[OPGELOST] PC / Explorer start zeer traag

[tomba]

Mijn PC is de laatste paar maanden niet meer vooruit te branden. Heb nu ook Explorer 8 geinstalleerd maar dat maakt niets uit. Het opstarten is het echt grote probleem. Nadat ik explorer aanklik kan het wel 20 seconden duren voordat er wat gebeurd. Andere programma's starten ook langzaam. Kan iemand mij helpen?? Hierbij mijn hijackthis printje??

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:28:25, on 15-5-2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\hp\support\hpsysdrv.exe

C:\hp\KBD\kbd.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = mijnAOL | HP

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mijnAOL | HP

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O1 - Hosts: %windir%\system32\drivers\etc\hosts

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updateservice (gupdate1c98e81a64da43a) (gupdate1c98e81a64da43a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--

End of file - 11361 bytes

[kape]

Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

Klik op 'Fix checked' om de items te verwijderen.

Download HostsXpert

Unzip het programma naar je Bureaublad.

Open de map en dubbelklik op Hoster.exe

Klik op "Restore Microsofts Original Hosts File"

Klik op "OK" en sluit het programma.

Download MBAM (Malwarebytes' Anti-Malware).

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)

De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.

Daarna zal het vragen om de computeropnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Download Combofix naar je Bureaublad.

Lees hier meer over correct gebruik van Combofix.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

• Dubbelklik op Combofix.exe om het te starten.
  Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
  Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
  Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
  Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
  Klik na afloop terug op Ja om het scannen op malware te starten.
  Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
  

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Plak de inhoud van het logje in je volgende bericht, samen met het log van MBAM en een nieuw HijackThis log.

[tomba]

Bedankt alvast, het gaat al een stuk beter. De starttijd voor explorer tot ik in mijn opstartpagina ben is nu 12 seconden. Hierbij de logs....

combofix:

ComboFix 09-05-15.04 - tom 16-05-2009 12:01.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.2047.1239 [GMT 2:00]

Gestart vanuit: c:\users\tom\Desktop\ComboFix.exe

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1000\$I7Z5CCG.mp3

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1000\$ICW446Q.mp3

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$I1A9MNK.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$I2BO4S2.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$I2ESP48.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$I2GZ973.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$I3D3TJQ.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$I4D0IJA.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$I4EMD2T.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$I4JGWKQ.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$I5CBKVY.lnk

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$I5CJP81.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$I5Z95G3.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$I73Y7FI.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$I7O6VBY.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$I80RHIX.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$I93LLT7.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$I9AUQQA.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$I9FI8JD.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$I9KT4EL.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$I9T5LDS.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$IAJRLHM.AVI

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$IBRYQX4.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$ICGPJCX.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$ICMLID9.AVI

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$ID84ALT.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$IEJTDU7.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$IFAEPA5.AVI

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$IFPKCIT.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$IGLAZ7U.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$IH0CIGJ.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$IHYN1GL.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$II62189.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$IIN6ZS5.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$IJHFMWE.pptx

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$IJNWQEN.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$IK9STNO.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$IL3VCJB.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$ILQSIWY.lnk

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$ILVEWC4.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$IMBJ24H.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$IMY7V7K.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$IN22EN3.AVI

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$INBWYY9.jnt

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$IPIFTD6.AVI

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$IPK0UL3.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$IPKGZ4V.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$IQG2X5A.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$IQT6C2R.url

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$IQXOC5X.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$IRLJ97C.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$ISMPPCJ.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$ITPF3HU.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$ITTJZC1.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$ITU7Y4Z.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$IU5VWTZ.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$IUDTEYN.docx

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$IVG0PPZ.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$IW5DDDP.AVI

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$IW6L9V8.lnk

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$IX4CU89.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$IXI3L7C.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$IXPRAXO.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$IXZFZT7.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$IY0P0YQ.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$IYGGJ2R.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$IYP7FQT.jpg

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$IZUQ8OK.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$IZUXZNH.lnk

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$R1A9MNK.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$R2BO4S2.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$R2ESP48.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$R2GZ973.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$R3D3TJQ.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$R4D0IJA.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$R4EMD2T.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$R4JGWKQ.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$R5CBKVY.lnk

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$R5CJP81.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$R5Z95G3.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$R73Y7FI.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$R7O6VBY.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$R80RHIX.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$R93LLT7.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$R9AUQQA.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$R9FI8JD.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$R9KT4EL.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$R9T5LDS.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RAJRLHM.AVI

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RBRYQX4.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RCGPJCX.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RCMLID9.AVI

