled:TCP:6880:Port 6880_UDP "{B51369D3-6E74-42A3-9297-C50EAE853D7C}"= Disabled:UDP:6890:Port 6890_TCP "{ACEDE74B-B652-447C-8C48-68591C62EBAA}"= Disabled:TCP:6890:Port 6890_UDP "{E4A7CB43-30EF-485C-AE0C-A96B781A2FA6}"= Disabled:UDP:6891:Port 6891_TCP "{70FA52BC-88C8-4869-A8D5-2BA847A663DF}"= Disabled:TCP:6891:Port 6891_UDP "{98C28FC4-18E5-485C-9646-911E17C1E0FB}"= Disabled:UDP:6892:Port 6892_TCP "{3E3C0BED-0586-48DF-83B6-95061765118C}"= Disabled:TCP:6892:Port 6892_UDP "{D34653AC-AE73-407D-8A8C-04DD2BC2CD79}"= Disabled:UDP:6893:Port 6893_TCP "{F9E708CE-82C3-4A26-9723-A191D6A81E43}"= Disabled:TCP:6893:Port 6893_UDP "{36A75EEF-F543-41E1-8C41-860DA0DDE5EC}"= Disabled:UDP:6894:Port 6894_TCP "{E8DF6791-4A7D-4600-924F-0E93E92CDA24}"= Disabled:TCP:6894:Port 6894_UDP "{1739909A-C73E-4D80-9E92-B0D19BB9799F}"= Disabled:UDP:6895:Port 6895_TCP "{A2E03599-104F-4667-9AA7-5E98D7A19596}"= Disabled:TCP:6895:Port 6895_UDP "{D42A0746-7261-4FCE-B6E2-4162AAA00A2F}"= Disabled:UDP:6896:Port 6896_TCP "{F6C8FCFF-DF2E-4DFB-B036-17F3A97521AB}"= Disabled:TCP:6896:Port 6896_UDP "{AAFE1AF8-27E9-4D3C-859C-7AB847628990}"= Disabled:UDP:6897:Port 6897_TCP "{98427E23-7152-46AE-BA73-A8B4FDFF5BF0}"= Disabled:TCP:6897:Port 6897_UDP "{13972818-D145-4F3A-8347-44F4180C0C16}"= Disabled:UDP:6898:Port 6898_TCP "{62B3BC44-4A4C-47B6-B0F8-528BC4CE874A}"= Disabled:TCP:6898:Port 6898_UDP "{4C256FEA-C4D3-4CB8-85D8-7CCE07FE1D5F}"= Disabled:UDP:6899:Port 6899_TCP "{B87E4388-70A6-4848-B27A-BCC899226D47}"= Disabled:TCP:6899:Port 6899_UDP "{44AD5B54-F860-4EB7-903B-6C878272C17B}"= UDP:c:\program files\VistaCodecPack\filters\ac3config.exe:AC3filter configuration "{DB80335B-01AC-4CC3-85B3-78A3EE50F091}"= TCP:c:\program files\VistaCodecPack\filters\ac3config.exe:AC3filter configuration "{36FB7435-8CD5-4862-88FB-556ACDB74232}"= UDP:c:\program files\NewTech Infosystems\NTI Media Maker 8\Audio Editor\AudioEditor.exe:Audio Editor "{92558D5F-284B-43C1-B964-0B54F290DF15}"= TCP:c:\program files\NewTech Infosystems\NTI Media Maker 8\Audio Editor\AudioEditor.exe:Audio Editor "{31E1CEE8-10E4-482C-BBA8-BDF607C94A12}"= UDP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware "{AC5BD4F1-DAE5-45F5-AB35-05C56C837FB5}"= TCP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware "{30EFA554-81ED-442B-B95E-C810B3330AAC}"= UDP:c:\program files\Avant Browser\avant.exe:Avant Browser "{5C1A3A37-FF53-41A9-99E0-339815825F85}"= TCP:c:\program files\Avant Browser\avant.exe:Avant Browser "{43B33349-7F42-42AA-B466-4C037C5D7BB5}"= UDP:c:\program files\AVG\AVG8\avgui.exe:AVG User Interface "{51D194A2-8DEF-4833-B480-B0C0CA1606B1}"= TCP:c:\program files\AVG\AVG8\avgui.exe:AVG User Interface "{C2ADA21B-ED8A-416F-82F3-F4FBD6CC16E2}"= UDP:c:\program files\Trend Micro\HijackThis\HijackThis.exe:HijackThis "{34771D0F-ACCB-4E3F-8AB0-261440062837}"= TCP:c:\program files\Trend Micro\HijackThis\HijackThis.exe:HijackThis "{6257771B-51D6-457A-A450-8E7E55E9E30B}"= UDP:12345:vaste poort "{84B794CC-7E21-4BED-B369-25F59A21CAB1}"= TCP:12345:vaste poort "{C337FE7F-E9A2-4CDF-8B2C-3F5DB7B631EF}"= UDP:61826:uTorrent "{110719A1-FA06-4859-A9AA-CC430A0BC7CE}"= TCP:61826:uTorrent "{D497FB2F-F765-434D-975D-8DBAAAB87F95}"= Disabled:UDP:c:\program files\Acer\Acer Bio Protection\About.exe:Info "{AF24C6E6-1931-42CE-BD26-4506628C9EF7}"= Disabled:TCP:c:\program files\Acer\Acer Bio Protection\About.exe:Info "{37255599-04F2-478E-BE53-B77D493D5569}"= UDP:c:\program files\Windows Mail\WinMail.exe:Windows Mail "{E9A350EF-3510-4B8D-9101-73EB88ABA352}"= TCP:c:\program files\Windows Mail\WinMail.exe:Windows Mail "{479C3917-8A05-4E27-A6D0-42529C8F7A1C}"= UDP:c:\windows\ehome\ehshell.exe:Windows Media Center "{95D5821F-264D-44C7-A3AD-BEBA1B274CD3}"= TCP:c:\windows\ehome\ehshell.exe:Windows Media Center "TCP Query User{04AC71B9-A385-4C7E-B10E-DF1A409524DA}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger "UDP Query User{F3D3E7F1-0723-4C7D-9731-6BBF58E70E92}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger "{FE243D01-3284-487C-9908-7853073AD63F}"= Disabled:UDP:c:\program files\Windows Defender\MSASCui.exe:Windows Defender "{6ADFE96B-4DB8-461F-A0E2-FCFC260A0C5D}"= Disabled:TCP:c:\program files\Windows