Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

fout c0000013

Anoniem
None
20 antwoorden
  • Dag, ik kreeg deze fout vanochtend, nadat de computer gisteren al langzaam werd. Via google zie ik een hele hoop mogelijke oplossingen. Ik heb inmiddels via config.sys een aantal zaken verwijderd waardoor de zaak opgelost leek. Nu echter krijg ik zo nu en dan de melding dat een opdracht niet naar een programma kan worden verzonden. Wat kan ik nu het beste doen?
  • Plaats is een HijackThis logje.
  • Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 14:40:07, on 21-1-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32
    etdde.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\clipsrv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\AVG\AVG8\avgui.exe
    C:\Program Files\AVG\AVG8\avgscanx.exe
    C:\Program Files\Windows Live\Mail\wlmail.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Hijack This\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\urqOFuVO.dll
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    wprovau.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: urqOFuVO - C:\WINDOWS\SYSTEM32\urqOFuVO.dll
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe


    End of file - 2564 bytes

  • Zou je de nieuwste hijackthis versie willen downloaden en daarmee een nieuw logje maken?
  • Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:08:42, on 21-1-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32
    etdde.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\clipsrv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\AVG\AVG8\avgui.exe
    C:\Program Files\AVG\AVG8\avgscanx.exe
    C:\Program Files\Windows Live\Mail\wlmail.exe
    C:\Documents and Settings\Beneden\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\urqOFuVO.dll
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    wprovau.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: urqOFuVO - C:\WINDOWS\SYSTEM32\urqOFuVO.dll
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe


    End of file - 2478 bytes

  • probleem lijkt opgelost door het gebruik van combo fix.
  • Zou je het logje van ComboFix willen plaatsen samen met die van HijackThis(ter controle).
    Ik wil je er trouwens wel op attenderen dat gebruik van ComboFix ten zeerste word afgeraden zonder hulp van een expert.
  • ComboFix 09-01-20.05 - Beneden 2009-01-21 16:08:18.11 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.1983.1509 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Beneden\Mijn documenten\Downloads\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
    .
    Heb al vaker met combofix gewerkt, ben niet zo bang uitgevallen
    (((((((((((((((((((( Bestanden Gemaakt van 2008-12-21 to 2009-01-21 ))))))))))))))))))))))))))))))
    .

    2009-01-21 15:08 . 2009-01-21 15:08 <DIR> d——– c:\program files\Trend Micro
    2009-01-20 22:48 . 2009-01-21 13:59 102,912 –a—— C:\love.exe
    2009-01-20 22:44 . 2009-01-20 22:47 102,912 –a—— C:
    tf5.exe
    2009-01-20 22:44 . 2009-01-20 22:32 48,690 –a—— c:\windows\winav.exe
    2009-01-20 21:35 . 2009-01-21 15:42 <DIR> dr-hs—- C:\RESTORE
    2009-01-20 21:35 . 2009-01-20 22:59 39,986 –a—— C:\crz.exe
    2009-01-19 10:49 . 2009-01-19 10:49 <DIR> d——– c:\program files\SopCast
    2009-01-17 12:53 . 2009-01-17 12:53 <DIR> d——– c:\program files\DivX
    2009-01-14 18:31 . 2006-09-14 07:12 429,568 –a—— C:\cohtrn.exe
    2009-01-14 18:19 . 2009-01-14 18:19 428 –a—— c:\windows\zipgenius.xml
    2009-01-14 07:17 . 2009-01-14 07:17 1,374 –a—— c:\windows\imsins.BAK
    2009-01-13 11:10 . 2009-01-14 18:00 664 –a—— c:\windows\system32\d3d9caps.dat
    2009-01-13 11:07 . 2009-01-14 18:05 <DIR> d——– c:\windows\NV13003428.TMP
    2009-01-13 11:07 . 2008-09-17 23:55 201,050 –a—— c:\windows\system32
    vapps.nvb
    2009-01-07 17:36 . 2009-01-07 17:41 <DIR> d——– C:\totalcmd
    2009-01-07 17:36 . 2009-01-07 17:40 729 –a—— c:\windows\wincmd.ini
    2009-01-07 17:36 . 2008-08-08 07:04 545 –a—— c:\windows\UC.PIF
    2009-01-07 17:36 . 2008-08-08 07:04 545 –a—— c:\windows\RAR.PIF
    2009-01-07 17:36 . 2008-08-08 07:04 545 –a—— c:\windows\PKZIP.PIF
    2009-01-07 17:36 . 2008-08-08 07:04 545 –a—— c:\windows\PKUNZIP.PIF
    2009-01-07 17:36 . 2008-08-08 07:04 545 –a—— c:\windows\NOCLOSE.PIF
    2009-01-07 17:36 . 2008-08-08 07:04 545 –a—— c:\windows\LHA.PIF
    2009-01-07 17:36 . 2008-08-08 07:04 545 –a—— c:\windows\ARJ.PIF
    2009-01-07 17:28 . 2009-01-07 17:28 <DIR> d——– c:\documents and settings\Beneden\Application Data\JockerSoft
    2009-01-02 10:44 . 2009-01-02 10:44 <DIR> d——– c:\program files\freshney.org
    2009-01-02 10:44 . 2009-01-02 10:44 <DIR> d——– c:\documents and settings\Beneden\Xinorbis
    2009-01-01 13:24 . 2009-01-01 13:25 <DIR> d——– c:\program files\ZipGenius 6
    2009-01-01 13:24 . 2009-01-04 17:04 <DIR> d——– c:\documents and settings\Beneden\Application Data\ZipGenius
    2008-12-31 09:31 . 2008-12-31 09:31 <DIR> d——– c:\program files\Shareaza
    2008-12-31 09:31 . 2008-12-31 09:31 <DIR> d——– c:\documents and settings\Beneden\Application Data\Shareaza
    2008-12-27 15:44 . 2008-12-27 15:44 <DIR> d——– c:\program files\Seagate
    2008-12-27 14:57 . 2008-12-27 14:57 <DIR> d——– c:\program files\HD Tune
    2008-12-26 17:11 . 2008-12-26 17:11 107,888 –a—— c:\windows\system32\CmdLineExt.dll
    2008-12-25 15:32 . 2008-12-25 15:32 <DIR> d——– c:\program files\EASEUS
    2008-12-21 22:06 . 2008-12-21 22:08 <DIR> d——– c:\program files\RegCleaner
    2008-12-21 15:48 . 2008-12-21 15:48 262,144 –a—— c:\windows\system32\wrap_oal.dll
    2008-12-21 15:48 . 2008-12-21 15:48 86,016 –a—— c:\windows\system32\OpenAL32.dll
    2008-12-21 15:47 . 2007-09-07 14:55 12,744 –a—— c:\windows\system32\drivers\Entech64.sys
    2008-12-21 15:47 . 2007-09-07 14:55 6,173 –a—— c:\windows\system32\drivers\Entech.vxd
    2008-12-21 15:47 . 2001-11-19 20:05 3,972 –a—— c:\windows\system32\drivers\PciBus.sys
    2008-12-21 15:46 . 2008-12-21 15:46 <DIR> d——– c:\program files\Futuremark
    2008-12-21 15:19 . 2008-12-21 15:19 <DIR> d——– c:\windows\system32\Futuremark
    2008-12-21 15:19 . 2008-12-21 15:19 <DIR> d——– c:\program files\Common Files\Futuremark Shared
    2008-12-21 15:19 . 2008-09-17 15:14 27,672 -ra—— c:\windows\system32\drivers\Entech.sys
    2008-12-21 12:26 . 2009-01-21 14:40 <DIR> dr-h—– c:\documents and settings\Beneden\Onlangs geopend