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RD84ALT.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$REJTDU7.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RFAEPA5.AVI

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RFPKCIT.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RGLAZ7U.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RH0CIGJ.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RHYN1GL.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RI62189.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RIN6ZS5.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RJHFMWE.pptx

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RJNWQEN.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RK9STNO.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RL3VCJB.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RLQSIWY.lnk

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RLVEWC4.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RMBJ24H.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RMY7V7K.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RN22EN3.AVI

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RNBWYY9.jnt

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RPIFTD6.AVI

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RPK0UL3.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RPKGZ4V.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RQG2X5A.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RQXOC5X.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RRLJ97C.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RSMPPCJ.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RTPF3HU.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RTTJZC1.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RTU7Y4Z.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RU5VWTZ.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RUDTEYN.docx

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RVG0PPZ.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RW5DDDP.AVI

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RW6L9V8.lnk

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RX4CU89.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RXI3L7C.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RXPRAXO.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RXZFZT7.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RY0P0YQ.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RYGGJ2R.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RYP7FQT.jpg

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RZUQ8OK.JPG

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1001\$RZUXZNH.lnk

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$I1S78QZ.jpg

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$I1ZIO1Q.wma

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$I2KGPTU.lnk

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$I4W25SK.jpg

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$I5NTJHW.avi

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$I7XW5EZ.hlp

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$I7Y6LGW

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$IBD0IUM.mp3

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$IDV0FAS.jpg

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$IFD541Z.exe

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$IGRVBIH.mp3

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$IH5VWBL.jpg

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$IINB9EM.wma

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$IJJTJZE.mp3

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$IJKH96X.wma

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$IJQBYIL.jpg

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$IKON3KM.mp3

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$ILO0PAF.mp3

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$IMFR833.wma

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$IMQTOAZ.jpg

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$IMR4WCK.wma

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$INDP7HP.mp3

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$INP29HT.wma

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$INQ8EG8.jpg

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$IOP4HR9.wma

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$IP0D2UW.MP3

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$IRFD1LS.wma

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$ISGEYS3

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$ITAVUU3.mp3

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$IUH447C.lnk

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$IUMCE0R.wma

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$IUXCCBO.tmp

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$IV3V8UN.wma

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$IV5GIHG.wma

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$IV5Q9A6.zip

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$IV728OE.cnt

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$IVJYWX2.wma

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$IW0RQQY.m4a

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$IXEOFLI.bmp

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$IXHMNN4.wma

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$IXWB6MK.mp3

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$IYDJNZR.wma

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$IZ1Q3RZ.wma

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$IZDHBGL.lnk

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$R1S78QZ.jpg

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$R1ZIO1Q.wma

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$R2KGPTU.lnk

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$R4W25SK.jpg

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$R5NTJHW.avi

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$R7XW5EZ.hlp

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$RBD0IUM.mp3

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$RDV0FAS.jpg

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$RFD541Z.exe

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$RGRVBIH.mp3

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$RH5VWBL.jpg

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$RINB9EM.wma

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$RJJTJZE.mp3

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$RJKH96X.wma

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$RJQBYIL.jpg

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$RKON3KM.mp3

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$RLO0PAF.mp3

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$RMFR833.wma

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$RMQTOAZ.jpg