Defender\MSASCui.exe:Windows Defender "{FFA08C2B-C1C2-4FFD-9CEA-B92528D900A9}"= Disabled:UDP:c:\windows\System32\msra.exe:Windows Hulp op afstand "{C080C43B-2A18-4EA9-96C6-396BE0CFFF52}"= Disabled:TCP:c:\windows\System32\msra.exe:Windows Hulp op afstand "{7784C845-BA97-4A50-9562-DEEF6837ADBD}"= UDP:c:\program files\Hitman Pro 3\hitmanpro3.exe:Hitman Pro 3 "{25C649F0-C9EB-48FF-9CBD-813F3B3FBF73}"= TCP:c:\program files\Hitman Pro 3\hitmanpro3.exe:Hitman Pro 3 "{904AFA57-D802-424D-8BCE-180A54C5DA04}"= UDP:65530:AAPoort "{906EF22A-AE0B-4E05-9BCE-5F813AD1A142}"= TCP:65530:AAPoort "{B1B88748-3992-45A7-BBB2-94384022BBD0}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{3194D9D1-E345-4334-9299-2E067182E1CB}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{1FA5D697-201D-4722-8F1B-4EE65EA97483}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{CF5226E9-B6C6-4630-8780-EF79651A63FB}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{9D2B7C5D-0A55-4B1C-9EC7-FB2119EACD5E}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In) "{15987E34-C206-4738-ACCD-C63DFB79106D}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In) "{D1E3BC73-5AA8-4FBA-A48C-032AC12DB13B}"= c:\program files\Skype\Phone\Skype.exe:Skype "{88447D20-ADBC-4232-98B9-655D1FE87D53}"= UDP:c:\program files\UTorrent\utorrent.exe:µTorrent (TCP-In) "{A5F1F5E1-E273-4D2E-BC0E-07B7600E01BE}"= TCP:c:\program files\UTorrent\utorrent.exe:µTorrent (UDP-In) "{1A61A495-659A-43CB-9276-F6B5B8F9768A}"= UDP:c:\program files\Movie Maker\DVDMaker.exe:Windows DVD Maker "{8CC3A0EA-DB47-4625-B70C-2AC7469E4B81}"= TCP:c:\program files\Movie Maker\DVDMaker.exe:Windows DVD Maker "{0A965618-2A0E-4994-807A-EFB485C50DA0}"= UDP:6112:UTorrent "{E4B84C3E-564B-4706-A91F-0067485B857E}"= TCP:6112:UTorrent "{D616537B-893F-4FD7-8B7B-4A7D3D9FE271}"= UDP:c:\program files\UTorrent\utorrent.exe:utorrent.exe "{F3867A0D-A3D7-4855-B187-4989DCA07209}"= TCP:c:\program files\UTorrent\utorrent.exe:utorrent.exe "{0B5066DF-3B25-4504-AB00-A6392C4BA63F}"= UDP:55555:µTorrent "{44CBE2FA-73BD-445E-B091-4F6E86FE9CF9}"= TCP:55555:µTorrent "{784BFA91-D37E-44E4-ADD3-96381371A682}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe "{B39840B2-A449-4B0B-A907-469EF9A082BF}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "{88F3B6BF-8225-45A1-80F1-505EA631EE15}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe "TCP Query User{1143D9E4-3752-411E-A911-005F87E1D777}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent "UDP Query User{91697520-C0D6-4D09-B23A-66F05C156387}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent "TCP Query User{8FEC9CA4-C87E-4BAE-8CC6-36035D703C65}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{21DBE0F6-AA85-4821-ACDA-DB80C838C7C8}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{74EFFCDC-D21D-4123-A8A2-4419DA8D7CBE}"= c:\program files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe:CyberLink PowerDVD 9.0 "{05E4AB4D-5AB7-4F15-9740-9D12E176FD0C}"= c:\program files\CyberLink\PowerDVD9\PowerDVD9.EXE:CyberLink PowerDVD 9.0 "{750AB63B-0390-4DE3-958B-2B6C19B4F5F0}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync "{D86257FD-5C79-46D2-8D0F-B4495393ABC1}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "DoNotAllowExceptions"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSfsu.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\encryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\decryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSMgr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStbmngr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSfsu.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\encryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\decryption.