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-21 14:47 ——— d—–w c:\program files\SPAMfighter
    2009-01-21 14:07 ——— d—–w c:\program files\Hijack This
    2008-12-31 13:42 ——— d—–w c:\documents and settings\Beneden\Application Data\LimeWire
    2008-12-27 14:29 ——— d—–w c:\program files\Common Files\Wise Installation Wizard
    2008-12-21 14:46 ——— d–h–w c:\program files\InstallShield Installation Information
    2008-12-19 21:17 ——— d—–w c:\program files\Malwarebytes' Anti-Malware
    2008-12-19 18:35 ——— d—–w c:\documents and settings\Beneden\Application Data\vlc
    2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys
    2008-12-11 00:33 86,016 —-a-w c:\windows\system32\dpl100.dll
    2008-12-11 00:33 200,704 —-a-w c:\windows\system32\dtu100.dll
    2008-12-09 02:28 593,920 —-a-w c:\windows\system32\dpuGUI11.dll
    2008-12-09 02:28 57,344 —-a-w c:\windows\system32\dpv11.dll
    2008-12-09 02:28 344,064 —-a-w c:\windows\system32\dpus11.dll
    2008-12-09 02:28 294,912 —-a-w c:\windows\system32\dpu11.dll
    2008-12-05 16:33 ——— d—–w c:\program files\Microsoft.NET
    2008-12-05 16:21 ——— d—–w c:\program files\microsoft frontpage
    2008-12-05 16:16 ——— d—–w c:\program files\Microsoft Works
    2008-12-03 18:52 38,496 —-a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2008-12-03 18:52 15,504 —-a-w c:\windows\system32\drivers\mbam.sys
    2008-11-27 07:51 225,280 —-a-w c:\windows\system32\BootMan.exe
    2008-11-26 14:58 472,064 —-a-w c:\windows\system32\NTFSFormat.dll
    2008-11-26 14:55 65,536 —-a-w c:\windows\system32\FatCopy.dll
    2008-11-26 14:54 17,920 —-a-w c:\windows\system32\SectorCopy.dll
    2008-11-26 14:54 139,776 —-a-w c:\windows\system32\NTFSCopy.dll
    2008-11-26 14:52 86,016 —-a-w c:\windows\system32\ResizeNTFS.dll
    2008-11-26 14:51 93,184 —-a-w c:\windows\system32\Partition.dll
    2008-11-26 14:51 61,952 —-a-w c:\windows\system32\FatResizeMove.dll
    2008-11-26 14:51 45,568 —-a-w c:\windows\system32\FileSystemCheck.dll
    2008-11-26 14:50 180,736 —-a-w c:\windows\system32\DeviceManager.dll
    2008-11-26 14:49 86,528 —-a-w c:\windows\system32\NTFSLib.dll
    2008-11-26 14:49 31,744 —-a-w c:\windows\system32\FatLib.dll
    2008-11-26 14:49 22,016 —-a-w c:\windows\system32\FatFormat.dll
    2008-11-26 14:48 68,096 —-a-w c:\windows\system32\Device.dll
    2008-11-26 14:48 6,656 —-a-w c:\windows\system32\CallbackOperator.dll
    2008-11-26 14:48 24,576 —-a-w c:\windows\system32\NTFSFileSystemAnalyser.dll
    2008-11-26 14:48 21,504 —-a-w c:\windows\system32\Fixup.dll
    2008-11-26 14:48 14,848 —-a-w c:\windows\system32\FileSystemAnalyser.dll
    2008-11-26 14:48 10,752 —-a-w c:\windows\system32\DeviceAdapter.dll
    2008-11-26 14:47 25,088 —-a-w c:\windows\system32\FATFileSystemAnalyser.dll
    2008-11-25 16:18 86,408 —-a-w c:\windows\system32\setupempdrv03.exe
    2008-11-25 16:18 8,704 —-a-w c:\windows\system32\epmntdrv.sys
    2008-11-25 16:18 3,072 —-a-w c:\windows\system32\EuGdiDrv.sys
    2008-11-25 16:18 14,848 —-a-w c:\windows\system32\EuEpmGdi.dll
    2008-11-23 09:19 ——— d—–w c:\documents and settings\Beneden\Application Data\Leadertech
    2008-11-23 09:01 ——— d—–w c:\program files\Common Files\Adobe
    2008-11-06 16:37 524,288 —-a-w c:\windows\system32\DivXsm.exe
    2008-11-06 16:37 3,596,288 —-a-w c:\windows\system32\qt-dx331.dll
    2008-11-06 16:35 200,704 —-a-w c:\windows\system32\ssldivx.dll
    2008-11-06 16:35 1,044,480 —-a-w c:\windows\system32\libdivx.dll
    2008-11-06 16:33 823,296 —-a-w c:\windows\system32\divx_xx0c.dll
    2008-11-06 16:33 823,296 —-a-w c:\windows\system32\divx_xx07.dll
    2008-11-06 16:33 815,104 —-a-w c:\windows\system32\divx_xx0a.dll
    2008-11-06 16:33 802,816 —-a-w c:\windows\system32\divx_xx11.dll
    2008-11-06 16:33 684,032 —-a-w c:\windows\system32\DivX.dll
    2008-11-06 16:33 12,288 —-a-w c:\windows\system32\DivXWMPExtType.dll
    2008-11-02 14:07 15,628 —-a-w c:\program files\Furnish Lite uninstal.log
    2008-10-23 12:43 286,720 —-a-w c:\windows\system32\gdi32.dll
    2008-06-18 15:04 56,912 —-a-w c:\documents and settings\Beneden\g2mdlhlpx.exe
    2008-05-15 20:09 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008051520080516\index.dat
    2008-05-15 20:09 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    .

    ——- Sigcheck ——-

    2006-03-02 13:00 14336 ab8c6d89a897bacba4657fdf00e344a6 c:\windows\$NtServicePackUninstall$\svchost.exe
    2008-04-14 18:03 14336 e410ec73e2be2a41d923b006f51c8427 c:\windows\ServicePackFiles\i386\svchost.exe
    2008-04-14 18:03 14336 e410ec73e2be2a41d923b006f51c8427 c:\windows\system32\svchost.exe

    2005-03-02 19:21 578560 0b62745ce93e8c6f56547f70269dbabc c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
    2007-03-08 16:51 579584 fa35431e333943f4b2a6d33fa4ee3ce9 c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
    2007-03-08 16:39 579072 cb18f701a5d55a6308fab8d18322c060 c:\windows\$NtServicePackUninstall$\user32.dll
    2006-03-02 13:00 578560 8e5d344fd717d35ee7ed1c8e0ad0cbe6 c:\windows\$NtUninstallKB890859$\user32.dll
    2005-03-02 19:19 578560 a9f2ebfc6ef9c1fb38cedcf747162b6c c:\windows\$NtUninstallKB925902$\user32.dll
    2008-04-14 18:02 580096 4cf588d2f2363b73eb4af57967d46dff c:\windows\ServicePackFiles\i386\user32.dll
    2008-04-14 18:02 580096 4cf588d2f2363b73eb4af57967d46dff c:\windows\system32\user32.dll

    2006-03-02 13:00 82944 06ebcbe58321e924980148b7e3dbd753 c:\windows\$NtServicePackUninstall$\ws2_32.dll
    2008-04-14 18:02 82432 520391367546218929749612abfe840c c:\windows\ServicePackFiles\i386\ws2_32.dll
    2008-04-14 18:02 82432 520391367546218929749612abfe840c c:\windows\system32\ws2_32.dll

    2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
    2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
    2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtServicePackUninstall$\tcpip.sys
    2006-03-02 13:00 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB917953$\tcpip.sys
    2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys
    2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\$NtUninstallKB951748$\tcpip.sys
    2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\tcpip.sys
    2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\dllcache\tcpip.sys
    2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\drivers\tcpip.sys

    2006-03-02 13:00 504832 732ed791711df9c9dd15e5515bc681b8 c:\windows\$NtServicePackUninstall$\winlogon.exe
    2008-04-14 18:03 510464 1247d4d5444e28519bbe31be8ab4c029 c:\windows\ServicePackFiles\i386\winlogon.exe
    2008-04-14 18:03 510464 1247d4d5444e28519bbe31be8ab4c029 c:\windows\system32\winlogon.exe