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$RMR4WCK.wma

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$RNDP7HP.mp3

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$RNQ8EG8.jpg

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$ROP4HR9.wma

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$RP0D2UW.MP3

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$RRFD1LS.wma

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$RTAVUU3.mp3

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$RUH447C.lnk

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$RUMCE0R.wma

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$RV3V8UN.wma

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$RV5GIHG.wma

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$RV5Q9A6.zip

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$RV728OE.cnt

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$RVJYWX2.wma

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$RW0RQQY.m4a

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$RXEOFLI.bmp

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$RXHMNN4.wma

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$RXWB6MK.mp3

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$RYDJNZR.wma

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$RZ1Q3RZ.wma

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1002\$RZDHBGL.lnk

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1003\$I0GRYKY.lnk

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1003\$I0STHG5.lnk

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1003\$I0YNMN0.lnk

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1003\$I1CQSNW

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1003\$I1V0SWC.search-ms

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1003\$I29U0OB.search-ms

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1003\$I2EERHT.search-ms

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1003\$I2T18DH.pptx

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1003\$IA5AYZ9.lnk

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1003\$IBYLYJ3

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1003\$IC1XYS6.lnk

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1003\$IE0ICWW

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1003\$IFZU6V8

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1003\$INIFJZX.contact

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1003\$IOCR6CV.search-ms

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1003\$ION0BG8.search-ms

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1003\$IPKUJH2.search-ms

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1003\$IR7UHQG.txt

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1003\$IRZJMKA

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1003\$ISMH07U

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1003\$IT6IRWE

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1003\$ITS1V9I.contact

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1003\$ITXBXOM.lnk

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1003\$IWHVTLE

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1003\$IZ5X33D.xlsx

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1003\$R0GRYKY.lnk

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1003\$R0STHG5.lnk

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1003\$R0YNMN0.lnk

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1003\$R1V0SWC.search-ms

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1003\$R29U0OB.search-ms

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1003\$R2EERHT.search-ms

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1003\$R2T18DH.pptx

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1003\$RA5AYZ9.lnk

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1003\$RC1XYS6.lnk

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1003\$RNIFJZX.contact

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1003\$ROCR6CV.search-ms

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1003\$RON0BG8.search-ms

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1003\$RPKUJH2.search-ms

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1003\$RTS1V9I.contact

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1003\$RTXBXOM.lnk

c:\$recycle.bin\S-1-5-21-1309670431-4282271401-877372540-1003\$RZ5X33D.xlsx

c:\users\tom\eula.txt

c:\windows\system32\AutoRun.inf

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-04-16 to 2009-05-16 ))))))))))))))))))))))))))))))

.

2009-05-16 09:22 . 2009-05-16 09:22 -------- d-----w c:\users\tom\AppData\Roaming\Malwarebytes

2009-05-16 09:22 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-05-16 09:22 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-05-16 09:22 . 2009-05-16 09:22 -------- d-----w c:\programdata\Malwarebytes

2009-05-16 09:22 . 2009-05-16 09:22 -------- d-----w c:\users\All Users\Malwarebytes

2009-05-16 09:22 . 2009-05-16 09:22 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-05-14 08:47 . 2009-05-15 12:42 -------- d-----w c:\program files\Lavasoft

2009-05-14 08:09 . 2009-05-14 08:09 -------- d-----w c:\programdata\Hitman Pro

2009-05-14 08:09 . 2009-05-14 08:09 -------- d-----w c:\users\All Users\Hitman Pro

2009-05-14 08:09 . 2009-05-14 08:39 -------- d-----w c:\programdata\Hitman Pro 3

2009-05-14 08:09 . 2009-05-14 08:39 -------- d-----w c:\users\All Users\Hitman Pro 3

2009-05-13 16:53 . 2009-05-13 16:53 -------- d-----w c:\users\Anouk\AppData\Roaming\PC Suite

2009-05-13 16:44 . 2009-05-13 16:45 -------- d-sh--w c:\users\tom\Phone Browser

2009-05-13 11:08 . 2009-05-13 12:28 -------- d-----w c:\programdata\PC Suite

2009-05-13 11:08 . 2009-05-13 12:28 -------- d-----w c:\users\All Users\PC Suite

2009-05-13 09:46 . 2009-05-13 12:28 -------- d-----w c:\users\tom\AppData\Roaming\Nokia

2009-05-13 09:45 . 2009-05-13 09:45 -------- d-----w c:\program files\DIFX

2009-05-13 09:42 . 2009-05-13 11:08 -------- d-----w c:\users\tom\AppData\Roaming\PC Suite

2009-05-13 09:42 . 2009-05-13 09:42 -------- d-----w c:\program files\PC Connectivity Solution

2009-05-13 09:39 . 2009-05-13 09:39 -------- d-----w c:\programdata\Installations

2009-05-13 09:39 . 2009-05-13 09:39 -------- d-----w c:\users\All Users\Installations

2009-05-13 07:19 . 2009-05-13 07:19 -------- d-sh--w c:\windows\system32\%APPDATA%

2009-05-08 08:03 . 2009-05-08 08:03 -------- d-----r c:\program files\Skype

2009-05-06 12:47 . 2008-09-29 06:07 64432 ----a-w c:\windows\system32\drivers\mferkdet.sys

2009-05-06 12:47 . 2008-09-29 06:07 42424 ----a-w c:\windows\system32\drivers\mfebopk.sys

2009-05-06 12:47 . 2008-09-29 06:07 74648 ----a-w c:\windows\system32\drivers\mfeapfk.sys

2009-05-06 12:47 . 2008-09-29 06:07 90360 ----a-w c:\windows\system32\drivers\mfeavfk.sys