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSMgr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr "c:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDStbmngr.exe"= c:\program files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr "c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\System32\drivers\AlfaFF.sys [2008-09-27 43184] R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [2009-02-18 12552] R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [2009-04-06 64160] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2009-02-18 325640] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-02-18 108552] R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/04/05 21:32];c:\program files\CyberLink\PowerDVD9\[u]0[/u]00.fcl [2009-02-28 19:40 87536] R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [2008-04-03 79168] R2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BACS\BPowMon.exe [2008-04-03 70976] R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-06-11 24576] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\System32\drivers\LMIRfsDriver.sys [2008-11-02 47640] R2 regi;regi;c:\windows\System32\drivers\regi.sys [2007-04-17 11032] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-04-14 603904] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2009-02-19 223232] R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [2009-02-19 107360] R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [2009-04-02 3668480] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [2008-12-22 51232] S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-18 298264] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632] S3 netr73;Sitecom RT73 Wireless Driver for Vista;c:\windows\System32\drivers\netr73.sys [2008-10-27 256000] S3 WSVD;WSVD;c:\program files\Acer\Empowering Technology\eRecovery\wsvd.sys [2008-09-27 75776] S4 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384] S4 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2008-09-27 3435008] S4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424] --- Andere Services/Drivers In Geheugen --- *Deregistered* - sptd [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Inhoud van de 'Gedeelde Taken' map 2009-04-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 16:18] 2009-05-27 c:\windows\Tasks\RegCure Program Check.job - c:\program files\RegCure\RegCure.exe [2007-08-02 07:20] 2009-04-18 c:\windows\Tasks\RegCure.job - c:\program files\RegCure\RegCure.exe [2007-08-02 07:20] 2009-05-27 c:\windows\Tasks\User_Feed_Synchronization-{6886AB75-AC08-4D30-B70B-5973DAF56BDC}.job - c:\windows\system32\msfeedssync.exe [2009-04-02 11:31] 2009-05-27 c:\windows\Tasks\User_Feed_Synchronization-{FFF083B9-1C06-4CFF-A2B9-EEE375683BD4}.job - c:\windows\system32\msfeedssync.exe [2009-04-02 11:31] . - - - - ORPHANS VERWIJDERD - - - - SafeBoot-procexp90.Sys . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://nl.intl.acer.yahoo.com uInternet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-28 00:26 Windows 6.0.6001 Service Pack 1 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\[u]0[/u]00.fcl" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-2842201330-3919750157-3462357949-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3A618FA6-1E5E-79D3-A1C2-8DF026E85838}*] "abckfnjflckfjoeidpggjapekjlelijfjd"=hex:61,62,6d,69,63,66,69,62,70,66,6f,6c, 63,62,65,64,61,6e,6e,6d,6d,67,67,6b,6f,67,65,67,6a,6f,67,61,69,65,00,77 "bbckfnjflckfjoeidppfopekpmbjeifkkjjd"=hex:61,62,70,69,67,68,61,67,64,61,67,6a, 6e,65,6b,70,65,6e,6b,68,69,6c,6b,6d,6b,6c,65,6c,6e,66,70,6b,69,68,00,77 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'Explorer.exe'(1288) c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll c:\windows\system32\btncopy.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\System32\nvvsvc.exe c:\windows\System32\audiodg.exe c:\windows\System32\rundll32.exe c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\acer\Mobility Center\MobilityService.exe c:\windows\System32\msiexec.exe c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\windows\System32\UI0Detect.exe c:\windows\System32\vds.exe c:\windows\System32\wbem\WmiApSrv.exe c:\windows\System32\conime.exe c:\windows\System32\wbem\unsecapp.exe c:\windows\System32\wbem\unsecapp.exe . ************************************************************************** . Voltooingstijd: 2009-05-27 0:29 - machine werd herstart ComboFix-quarantined-files.txt 2009-05-27 22:29 Pre-Run: 65,309,949,952 bytes beschikbaar Post-Run: 66,268,577,792 bytes beschikbaar 548 --- E O F --- 2009-04-17 22:59