    2006-03-02 13:00 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\$NtServicePackUninstall$
    dis.sys
    2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386
    dis.sys
    2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers
    dis.sys

    2006-03-02 13:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
    2008-04-13 19:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\ServicePackFiles\i386\ip6fw.sys
    2008-04-13 19:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\system32\drivers\ip6fw.sys

    2005-03-02 19:14 2061312 c26d84b802567e629d42861a11c7ec04 c:\windows\$hf_mig$\KB890859\SP2QFE
    tkrnlpa.exe
    2007-02-28 17:09 2063744 f51b8d8b0703518349096604e788b83e c:\windows\$hf_mig$\KB931784\SP2QFE
    tkrnlpa.exe
    2008-08-14 18:28 2070400 de961b54d30c7dd6aa6c3bd27d584e30 c:\windows\$hf_mig$\KB956841\SP3QFE
    tkrnlpa.exe
    2007-02-28 17:05 2061952 57b09ad681c1d8db77ccc3e92d8f5d14 c:\windows\$NtServicePackUninstall$
    tkrnlpa.exe
    2006-03-02 13:00 2061184 e0399688d466b7c3afdffb5a2ed9f351 c:\windows\$NtUninstallKB890859$
    tkrnlpa.exe
    2005-03-02 19:09 2061184 c6cf1974acdb8329daf9d001c0937cb0 c:\windows\$NtUninstallKB931784$
    tkrnlpa.exe
    2008-04-14 17:41 2070272 6129da5c68c13dca12e77580730fd770 c:\windows\$NtUninstallKB956841$
    tkrnlpa.exe
    2008-08-14 14:27 2070400 c92e65cbb38161373319bb11340de919 c:\windows\Driver Cache\i386
    tkrnlpa.exe
    2008-04-14 17:41 2070272 6129da5c68c13dca12e77580730fd770 c:\windows\ServicePackFiles\i386
    tkrnlpa.exe
    2008-08-14 14:27 2070400 c92e65cbb38161373319bb11340de919 c:\windows\system32
    tkrnlpa.exe
    2008-08-14 14:27 2070400 c92e65cbb38161373319bb11340de919 c:\windows\system32\dllcache
    tkrnlpa.exe

    2005-03-02 19:15 2183936 5db3e8dec987b5d350e4a105dceaee6a c:\windows\$hf_mig$\KB890859\SP2QFE
    toskrnl.exe
    2007-02-28 17:09 2186496 59dca97dc201792c1ccf9fe621ee5ed7 c:\windows\$hf_mig$\KB931784\SP2QFE
    toskrnl.exe
    2008-08-14 18:28 2193536 e332b6de826d4222a758e3264ad8d520 c:\windows\$hf_mig$\KB956841\SP3QFE
    toskrnl.exe
    2007-02-28 17:05 2184704 caaa8fd3c034a227691a43b60873f097 c:\windows\$NtServicePackUninstall$
    toskrnl.exe
    2006-03-02 13:00 2185344 87aaea3908e069fb1be37380c895dfb8 c:\windows\$NtUninstallKB890859$
    toskrnl.exe
    2005-03-02 19:09 2183680 281a1e82f5f8fc0b2f4b57ef296a4240 c:\windows\$NtUninstallKB931784$
    toskrnl.exe
    2008-04-14 17:42 2193408 140a1bad8a6642c1386bb5b388eb447f c:\windows\$NtUninstallKB956841$
    toskrnl.exe
    2008-08-14 14:27 2193536 3e5e63d926c5e9f81045f3646815d2a1 c:\windows\Driver Cache\i386
    toskrnl.exe
    2008-04-14 17:42 2193408 140a1bad8a6642c1386bb5b388eb447f c:\windows\ServicePackFiles\i386
    toskrnl.exe
    2008-08-14 14:27 2193536 3e5e63d926c5e9f81045f3646815d2a1 c:\windows\system32
    toskrnl.exe
    2008-08-14 14:27 2193536 3e5e63d926c5e9f81045f3646815d2a1 c:\windows\system32\dllcache
    toskrnl.exe

    2008-04-14 18:02 1037312 aa04f042a820bf1868e643575887e1a6 c:\windows\explorer.exe
    2007-06-13 14:12 1036800 1d6245afbd3faabc16a885116be1874d c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
    2007-06-13 14:24 1036800 147e95a42a58ce99e403f7f57656bbeb c:\windows\$NtServicePackUninstall$\explorer.exe
    2006-03-02 13:00 1035776 a1d7304a87fc3093150f5e3cc7b0f338 c:\windows\$NtUninstallKB938828$\explorer.exe
    2008-04-14 18:02 1037312 aa04f042a820bf1868e643575887e1a6 c:\windows\ServicePackFiles\i386\explorer.exe

    2006-03-02 13:00 108544 39991cd3c17b7529d039151a88e84499 c:\windows\$NtServicePackUninstall$\services.exe
    2008-04-14 18:03 109056 b77bc5cd88eb96d4352af5202ec4aec2 c:\windows\ServicePackFiles\i386\services.exe
    2008-04-14 18:03 109056 b77bc5cd88eb96d4352af5202ec4aec2 c:\windows\system32\services.exe

    2006-03-02 13:00 13312 34a82debefb057fcccbe15f619fc98a7 c:\windows\$NtServicePackUninstall$\lsass.exe
    2008-04-14 18:03 13312 8754210a3399d19610ce2d71e0c3e5d9 c:\windows\ServicePackFiles\i386\lsass.exe
    2008-04-14 18:03 13312 8754210a3399d19610ce2d71e0c3e5d9 c:\windows\system32\lsass.exe

    2006-03-02 13:00 15360 7de46c9c40abb58c8fdfe0212a3bf2b4 c:\windows\$NtServicePackUninstall$\ctfmon.exe
    2008-04-14 18:02 15360 e98a8c802cdb31fcf4121d9dfbea3677 c:\windows\ServicePackFiles\i386\ctfmon.exe
    2008-04-14 18:02 15360 e98a8c802cdb31fcf4121d9dfbea3677 c:\windows\system32\ctfmon.exe

    2005-06-11 01:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
    2005-06-11 00:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f c:\windows\$NtServicePackUninstall$\spoolsv.exe
    2006-03-02 13:00 57856 cccb8b94b17466efb9dc27f42625b0e5 c:\windows\$NtUninstallKB896423$\spoolsv.exe
    2008-04-14 18:03 57856 db454135de1a09fe7feda7b554b5cca2 c:\windows\ServicePackFiles\i386\spoolsv.exe
    2008-04-14 18:03 57856 db454135de1a09fe7feda7b554b5cca2 c:\windows\system32\spoolsv.exe

    2006-03-02 13:00 24576 de7a0ee4a6a28e6dfe3118eb22468da6 c:\windows\$NtServicePackUninstall$\userinit.exe
    2008-04-14 18:03 26112 6818a533ed3b2fa9936df3daf45352df c:\windows\ServicePackFiles\i386\userinit.exe
    2008-04-14 18:03 26112 6818a533ed3b2fa9936df3daf45352df c:\windows\system32\userinit.exe

    2006-03-02 13:00 297472 e2ce999886a4636026f157deb886aa94 c:\windows\$NtServicePackUninstall$\termsrv.dll
    2008-04-14 18:02 297472 e0aef86a594c9990d6321c5ca239c5b7 c:\windows\ServicePackFiles\i386\termsrv.dll
    2008-04-14 18:02 297472 e0aef86a594c9990d6321c5ca239c5b7 c:\windows\system32\termsrv.dll

    2006-07-05 11:58 1026048 8672ce1e9baf84ec0665d73db8849edb c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
    2007-04-16 17:11 1027072 68757f5935d6d76dd10975b7b7a9751d c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
    2007-04-16 16:54 1025536 6557ea471552bb9af16b66902d572bd5 c:\windows\$NtServicePackUninstall$\kernel32.dll
    2006-03-02 13:00 1024512 54379bd67780fdbbe1590eec142a659c c:\windows\$NtUninstallKB917422$\kernel32.dll
    2006-07-05 11:56 1025024 f2352fb7d9e5c70374568724a32b5cb7 c:\windows\$NtUninstallKB935839$\kernel32.dll
    2008-04-14 18:02 1030656 09bcb7171f8172c2ba0189fe1f9c25cb c:\windows\ServicePackFiles\i386\kernel32.dll
    2008-04-14 18:02 1030656 09bcb7171f8172c2ba0189fe1f9c25cb c:\windows\system32\kernel32.dll