2009-05-06 12:47 . 2008-09-29 06:07 62704 ----a-w c:\windows\system32\drivers\mfetdik.sys

2009-05-06 12:47 . 2008-09-29 06:07 340592 ----a-w c:\windows\system32\drivers\mfehidk.sys

2009-05-06 12:47 . 2008-09-29 06:07 67904 ----a-w c:\windows\system32\mfevtps.exe

2009-05-06 12:46 . 2009-05-06 12:46 -------- d-----w c:\program files\Common Files\Cisco Systems

2009-05-06 12:46 . 2009-05-06 12:47 -------- d-----w c:\programdata\McAfee

2009-05-06 12:46 . 2009-05-06 12:47 -------- d-----w c:\users\All Users\McAfee

2009-05-06 12:46 . 2009-05-06 12:46 -------- d-----w c:\program files\Common Files\McAfee

2009-05-06 12:46 . 2009-05-06 12:46 -------- d-----w c:\program files\McAfee

2009-05-06 12:17 . 2009-05-06 12:17 -------- d-----w c:\program files\Intel

2009-05-06 07:12 . 2009-05-06 07:12 -------- d-----w c:\users\tom\AppData\Roaming\TeamViewer

2009-05-05 18:43 . 2008-04-07 04:38 22872 ----a-r c:\windows\system32\AdobePDFUI.dll

2009-04-30 19:56 . 2009-04-30 19:57 -------- d-----w c:\users\Nicky\AppData\Local\Microsoft Games

2009-04-24 12:53 . 2009-04-24 12:53 -------- d-----w c:\users\Anouk\AppData\Roaming\Media Player Classic

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-16 09:37 . 2006-12-10 11:24 711660 ----a-w c:\windows\system32\perfh013.dat

2009-05-16 09:37 . 2006-12-10 11:24 147296 ----a-w c:\windows\system32\perfc013.dat

2009-05-15 13:52 . 2007-04-23 15:37 137992 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2009-05-15 13:52 . 2007-04-23 15:36 201816 ----a-w c:\windows\system32\PnkBstrB.exe

2009-05-15 12:49 . 2006-12-10 02:43 -------- d--h--w c:\program files\InstallShield Installation Information

2009-05-13 16:45 . 2009-05-13 16:45 0 ---ha-w c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf

2009-05-13 07:16 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail

2009-05-12 09:49 . 2009-05-12 09:49 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf

2009-05-09 07:16 . 2007-04-15 13:38 105120 ----a-w c:\users\Claire\AppData\Local\GDIPFONTCACHEV1.DAT

2009-05-09 05:47 . 2007-04-15 10:42 105120 ----a-w c:\users\Anouk\AppData\Local\GDIPFONTCACHEV1.DAT

2009-05-08 16:42 . 2007-04-14 15:55 105120 ----a-w c:\users\tom\AppData\Local\GDIPFONTCACHEV1.DAT

2009-05-08 16:29 . 2006-12-10 02:49 -------- d-----w c:\program files\Microsoft Works

2009-05-06 06:03 . 2008-08-14 05:57 73312 ----a-w c:\windows\system32\drivers\adfs.sys

2009-04-30 19:47 . 2007-04-15 15:29 105120 ----a-w c:\users\Nicky\AppData\Local\GDIPFONTCACHEV1.DAT

2009-04-05 15:06 . 2009-04-05 15:06 -------- d-----w c:\program files\Loop Recorder

2009-04-03 15:15 . 2008-03-03 13:59 -------- d-----w c:\program files\Common Files\Adobe

2009-04-03 14:48 . 2009-04-03 14:48 -------- d-----w c:\program files\Adobe Media Player

2009-04-03 14:45 . 2009-04-03 14:45 -------- d-----w c:\program files\Common Files\Adobe AIR

2009-03-28 13:08 . 2007-11-02 23:30 1356 ----a-w c:\users\tom\AppData\Local\d3d9caps.dat

2009-03-26 19:05 . 2007-04-20 20:08 -------- d-----w c:\program files\Java

2009-03-17 03:38 . 2009-04-15 08:51 13824 ----a-w c:\windows\system32\apilogen.dll

2009-03-17 03:38 . 2009-04-15 08:51 24064 ----a-w c:\windows\system32\amxread.dll

2009-03-09 17:48 . 2009-03-09 17:48 717296 ----a-w c:\windows\system32\drivers\sptd.sys

2009-03-09 04:19 . 2008-11-27 16:17 410984 ----a-w c:\windows\system32\deploytk.dll