    2006-03-02 13:00 17408 d5a792db732622a393a0469fe6eaa728 c:\windows\$NtServicePackUninstall$\powrprof.dll
    2008-04-14 18:02 17408 32167ce0150dc2a269d99689a143fb67 c:\windows\ServicePackFiles\i386\powrprof.dll
    2008-04-14 18:02 17408 32167ce0150dc2a269d99689a143fb67 c:\windows\system32\powrprof.dll
    .
    ((((((((((((((((((((((((((((( snapshot_2009-01-21_15.52.19.64 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-01-21 13:18:57 64,488 —-a-w c:\windows\system32\perfc009.dat
    + 2009-01-21 14:51:34 64,488 —-a-w c:\windows\system32\perfc009.dat
    - 2009-01-21 13:18:57 84,432 —-a-w c:\windows\system32\perfc013.dat
    + 2009-01-21 14:51:34 84,432 —-a-w c:\windows\system32\perfc013.dat
    - 2009-01-21 13:18:57 409,540 —-a-w c:\windows\system32\perfh009.dat
    + 2009-01-21 14:51:34 409,540 —-a-w c:\windows\system32\perfh009.dat
    - 2009-01-21 13:18:57 475,216 —-a-w c:\windows\system32\perfh013.dat
    + 2009-01-21 14:51:34 475,216 —-a-w c:\windows\system32\perfh013.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.I420"= vdrcodec.dll
    "VIDC.MJPG"= Pvmjpg21.dll
    "VIDC.PIM1"= pclepim1.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Desktop Search.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^Beneden^Menu Start^Programma's^Opstarten^Mediacontrole Picture Motion Browser.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^Beneden^Menu Start^Programma's^Opstarten^OpenOffice.org 2.4 .lnk]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    –a—— 2007-03-22 15:09 63712 c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    –a—— 2008-04-14 18:02 15360 c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    –a—-t- 2008-09-04 21:33 133104 c:\documents and settings\Beneden\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
    –a—— 2008-12-03 19:52 1265296 c:\program files\Malwarebytes' Anti-Malware\mbam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    –a—— 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    –a—— 2006-01-12 14:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPAMfighter Agent]
    –a—— 2008-04-29 13:49 321160 c:\program files\SPAMfighter\SFAgent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    –a—— 2008-09-28 08:37 144792 c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    –a—— 2007-10-19 08:46 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\win system]
    –a—— 2009-01-20 22:32 48690 c:\windows\winav.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update]
    -r-hs—- 2009-01-20 23:00 99890 c:\program files\Common Files\System\sysdrv32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "usnjsvc"=3 (0x3)
    "ose"=3 (0x3)
    "NVSvc"=2 (0x2)
    "MDM"=2 (0x2)
    "AdobeActiveFileMonitor5.0"=2 (0x2)
    "ERSvc"=2 (0x2)
    "CryptSvc"=3 (0x3)
    "WSearch"=2 (0x2)
    "gusvc"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Azureus\\Azureus.exe"=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Shareaza\\Shareaza.exe"=
    "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
    "c:\\Program Files\\SopCast\\SopCast.exe"=
    "c:\\Program Files\\Common Files\\System\\sysdrv32.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6667:TCP"= 6667:TCP:sha
    "6346:TCP"= 6346:TCP:sh

    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-05-24 97928]
    R3 PhTVTune;VideoMate TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [2007-05-17 18560]
    R4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-04 875288]
    R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 231704]
    R4 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-05-24 76040]
    R4 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2008-04-29 184968]
    S3 cpuz130;cpuz130;\??\c:\docume~1\Beneden\LOCALS~1\Temp\cpuz130\cpuz_x32.sys –> c:\docume~1\Beneden\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2008-12-25 8704]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2008-12-25 3072]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
    \Shell\AutoRun\command - J:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a968aa38-25e0-11dd-8bad-0019661a4f22}]
    \Shell\AutoRun\command - J:\LaunchU3.exe -a
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-01-16 c:\windows\Tasks\1-Click Maintenance.job
    - c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-26 21:51]

    2009-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1123561945-839522115-1006.job
    - c:\documents and settings\Beneden\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 21:33]

    2007-12-09 c:\windows\Tasks\RegCure Program Check.job
    - c:\program files\RegCure\RegCure.exe [2007-12-02 12:37]

    2007-12-09 c:\windows\Tasks\RegCure.job
    - c:\program files\RegCure\RegCure.exe [2007-12-02 12:37]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.startpagina.nl/
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-21 16:09:49
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,ca,87,42,88,ff,
    bb,56,1c,c8,28,51,af,b0,29,a3,98,9c,82,1b,35,17,a8,fb,02,e2,63,26,f1,3f,c8,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,7a,0a,59,88,8b,
    51,6a,98,71,3b,04,66,8b,46,0d,96,a2,40,26,d2,bb,08,a1,3f,6a,9c,d6,61,af,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,0f,ef,1f,5a,19,
    ff,53,6c,25,da,ec,7e,55,20,c9,26,e0,8d,0f,13,db,8a,bc,55,ff,7c,85,e0,43,d4,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,9e,e4,ee,e5,f1,
    ac,2c,f6,3e,1e,9e,e0,57,5a,93,61,a9,cd,4c,ef,0e,f6,a0,bf,86,8c,21,01,be,91,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,22,65,1e,17,6a,
    c3,8d,39,cd,44,cd,b9,a6,33,6c,cd,e9,b9,45,ab,68,66,8d,2d,f5,1d,4d,73,a8,13,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,83,ff,99,58,22,
    ed,71,68,b0,18,ed,a7,3f,8d,37,a4,77,2e,00,17,0f,b8,0f,77,df,20,58,62,78,6b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,55,ff,da,52,cd,
    70,51,69,31,77,e1,ba,b1,f8,68,02,70,be,b5,49,f8,ad,2b,61,fb,a7,78,e6,12,2f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,e9,8a,27,8f,51,
    97,55,9d,83,6c,56,8b,a0,85,96,ab,72,72,db,5d,d6,e4,dc,fa,01,3a,48,fc,e8,04,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,29,e7,60,a1,e9,
    5e,4e,16,51,fa,6e,91,28,9e,14,cc,27,8c,47,14,35,30,71,a1,f6,0f,4e,58,98,5b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,6c,4b,8c,2b,a6,
    d0,5a,e1,b1,cd,45,5a,a8,c4,f8,b9,23,8c,12,f4,59,39,88,1d,3d,ce,ea,26,2d,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,31,20,58,60,14,
    d6,00,e1,e3,0e,66,d5,eb,bc,2f,6b,77,d7,c8,74,9d,dd,f2,73,2a,b7,cc,b5,b9,7f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,a0,9d,ce,9a,ac,
    c1,e0,ec,fa,ea,66,7f,d4,3b,6b,70,10,73,e6,09,13,42,a9,b6,6c,43,2d,1e,aa,22,\

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{12510DD1-84D0-4CA4-95D1-595B3831CC8F}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="16"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{12510DD1-84D0-4CA4-95D1-595B3831CC8F}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{12510DD1-84D0-4CA4-95D1-595B3831CC8F}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{94478404-6236-40C4-8850-DF09CE6D95BC}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{12510DD1-84D0-4CA4-95D1-595B3831CC8F}\TypeLib]
    @DACL=(02 0000)
    @="{A591F293-0DB9-4241-B82A-FD754A9370C4}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{38183A1A-D279-4DB5-8C80-2535070CED16}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="15"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{38183A1A-D279-4DB5-8C80-2535070CED16}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{38183A1A-D279-4DB5-8C80-2535070CED16}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{94478404-6236-40C4-8850-DF09CE6D95BC}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{38183A1A-D279-4DB5-8C80-2535070CED16}\TypeLib]
    @DACL=(02 0000)
    @="{A591F293-0DB9-4241-B82A-FD754A9370C4}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{3B089AF4-2197-4391-B1A6-C6A1E1B05BE1}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{3B089AF4-2197-4391-B1A6-C6A1E1B05BE1}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{3B089AF4-2197-4391-B1A6-C6A1E1B05BE1}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{B2C86B23-DE6A-4B0E-A4C2-0EF039A0392A}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{3B089AF4-2197-4391-B1A6-C6A1E1B05BE1}\TypeLib]
    @DACL=(02 0000)
    @="{6C13A1F5-8891-4C29-9A24-3BCA07419128}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{60010E23-CA47-42C0-8D2C-BCDE35310A3D}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="9"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{60010E23-CA47-42C0-8D2C-BCDE35310A3D}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{60010E23-CA47-42C0-8D2C-BCDE35310A3D}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{B5BAD031-12CB-465E-82D6-11B5C536BCD9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{60010E23-CA47-42C0-8D2C-BCDE35310A3D}\TypeLib]
    @DACL=(02 0000)
    @="{D6F870AF-7292-4670-96D3-EAA62A31FB08}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{678EB2A8-C6EB-44E4-A069-029008E82E33}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="15"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{678EB2A8-C6EB-44E4-A069-029008E82E33}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{678EB2A8-C6EB-44E4-A069-029008E82E33}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{94478404-6236-40C4-8850-DF09CE6D95BC}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{678EB2A8-C6EB-44E4-A069-029008E82E33}\TypeLib]
    @DACL=(02 0000)
    @="{A591F293-0DB9-4241-B82A-FD754A9370C4}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{69434B5E-9D4B-4F40-8CBF-5400AA81D43A}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="8"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{69434B5E-9D4B-4F40-8CBF-5400AA81D43A}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{69434B5E-9D4B-4F40-8CBF-5400AA81D43A}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{94478404-6236-40C4-8850-DF09CE6D95BC}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{69434B5E-9D4B-4F40-8CBF-5400AA81D43A}\TypeLib]
    @DACL=(02 0000)
    @="{A591F293-0DB9-4241-B82A-FD754A9370C4}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{8F48F51E-402B-48E3-9FFC-6B4433540A3C}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="11"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{8F48F51E-402B-48E3-9FFC-6B4433540A3C}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{8F48F51E-402B-48E3-9FFC-6B4433540A3C}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{94478404-6236-40C4-8850-DF09CE6D95BC}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{8F48F51E-402B-48E3-9FFC-6B4433540A3C}\TypeLib]
    @DACL=(02 0000)
    @="{A591F293-0DB9-4241-B82A-FD754A9370C4}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{90FD3C81-2B44-43DD-B93C-80CC798F10EB}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="15"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{90FD3C81-2B44-43DD-B93C-80CC798F10EB}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{90FD3C81-2B44-43DD-B93C-80CC798F10EB}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{94478404-6236-40C4-8850-DF09CE6D95BC}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{90FD3C81-2B44-43DD-B93C-80CC798F10EB}\TypeLib]
    @DACL=(02 0000)
    @="{A591F293-0DB9-4241-B82A-FD754A9370C4}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{94478404-6236-40C4-8850-DF09CE6D95BC}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="13"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{94478404-6236-40C4-8850-DF09CE6D95BC}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{94478404-6236-40C4-8850-DF09CE6D95BC}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{94478404-6236-40C4-8850-DF09CE6D95BC}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{94478404-6236-40C4-8850-DF09CE6D95BC}\TypeLib]
    @DACL=(02 0000)
    @="{A591F293-0DB9-4241-B82A-FD754A9370C4}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{963EED81-E2D3-456E-9ECE-B56B38CBE175}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="20"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{963EED81-E2D3-456E-9ECE-B56B38CBE175}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{963EED81-E2D3-456E-9ECE-B56B38CBE175}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{94478404-6236-40C4-8850-DF09CE6D95BC}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{963EED81-E2D3-456E-9ECE-B56B38CBE175}\TypeLib]
    @DACL=(02 0000)
    @="{A591F293-0DB9-4241-B82A-FD754A9370C4}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{B2C86B23-DE6A-4B0E-A4C2-0EF039A0392A}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="9"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{B2C86B23-DE6A-4B0E-A4C2-0EF039A0392A}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{B2C86B23-DE6A-4B0E-A4C2-0EF039A0392A}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{B2C86B23-DE6A-4B0E-A4C2-0EF039A0392A}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{B2C86B23-DE6A-4B0E-A4C2-0EF039A0392A}\TypeLib]
    @DACL=(02 0000)
    @="{6C13A1F5-8891-4C29-9A24-3BCA07419128}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{C6C458C2-07FE-4E89-976B-2BED5C5F3ECD}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="9"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{C6C458C2-07FE-4E89-976B-2BED5C5F3ECD}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{C6C458C2-07FE-4E89-976B-2BED5C5F3ECD}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{B5BAD031-12CB-465E-82D6-11B5C536BCD9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{C6C458C2-07FE-4E89-976B-2BED5C5F3ECD}\TypeLib]
    @DACL=(02 0000)
    @="{D6F870AF-7292-4670-96D3-EAA62A31FB08}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{D0D564BD-BC70-4A0B-89B7-043AB0135137}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="20"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{D0D564BD-BC70-4A0B-89B7-043AB0135137}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{D0D564BD-BC70-4A0B-89B7-043AB0135137}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{94478404-6236-40C4-8850-DF09CE6D95BC}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{D0D564BD-BC70-4A0B-89B7-043AB0135137}\TypeLib]
    @DACL=(02 0000)
    @="{A591F293-0DB9-4241-B82A-FD754A9370C4}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{D42A01FD-9D01-4C45-AA3E-1689E7033643}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="7"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{D42A01FD-9D01-4C45-AA3E-1689E7033643}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{D42A01FD-9D01-4C45-AA3E-1689E7033643}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{B2C86B23-DE6A-4B0E-A4C2-0EF039A0392A}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{D42A01FD-9D01-4C45-AA3E-1689E7033643}\TypeLib]
    @DACL=(02 0000)
    @="{6C13A1F5-8891-4C29-9A24-3BCA07419128}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E4C19BBD-F457-4760-8144-0FA2B3903764}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="13"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E4C19BBD-F457-4760-8144-0FA2B3903764}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E4C19BBD-F457-4760-8144-0FA2B3903764}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{94478404-6236-40C4-8850-DF09CE6D95BC}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E4C19BBD-F457-4760-8144-0FA2B3903764}\TypeLib]
    @DACL=(02 0000)
    @="{A591F293-0DB9-4241-B82A-FD754A9370C4}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{FB010785-9D62-450C-B81B-F3EF3B00C4D9}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="6"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{FB010785-9D62-450C-B81B-F3EF3B00C4D9}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{FB010785-9D62-450C-B81B-F3EF3B00C4D9}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{B2C86B23-DE6A-4B0E-A4C2-0EF039A0392A}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{FB010785-9D62-450C-B81B-F3EF3B00C4D9}\TypeLib]
    @DACL=(02 0000)
    @="{6C13A1F5-8891-4C29-9A24-3BCA07419128}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{57A0E746-3863-4D20-A811-950C84F1DB9B}\1.1]
    @DACL=(02 0000)
    @="FlashAccessibility"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
    "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{077ACEC7-979C-40AB-9835-435BA1511E0D}]
    @DACL=(02 0000)
    "FriendlyName"="Windows Media Files"
    "ComponentGUID"="{077ACEC7-979C-40AB-9835-435BA1511E0D}"
    "Version"=dword:000a0000
    "Sub-Version"=dword:00000eda
    "ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{077ACEC7-979C-40AB-9835-435BA1511E0D}\\MPPRE10.inf"
    "ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{077ACEC7-979C-40AB-9835-435BA1511E0D}\\mppre10.cat"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{30C7234B-6482-4A55-A11D-ECD9030313F2}]
    @DACL=(02 0000)
    "FriendlyName"="Windows Media Files"
    "ComponentGUID"="{30C7234B-6482-4A55-A11D-ECD9030313F2}"
    "Version"=dword:000a0000
    "Sub-Version"=dword:00000eda
    "ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{30C7234B-6482-4A55-A11D-ECD9030313F2}\\WMDM10.inf"
    "ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{30C7234B-6482-4A55-A11D-ECD9030313F2}\\wmdm10.cat"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{981FB688-E76B-4246-987B-92083185B90A}]
    @DACL=(02 0000)
    "FriendlyName"="Windows Media Files"
    "ComponentGUID"="{981FB688-E76B-4246-987B-92083185B90A}"
    "Version"=dword:000a0000
    "Sub-Version"=dword:00000eda
    "ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{981FB688-E76B-4246-987B-92083185B90A}\\WPD10.inf"
    "ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{981FB688-E76B-4246-987B-92083185B90A}\\wpd10.cat"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{A47B3654-48EE-48A5-B629-97D70175E58F}]
    @DACL=(02 0000)
    "FriendlyName"="Windows Media Files"
    "ComponentGUID"="{A47B3654-48EE-48A5-B629-97D70175E58F}"
    "Version"=dword:000a0000
    "Sub-Version"=dword:00000eda
    "ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{A47B3654-48EE-48A5-B629-97D70175E58F}\\codecs10.inf"
    "ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{A47B3654-48EE-48A5-B629-97D70175E58F}\\codecs10.cat"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}]
    @DACL=(02 0000)
    "FriendlyName"="Windows Media Files"
    "ComponentGUID"="{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}"
    "Version"=dword:000a0000
    "Sub-Version"=dword:00000eda
    "ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\\WMFSDK10.inf"
    "ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\\wmfsdk10.cat"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}]
    @DACL=(02 0000)
    "FriendlyName"="Windows Media Files"
    "ComponentGUID"="{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}"
    "Version"=dword:000a0000
    "Sub-Version"=dword:00000eda
    "ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\\DRM10.inf"
    "ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\\drm10.cat"