2009-03-08 11:34 . 2009-05-08 16:21 914944 ----a-w c:\windows\system32\wininet.dll

2009-03-08 11:34 . 2009-05-08 16:21 43008 ----a-w c:\windows\system32\licmgr10.dll

2009-03-08 11:33 . 2009-05-08 16:21 18944 ----a-w c:\windows\system32\corpol.dll

2009-03-08 11:33 . 2009-05-08 16:21 109056 ----a-w c:\windows\system32\iesysprep.dll

2009-03-08 11:33 . 2009-05-08 16:21 109568 ----a-w c:\windows\system32\PDMSetup.exe

2009-03-08 11:33 . 2009-05-08 16:21 132608 ----a-w c:\windows\system32\ieUnatt.exe

2009-03-08 11:33 . 2009-05-08 16:21 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe

2009-03-08 11:33 . 2009-05-08 16:21 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe

2009-03-08 11:33 . 2009-05-08 16:21 103936 ----a-w c:\windows\system32\SetDepNx.exe

2009-03-08 11:33 . 2009-05-08 16:21 420352 ----a-w c:\windows\system32\vbscript.dll

2009-03-08 11:32 . 2009-05-08 16:21 72704 ----a-w c:\windows\system32\admparse.dll

2009-03-08 11:32 . 2009-05-08 16:21 71680 ----a-w c:\windows\system32\iesetup.dll

2009-03-08 11:32 . 2009-05-08 16:21 66560 ----a-w c:\windows\system32\wextract.exe

2009-03-08 11:32 . 2009-05-08 16:21 169472 ----a-w c:\windows\system32\iexpress.exe

2009-03-08 11:31 . 2009-05-08 16:21 34816 ----a-w c:\windows\system32\imgutil.dll

2009-03-08 11:31 . 2009-05-08 16:21 48128 ----a-w c:\windows\system32\mshtmler.dll

2009-03-08 11:31 . 2009-05-08 16:21 45568 ----a-w c:\windows\system32\mshta.exe

2009-03-08 11:22 . 2009-05-08 16:21 156160 ----a-w c:\windows\system32\msls31.dll

2009-03-03 04:46 . 2009-04-15 08:52 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe

2009-03-03 04:46 . 2009-04-15 08:52 3547632 ----a-w c:\windows\system32\ntoskrnl.exe

2009-03-03 04:39 . 2009-04-15 08:51 183296 ----a-w c:\windows\system32\sdohlp.dll

2009-03-03 04:39 . 2009-04-15 08:52 551424 ----a-w c:\windows\system32\rpcss.dll

2009-03-03 04:39 . 2009-04-15 08:51 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll

2009-03-03 04:37 . 2009-04-15 08:51 98304 ----a-w c:\windows\system32\iasrecst.dll

2009-03-03 04:37 . 2009-04-15 08:51 54784 ----a-w c:\windows\system32\iasads.dll

2009-03-03 04:37 . 2009-04-15 08:51 44032 ----a-w c:\windows\system32\iasdatastore.dll

2009-03-03 03:04 . 2009-04-15 08:51 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe

2009-03-03 02:38 . 2009-04-15 08:51 17408 ----a-w c:\windows\system32\iashost.exe

2008-05-29 01:45 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini

2007-04-16 12:06 . 2007-04-16 12:06 22 --sha-w c:\windows\SMINST\HPCD.sys

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 68856]

"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-08 393216]

"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-19 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]

"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-08-27 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-27 8473120]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-27 81920]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-03-11 611712]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]

"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-15 4874240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-24 44136]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{2EDFFAB0-B846-4E7C-A580-BF4C2E88A485}"= UDP:c:\program files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2

"{8612D4FA-AC82-4A08-8782-3C4387C14EC9}"= TCP:c:\program files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2

"{BBEDE9A6-EF6B-4C51-B8A1-036B543D3B5A}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire

"{99AD31E0-8FFD-44AE-9000-BF3039499043}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire

"TCP Query User{7D7D3749-289A-4CAE-8985-C2CC62C32832}c:\\program files\\steam\\steamapps\\nickyleurs\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\nickyleurs\counter-strike source\hl2.exe:hl2

"UDP Query User{4D39C421-438B-497D-9C60-A5618AB14155}c:\\program files\\steam\\steamapps\\nickyleurs\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\nickyleurs\counter-strike source\hl2.exe:hl2