    [HKEY_LOCAL_MACHINE\software\Realtek Semiconductor Corp.\Realtek High Definition Audio Driver]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\VideoMate\ComproPVR]
    @DACL=(02 0000)
    .
    Voltooingstijd: 2009-01-21 16:11:37
    ComboFix-quarantined-files.txt 2009-01-21 15:11:21
    ComboFix2.txt 2009-01-21 14:53:16
    ComboFix3.txt 2008-11-26 12:32:12
    ComboFix4.txt 2007-12-01 08:54:57

    Pre-Run: 41.476.993.024 bytes beschikbaar
    Post-Run: 41,461,596,160 bytes beschikbaar

    678 — E O F — 2009-01-14 22:06:55

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:57:39, on 21-1-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32
    etdde.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\clipsrv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Documents and Settings\Beneden\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\Windows Live\Mail\wlmail.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    wprovau.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe


    End of file - 2550 bytes




























  • ComboFix 09-01-20.05 - Beneden 2009-01-21 16:08:18.11 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.1983.1509 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Beneden\Mijn documenten\Downloads\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
    .
    Heb al vaker met combofix gewerkt, ben niet zo bang uitgevallen
    (((((((((((((((((((( Bestanden Gemaakt van 2008-12-21 to 2009-01-21 ))))))))))))))))))))))))))))))
    .

    2009-01-21 15:08 . 2009-01-21 15:08 <DIR> d——– c:\program files\Trend Micro
    2009-01-20 22:48 . 2009-01-21 13:59 102,912 –a—— C:\love.exe
    2009-01-20 22:44 . 2009-01-20 22:47 102,912 –a—— C:
    tf5.exe
    2009-01-20 22:44 . 2009-01-20 22:32 48,690 –a—— c:\windows\winav.exe
    2009-01-20 21:35 . 2009-01-21 15:42 <DIR> dr-hs—- C:\RESTORE
    2009-01-20 21:35 . 2009-01-20 22:59 39,986 –a—— C:\crz.exe
    2009-01-19 10:49 . 2009-01-19 10:49 <DIR> d——– c:\program files\SopCast
    2009-01-17 12:53 . 2009-01-17 12:53 <DIR> d——– c:\program files\DivX
    2009-01-14 18:31 . 2006-09-14 07:12 429,568 –a—— C:\cohtrn.exe
    2009-01-14 18:19 . 2009-01-14 18:19 428 –a—— c:\windows\zipgenius.xml
    2009-01-14 07:17 . 2009-01-14 07:17 1,374 –a—— c:\windows\imsins.BAK
    2009-01-13 11:10 . 2009-01-14 18:00 664 –a—— c:\windows\system32\d3d9caps.dat
    2009-01-13 11:07 . 2009-01-14 18:05 <DIR> d——– c:\windows\NV13003428.TMP
    2009-01-13 11:07 . 2008-09-17 23:55 201,050 –a—— c:\windows\system32
    vapps.nvb
    2009-01-07 17:36 . 2009-01-07 17:41 <DIR> d——– C:\totalcmd
    2009-01-07 17:36 . 2009-01-07 17:40 729 –a—— c:\windows\wincmd.ini
    2009-01-07 17:36 . 2008-08-08 07:04 545 –a—— c:\windows\UC.PIF
    2009-01-07 17:36 . 2008-08-08 07:04 545 –a—— c:\windows\RAR.PIF
    2009-01-07 17:36 . 2008-08-08 07:04 545 –a—— c:\windows\PKZIP.PIF
    2009-01-07 17:36 . 2008-08-08 07:04 545 –a—— c:\windows\PKUNZIP.PIF
    2009-01-07 17:36 . 2008-08-08 07:04 545 –a—— c:\windows\NOCLOSE.PIF
    2009-01-07 17:36 . 2008-08-08 07:04 545 –a—— c:\windows\LHA.PIF
    2009-01-07 17:36 . 2008-08-08 07:04 545 –a—— c:\windows\ARJ.PIF
    2009-01-07 17:28 . 2009-01-07 17:28 <DIR> d——– c:\documents and settings\Beneden\Application Data\JockerSoft
    2009-01-02 10:44 . 2009-01-02 10:44 <DIR> d——– c:\program files\freshney.org
    2009-01-02 10:44 . 2009-01-02 10:44 <DIR> d——– c:\documents and settings\Beneden\Xinorbis
    2009-01-01 13:24 . 2009-01-01 13:25 <DIR> d——– c:\program files\ZipGenius 6
    2009-01-01 13:24 . 2009-01-04 17:04 <DIR> d——– c:\documents and settings\Beneden\Application Data\ZipGenius
    2008-12-31 09:31 . 2008-12-31 09:31 <DIR> d——– c:\program files\Shareaza
    2008-12-31 09:31 . 2008-12-31 09:31 <DIR> d——– c:\documents and settings\Beneden\Application Data\Shareaza
    2008-12-27 15:44 . 2008-12-27 15:44 <DIR> d——– c:\program files\Seagate
    2008-12-27 14:57 . 2008-12-27 14:57 <DIR> d——– c:\program files\HD Tune
    2008-12-26 17:11 . 2008-12-26 17:11 107,888 –a—— c:\windows\system32\CmdLineExt.dll
    2008-12-25 15:32 . 2008-12-25 15:32 <DIR> d——– c:\program files\EASEUS
    2008-12-21 22:06 . 2008-12-21 22:08 <DIR> d——– c:\program files\RegCleaner
    2008-12-21 15:48 . 2008-12-21 15:48 262,144 –a—— c:\windows\system32\wrap_oal.dll
    2008-12-21 15:48 . 2008-12-21 15:48 86,016 –a—— c:\windows\system32\OpenAL32.dll
    2008-12-21 15:47 . 2007-09-07 14:55 12,744 –a—— c:\windows\system32\drivers\Entech64.sys
    2008-12-21 15:47 . 2007-09-07 14:55 6,173 –a—— c:\windows\system32\drivers\Entech.vxd
    2008-12-21 15:47 . 2001-11-19 20:05 3,972 –a—— c:\windows\system32\drivers\PciBus.sys
    2008-12-21 15:46 . 2008-12-21 15:46 <DIR> d——– c:\program files\Futuremark
    2008-12-21 15:19 . 2008-12-21 15:19 <DIR> d——– c:\windows\system32\Futuremark
    2008-12-21 15:19 . 2008-12-21 15:19 <DIR> d——– c:\program files\Common Files\Futuremark Shared
    2008-12-21 15:19 . 2008-09-17 15:14 27,672 -ra—— c:\windows\system32\drivers\Entech.sys
    2008-12-21 12:26 . 2009-01-21 14:40 <DIR> dr-h—– c:\documents and settings\Beneden\Onlangs geopend