"{76CBD369-EFF1-4311-A365-66C5ADF083D5}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{2AAAA3BC-A69C-406C-B127-4DED68141B32}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"{4C097043-98FD-41A8-BAB7-A0519CA8FD22}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{A711CBDA-3E72-4F45-9AFA-D04D0A9F26DF}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent

"{4520B633-5718-4227-8AC4-9F74B6817A02}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent

"TCP Query User{49996C0E-6448-461B-B969-D49B7ACFCE14}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"UDP Query User{E9EE5342-A051-437D-9E44-EBF2A58B3A19}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"TCP Query User{36A6E4ED-E114-40A5-A82E-07EADE51AB08}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire

"UDP Query User{D01709DA-9FAE-46D0-BD37-57A043CF0E42}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire

"{23919817-D40B-4E89-A6E6-0A5D6C02C36B}"= c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe:hpqpse.exe

"{36748737-67E7-456B-AD02-2292965859C2}"= c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe

"{EDCE7A7C-90AC-499E-8197-FE3C714BC255}"= c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe

"{90E4B354-6FA8-44EF-AF97-428D65547CDA}"= c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe

"TCP Query User{69945F4B-E82D-409E-AEB4-870E56DCCED5}c:\\program files\\snelstart\\v850\\snelstart.exe"= UDP:c:\program files\snelstart\v850\snelstart.exe:SnelStart administratieve software

"UDP Query User{6DDD2C18-CF05-4A32-B4A3-35340CF0E0CE}c:\\program files\\snelstart\\v850\\snelstart.exe"= TCP:c:\program files\snelstart\v850\snelstart.exe:SnelStart administratieve software

"{539483FE-989B-4186-A0C6-7FDCD1994EAA}"= UDP:c:\program files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2

"{673A83C1-3685-4444-BC92-DD3024102788}"= TCP:c:\program files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2

"TCP Query User{544EA8E4-3B95-49EE-A8BB-BFDA3B5F6DB7}c:\\program files\\gamespy\\comrade\\comrade.exe"= UDP:c:\program files\gamespy\comrade\comrade.exe:Comrade

"UDP Query User{A364CCC9-5C88-49ED-A84D-89817C3CE144}c:\\program files\\gamespy\\comrade\\comrade.exe"= TCP:c:\program files\gamespy\comrade\comrade.exe:Comrade

"{CBDA52F9-63DE-4CC0-B825-6231BEB7933C}"= c:\program files\Skype\Phone\Skype.exe:Skype

"TCP Query User{A279BCFF-759D-4183-86E2-6EAB36210002}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{3012CEB1-B18E-4C00-8816-EE0371F74E1D}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"TCP Query User{D3454E96-E8F2-4E84-91FA-02451F894D10}c:\\program files\\activision\\call of duty - world at war beta\\codwawbeta.exe"= UDP:c:\program files\activision\call of duty - world at war beta\codwawbeta.exe:Call of Duty®: World at War Multiplayer

"UDP Query User{EA6747DE-A102-4C1D-867F-C6CE8E9C51EE}c:\\program files\\activision\\call of duty - world at war beta\\codwawbeta.exe"= TCP:c:\program files\activision\call of duty - world at war beta\codwawbeta.exe:Call of Duty®: World at War Multiplayer

"{E4BA0300-F09E-4C4E-9891-6E1B72EE332B}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{CD687DEE-1EEE-4792-B493-01F928DFE439}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{1B8C34D4-200A-4C0C-A653-43ED529C639C}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{CE6436B9-AE97-405A-973A-750BAF3FE5EC}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"TCP Query User{47C22199-9743-4D3B-8F35-553914F0792A}c:\\program files\\snelstart\\v850\\snelstart.exe"= UDP:c:\program files\snelstart\v850\snelstart.exe:SnelStart administratieve software

"UDP Query User{98F27D15-93FA-46F3-97E3-AA165F7BE243}c:\\program files\\snelstart\\v850\\snelstart.exe"= TCP:c:\program files\snelstart\v850\snelstart.exe:SnelStart administratieve software

"{4D4F8D21-781F-48B2-A184-A4A5551DD01C}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2

"{9D25F60D-D3CB-4784-8529-5F4458FDC1F0}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2

"TCP Query User{1E3E7B0A-DC50-4231-9682-016D200104A8}c:\\program files\\microsoft games\\combat flight simulator 3\\cfs3.exe"= UDP:c:\program files\microsoft games\combat flight simulator 3\cfs3.exe:Microsoft® Combat Flight Simulator 3

"UDP Query User{36F57A18-171F-41ED-901C-4F33063929DA}c:\\program files\\microsoft games\\combat flight simulator 3\\cfs3.exe"= TCP:c:\program files\microsoft games\combat flight simulator 3\cfs3.exe:Microsoft® Combat Flight Simulator 3

"{CAFF4B59-75DF-44B1-BBB8-87FA3E4CED53}"= UDP:5353:Adobe CSI CS4

"{46C88B0E-4D88-4754-B9D5-361379A7ED01}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

"{545EE6ED-80EB-41C4-8C74-E542E0B83623}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

"TCP Query User{F9AB8BDE-8F67-4839-95DC-3B3205B94B69}c:\\users\\tom\\temp\\teamviewer\\version4\\teamviewer.exe"= UDP:c:\users\tom\temp\teamviewer\version4\teamviewer.exe:teamviewer.exe

"UDP Query User{1B8E225F-FC53-4C41-ADCC-806E4CD4F488}c:\\users\\tom\\temp\\teamviewer\\version4\\teamviewer.exe"= TCP:c:\users\tom\temp\teamviewer\version4\teamviewer.exe:teamviewer.exe

"{C1F475E0-13D1-4664-A1EA-EA535B7DAE39}"= UDP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service

"{F0276999-89E7-4B20-A4A1-45CF2D8953C9}"= TCP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service

R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [29-9-2008 8:07 19456]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\System32\mfevtps.exe [6-5-2009 14:47 67904]

S2 gupdate1c98e81a64da43a;Google Updateservice (gupdate1c98e81a64da43a);c:\program files\Google\Update\GoogleUpdate.exe [14-2-2009 10:53 133104]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\System32\drivers\mferkdet.sys [6-5-2009 14:47 64432]

S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\System32\drivers\netr73.sys [26-2-2008 9:17 493568]

S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\System32\drivers\s1018bus.sys [30-12-2008 13:25 90408]

S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\System32\drivers\s1018mdfl.sys [30-12-2008 13:25 15016]

S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\System32\drivers\s1018mdm.sys [30-12-2008 13:25 122024]

S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s1018mgmt.sys [30-12-2008 13:25 115368]

S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\System32\drivers\s1018nd5.sys [30-12-2008 13:25 25768]

S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\System32\drivers\s1018obex.sys [30-12-2008 13:25 111784]

S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\System32\drivers\s1018unic.sys [30-12-2008 13:25 117544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Inhoud van de 'Gedeelde Taken' map

2009-05-16 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-15 06:54]

2009-05-06 c:\windows\Tasks\GoogleUpdateTaskMachine.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 08:52]

.

- - - - ORPHANS VERWIJDERD - - - -

HKCU-Run-AdobeBridge - (no file)

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=71&bd=Pavilion&pf=desktop

uInternet Settings,ProxyOverride = *.local

IE: Converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Doel van koppeling converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Doel van koppeling toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Koppelingdoel converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Koppelingdoel converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Selectie converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-05-16 12:08

Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Voltooingstijd: 2009-05-16 12:10

ComboFix-quarantined-files.txt 2009-05-16 10:10

Pre-Run: 164.902.211.584 bytes beschikbaar

Post-Run: 165.551.058.944 bytes beschikbaar

536 --- E O F --- 2009-05-15 07:32

MBAM:

Malwarebytes' Anti-Malware 1.36

Database versie: 2139

Windows 6.0.6001 Service Pack 1

16-5-2009 11:30:56

mbam-log-2009-05-16 (11-30-56).txt

Scan type: Snelle Scan

Objecten gescand: 95785

Verstreken tijd: 6 minute(s), 54 second(s)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata bestanden geïnfecteerd: 0

Mappen geïnfecteerd: 1

Bestanden geïnfecteerd: 5

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:

(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitDownload (Trojan.Lop) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitDownload\BitDownload Downloads.lnk (Trojan.Lop) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitDownload\BitDownload Uninstall.lnk (Trojan.Lop) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitDownload\BitDownload.lnk (Trojan.Lop) -> Quarantined and deleted successfully.

C:\Users\Nicky\Desktop\BitDownload Downloads.lnk (Trojan.Lop) -> Quarantined and deleted successfully.

C:\Users\tom\Desktop\BitDownload Downloads.lnk (Trojan.Lop) -> Quarantined and deleted successfully.

Hijack:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:19:10, on 16-5-2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\hp\support\hpsysdrv.exe

C:\hp\KBD\kbd.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\Explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mijnAOL | HP

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: HP Slim selecteren - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updateservice (gupdate1c98e81a64da43a) (gupdate1c98e81a64da43a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--

End of file - 10538 bytes

[kape]

Logjes zien er goed uit. Er is heel wat rotzooi van de PC gehaald. Volstaat dat ? Dan moeten we nog wat opruimwerken houden.