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-21 14:47 ——— d—–w c:\program files\SPAMfighter
    2009-01-21 14:07 ——— d—–w c:\program files\Hijack This
    2008-12-31 13:42 ——— d—–w c:\documents and settings\Beneden\Application Data\LimeWire
    2008-12-27 14:29 ——— d—–w c:\program files\Common Files\Wise Installation Wizard
    2008-12-21 14:46 ——— d–h–w c:\program files\InstallShield Installation Information
    2008-12-19 21:17 ——— d—–w c:\program files\Malwarebytes' Anti-Malware
    2008-12-19 18:35 ——— d—–w c:\documents and settings\Beneden\Application Data\vlc
    2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys
    2008-12-11 00:33 86,016 —-a-w c:\windows\system32\dpl100.dll
    2008-12-11 00:33 200,704 —-a-w c:\windows\system32\dtu100.dll
    2008-12-09 02:28 593,920 —-a-w c:\windows\system32\dpuGUI11.dll
    2008-12-09 02:28 57,344 —-a-w c:\windows\system32\dpv11.dll
    2008-12-09 02:28 344,064 —-a-w c:\windows\system32\dpus11.dll
    2008-12-09 02:28 294,912 —-a-w c:\windows\system32\dpu11.dll
    2008-12-05 16:33 ——— d—–w c:\program files\Microsoft.NET
    2008-12-05 16:21 ——— d—–w c:\program files\microsoft frontpage
    2008-12-05 16:16 ——— d—–w c:\program files\Microsoft Works
    2008-12-03 18:52 38,496 —-a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2008-12-03 18:52 15,504 —-a-w c:\windows\system32\drivers\mbam.sys
    2008-11-27 07:51 225,280 —-a-w c:\windows\system32\BootMan.exe
    2008-11-26 14:58 472,064 —-a-w c:\windows\system32\NTFSFormat.dll
    2008-11-26 14:55 65,536 —-a-w c:\windows\system32\FatCopy.dll
    2008-11-26 14:54 17,920 —-a-w c:\windows\system32\SectorCopy.dll
    2008-11-26 14:54 139,776 —-a-w c:\windows\system32\NTFSCopy.dll
    2008-11-26 14:52 86,016 —-a-w c:\windows\system32\ResizeNTFS.dll
    2008-11-26 14:51 93,184 —-a-w c:\windows\system32\Partition.dll
    2008-11-26 14:51 61,952 —-a-w c:\windows\system32\FatResizeMove.dll
    2008-11-26 14:51 45,568 —-a-w c:\windows\system32\FileSystemCheck.dll
    2008-11-26 14:50 180,736 —-a-w c:\windows\system32\DeviceManager.dll
    2008-11-26 14:49 86,528 —-a-w c:\windows\system32\NTFSLib.dll
    2008-11-26 14:49 31,744 —-a-w c:\windows\system32\FatLib.dll
    2008-11-26 14:49 22,016 —-a-w c:\windows\system32\FatFormat.dll
    2008-11-26 14:48 68,096 —-a-w c:\windows\system32\Device.dll
    2008-11-26 14:48 6,656 —-a-w c:\windows\system32\CallbackOperator.dll
    2008-11-26 14:48 24,576 —-a-w c:\windows\system32\NTFSFileSystemAnalyser.dll
    2008-11-26 14:48 21,504 —-a-w c:\windows\system32\Fixup.dll
    2008-11-26 14:48 14,848 —-a-w c:\windows\system32\FileSystemAnalyser.dll
    2008-11-26 14:48 10,752 —-a-w c:\windows\system32\DeviceAdapter.dll
    2008-11-26 14:47 25,088 —-a-w c:\windows\system32\FATFileSystemAnalyser.dll
    2008-11-25 16:18 86,408 —-a-w c:\windows\system32\setupempdrv03.exe
    2008-11-25 16:18 8,704 —-a-w c:\windows\system32\epmntdrv.sys
    2008-11-25 16:18 3,072 —-a-w c:\windows\system32\EuGdiDrv.sys
    2008-11-25 16:18 14,848 —-a-w c:\windows\system32\EuEpmGdi.dll
    2008-11-23 09:19 ——— d—–w c:\documents and settings\Beneden\Application Data\Leadertech
    2008-11-23 09:01 ——— d—–w c:\program files\Common Files\Adobe
    2008-11-06 16:37 524,288 —-a-w c:\windows\system32\DivXsm.exe
    2008-11-06 16:37 3,596,288 —-a-w c:\windows\system32\qt-dx331.dll
    2008-11-06 16:35 200,704 —-a-w c:\windows\system32\ssldivx.dll
    2008-11-06 16:35 1,044,480 —-a-w c:\windows\system32\libdivx.dll
    2008-11-06 16:33 823,296 —-a-w c:\windows\system32\divx_xx0c.dll
    2008-11-06 16:33 823,296 —-a-w c:\windows\system32\divx_xx07.dll
    2008-11-06 16:33 815,104 —-a-w c:\windows\system32\divx_xx0a.dll
    2008-11-06 16:33 802,816 —-a-w c:\windows\system32\divx_xx11.dll
    2008-11-06 16:33 684,032 —-a-w c:\windows\system32\DivX.dll
    2008-11-06 16:33 12,288 —-a-w c:\windows\system32\DivXWMPExtType.dll
    2008-11-02 14:07 15,628 —-a-w c:\program files\Furnish Lite uninstal.log
    2008-10-23 12:43 286,720 —-a-w c:\windows\system32\gdi32.dll
    2008-06-18 15:04 56,912 —-a-w c:\documents and settings\Beneden\g2mdlhlpx.exe
    2008-05-15 20:09 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008051520080516\index.dat
    2008-05-15 20:09 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    .

    ——- Sigcheck ——-

    2006-03-02 13:00 14336 ab8c6d89a897bacba4657fdf00e344a6 c:\windows\$NtServicePackUninstall$\svchost.exe
    2008-04-14 18:03 14336 e410ec73e2be2a41d923b006f51c8427 c:\windows\ServicePackFiles\i386\svchost.exe
    2008-04-14 18:03 14336 e410ec73e2be2a41d923b006f51c8427 c:\windows\system32\svchost.exe

    2005-03-02 19:21 578560 0b62745ce93e8c6f56547f70269dbabc c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
    2007-03-08 16:51 579584 fa35431e333943f4b2a6d33fa4ee3ce9 c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
    2007-03-08 16:39 579072 cb18f701a5d55a6308fab8d18322c060 c:\windows\$NtServicePackUninstall$\user32.dll
    2006-03-02 13:00 578560 8e5d344fd717d35ee7ed1c8e0ad0cbe6 c:\windows\$NtUninstallKB890859$\user32.dll
    2005-03-02 19:19 578560 a9f2ebfc6ef9c1fb38cedcf747162b6c c:\windows\$NtUninstallKB925902$\user32.dll
    2008-04-14 18:02 580096 4cf588d2f2363b73eb4af57967d46dff c:\windows\ServicePackFiles\i386\user32.dll
    2008-04-14 18:02 580096 4cf588d2f2363b73eb4af57967d46dff c:\windows\system32\user32.dll