[tomba]

het is inderdaad een hoop rotzooi allemaal. Het werkt ook een stuk sneller maar nog steeds duurt het 16 seconden eerdat explorer geopend op mijn scherm staat. Dit is een stuk langer dan het een half jaartje geleden was. Zijn er nog zaken die opgeruimd kunnen worden waardoor de prestatie verbetert? thanks

[kape]

Wil je eens kijken waar deze map voor staat ? Of welke programma's of bestanden daarin geparkeerd staan ?

c:\windows\system32\%APPDATA%

[tomba]

kan c:\windows\system32\%APPDATA% niet vinden. Wel de map system32 en die staat bomvol

[kape]

Vreemd ... zit wel in je logje. Misschien de "verborgen mappen en bestanden" vrijgeven, zodat je deze ook te zien krijgt ?

[tomba]

Hoi, via dos kan ik ook niet in dat mapje komen. Er komt dan een map die roaming heet, heb het maar even gekopierd misschien kun je er iets mee?

Microsoft Windows [versie 6.0.6001]

Copyright © 2006 Microsoft Corporation. Alle rechten voorbehouden.

C:\Users\tom>cd\\

'\\'

CMD ondersteunt geen UNC-paden als actieve mappen.

C:\Users\tom>cd//

Het systeem kan het opgegeven pad niet vinden.

C:\Users\tom>cd\

C:\>cd windows

C:\Windows>cd system32

C:\Windows\System32>cd %APPDATA%

C:\Users\tom\AppData\Roaming>dir

De volumenaam van station C is HP

Het volumenummer is FC18-3DE7

Map van C:\Users\tom\AppData\Roaming

16-05-2009 11:22 <DIR> .

16-05-2009 11:22 <DIR> ..

25-04-2009 11:59 <DIR> Adobe

19-04-2007 18:19 <DIR> AdobeUM

02-11-2007 19:33 <DIR> Apple Computer

12-03-2009 15:41 <DIR> Belastingdienst

19-12-2008 18:45 <DIR> CoreFTP

09-03-2009 20:00 <DIR> DAEMON Tools

09-03-2009 20:02 <DIR> DAEMON Tools Lite

09-03-2009 20:00 <DIR> DAEMON Tools Pro

11-06-2007 19:31 <DIR> Download Manager

15-04-2007 00:28 <DIR> Google

14-04-2007 17:51 <DIR> Hewlett-Packard

08-02-2008 20:19 <DIR> HP

14-04-2007 17:55 <DIR> Identities

24-11-2008 16:57 <DIR> IGN_DLM

12-09-2008 12:24 <DIR> InstallShield

04-01-2009 12:15 <DIR> InterVideo

19-07-2008 09:15 <DIR> Lavasoft

06-10-2008 16:14 <DIR> LimeWire

16-04-2007 18:51 <DIR> Macromedia

16-05-2009 11:22 <DIR> Malwarebytes

02-11-2006 14:37 <DIR> Media Center Programs

08-02-2008 20:52 <DIR> Media Player Classic

26-06-2007 11:57 <DIR> Mozilla

13-05-2009 14:28 <DIR> Nokia

09-08-2008 12:39 <DIR> Nvu

13-05-2009 13:08 <DIR> PC Suite

23-11-2008 22:42 22.328 PnkBstrK.sys

03-12-2007 15:22 <DIR> Radmin

08-03-2009 18:51 <DIR> Roxio

26-06-2007 11:59 <DIR> SecondLife

23-01-2009 11:51 <DIR> Skype

23-01-2009 11:50 <DIR> skypePM

30-12-2008 13:51 <DIR> Sony

18-06-2008 10:35 <DIR> Symantec

06-05-2009 09:12 <DIR> TeamViewer

10-05-2007 14:02 <DIR> Template

25-03-2008 20:05 <DIR> U3

01-11-2007 10:58 <DIR> WinBatch

12-03-2008 00:01 3.474 wklnhst.dat

2 bestand(en) 25.802 bytes

39 map(pen) 160.542.871.552 bytes beschikbaar

C:\Users\tom\AppData\Roaming>

[kape]

OK, dat is duidelijk.

Verwijder Combofix: Start -> Uitvoeren en typ: combofix /u

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Download CCleaner.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Opschonen'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.