    2006-03-02 13:00 82944 06ebcbe58321e924980148b7e3dbd753 c:\windows\$NtServicePackUninstall$\ws2_32.dll
    2008-04-14 18:02 82432 520391367546218929749612abfe840c c:\windows\ServicePackFiles\i386\ws2_32.dll
    2008-04-14 18:02 82432 520391367546218929749612abfe840c c:\windows\system32\ws2_32.dll

    2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
    2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
    2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtServicePackUninstall$\tcpip.sys
    2006-03-02 13:00 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB917953$\tcpip.sys
    2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys
    2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\$NtUninstallKB951748$\tcpip.sys
    2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\tcpip.sys
    2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\dllcache\tcpip.sys
    2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\drivers\tcpip.sys

    2006-03-02 13:00 504832 732ed791711df9c9dd15e5515bc681b8 c:\windows\$NtServicePackUninstall$\winlogon.exe
    2008-04-14 18:03 510464 1247d4d5444e28519bbe31be8ab4c029 c:\windows\ServicePackFiles\i386\winlogon.exe
    2008-04-14 18:03 510464 1247d4d5444e28519bbe31be8ab4c029 c:\windows\system32\winlogon.exe

    2006-03-02 13:00 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\$NtServicePackUninstall$
    dis.sys
    2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386
    dis.sys
    2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers
    dis.sys

    2006-03-02 13:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
    2008-04-13 19:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\ServicePackFiles\i386\ip6fw.sys
    2008-04-13 19:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\system32\drivers\ip6fw.sys

    2005-03-02 19:14 2061312 c26d84b802567e629d42861a11c7ec04 c:\windows\$hf_mig$\KB890859\SP2QFE
    tkrnlpa.exe
    2007-02-28 17:09 2063744 f51b8d8b0703518349096604e788b83e c:\windows\$hf_mig$\KB931784\SP2QFE
    tkrnlpa.exe
    2008-08-14 18:28 2070400 de961b54d30c7dd6aa6c3bd27d584e30 c:\windows\$hf_mig$\KB956841\SP3QFE
    tkrnlpa.exe
    2007-02-28 17:05 2061952 57b09ad681c1d8db77ccc3e92d8f5d14 c:\windows\$NtServicePackUninstall$
    tkrnlpa.exe
    2006-03-02 13:00 2061184 e0399688d466b7c3afdffb5a2ed9f351 c:\windows\$NtUninstallKB890859$
    tkrnlpa.exe
    2005-03-02 19:09 2061184 c6cf1974acdb8329daf9d001c0937cb0 c:\windows\$NtUninstallKB931784$
    tkrnlpa.exe
    2008-04-14 17:41 2070272 6129da5c68c13dca12e77580730fd770 c:\windows\$NtUninstallKB956841$
    tkrnlpa.exe
    2008-08-14 14:27 2070400 c92e65cbb38161373319bb11340de919 c:\windows\Driver Cache\i386
    tkrnlpa.exe
    2008-04-14 17:41 2070272 6129da5c68c13dca12e77580730fd770 c:\windows\ServicePackFiles\i386
    tkrnlpa.exe
    2008-08-14 14:27 2070400 c92e65cbb38161373319bb11340de919 c:\windows\system32
    tkrnlpa.exe
    2008-08-14 14:27 2070400 c92e65cbb38161373319bb11340de919 c:\windows\system32\dllcache
    tkrnlpa.exe

    2005-03-02 19:15 2183936 5db3e8dec987b5d350e4a105dceaee6a c:\windows\$hf_mig$\KB890859\SP2QFE
    toskrnl.exe
    2007-02-28 17:09 2186496 59dca97dc201792c1ccf9fe621ee5ed7 c:\windows\$hf_mig$\KB931784\SP2QFE
    toskrnl.exe
    2008-08-14 18:28 2193536 e332b6de826d4222a758e3264ad8d520 c:\windows\$hf_mig$\KB956841\SP3QFE
    toskrnl.exe
    2007-02-28 17:05 2184704 caaa8fd3c034a227691a43b60873f097 c:\windows\$NtServicePackUninstall$
    toskrnl.exe
    2006-03-02 13:00 2185344 87aaea3908e069fb1be37380c895dfb8 c:\windows\$NtUninstallKB890859$
    toskrnl.exe
    2005-03-02 19:09 2183680 281a1e82f5f8fc0b2f4b57ef296a4240 c:\windows\$NtUninstallKB931784$
    toskrnl.exe
    2008-04-14 17:42 2193408 140a1bad8a6642c1386bb5b388eb447f c:\windows\$NtUninstallKB956841$
    toskrnl.exe
    2008-08-14 14:27 2193536 3e5e63d926c5e9f81045f3646815d2a1 c:\windows\Driver Cache\i386
    toskrnl.exe
    2008-04-14 17:42 2193408 140a1bad8a6642c1386bb5b388eb447f c:\windows\ServicePackFiles\i386
    toskrnl.exe
    2008-08-14 14:27 2193536 3e5e63d926c5e9f81045f3646815d2a1 c:\windows\system32
    toskrnl.exe
    2008-08-14 14:27 2193536 3e5e63d926c5e9f81045f3646815d2a1 c:\windows\system32\dllcache
    toskrnl.exe

    2008-04-14 18:02 1037312 aa04f042a820bf1868e643575887e1a6 c:\windows\explorer.exe
    2007-06-13 14:12 1036800 1d6245afbd3faabc16a885116be1874d c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
    2007-06-13 14:24 1036800 147e95a42a58ce99e403f7f57656bbeb c:\windows\$NtServicePackUninstall$\explorer.exe
    2006-03-02 13:00 1035776 a1d7304a87fc3093150f5e3cc7b0f338 c:\windows\$NtUninstallKB938828$\explorer.exe
    2008-04-14 18:02 1037312 aa04f042a820bf1868e643575887e1a6 c:\windows\ServicePackFiles\i386\explorer.exe

    2006-03-02 13:00 108544 39991cd3c17b7529d039151a88e84499 c:\windows\$NtServicePackUninstall$\services.exe
    2008-04-14 18:03 109056 b77bc5cd88eb96d4352af5202ec4aec2 c:\windows\ServicePackFiles\i386\services.exe
    2008-04-14 18:03 109056 b77bc5cd88eb96d4352af5202ec4aec2 c:\windows\system32\services.exe

    2006-03-02 13:00 13312 34a82debefb057fcccbe15f619fc98a7 c:\windows\$NtServicePackUninstall$\lsass.exe
    2008-04-14 18:03 13312 8754210a3399d19610ce2d71e0c3e5d9 c:\windows\ServicePackFiles\i386\lsass.exe
    2008-04-14 18:03 13312 8754210a3399d19610ce2d71e0c3e5d9 c:\windows\system32\lsass.exe

    2006-03-02 13:00 15360 7de46c9c40abb58c8fdfe0212a3bf2b4 c:\windows\$NtServicePackUninstall$\ctfmon.exe
    2008-04-14 18:02 15360 e98a8c802cdb31fcf4121d9dfbea3677 c:\windows\ServicePackFiles\i386\ctfmon.exe
    2008-04-14 18:02 15360 e98a8c802cdb31fcf4121d9dfbea3677 c:\windows\system32\ctfmon.exe

    2005-06-11 01:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
    2005-06-11 00:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f c:\windows\$NtServicePackUninstall$\spoolsv.exe
    2006-03-02 13:00 57856 cccb8b94b17466efb9dc27f42625b0e5 c:\windows\$NtUninstallKB896423$\spoolsv.exe
    2008-04-14 18:03 57856 db454135de1a09fe7feda7b554b5cca2 c:\windows\ServicePackFiles\i386\spoolsv.exe
    2008-04-14 18:03 57856 db454135de1a09fe7feda7b554b5cca2 c:\windows\system32\spoolsv.exe

    2006-03-02 13:00 24576 de7a0ee4a6a28e6dfe3118eb22468da6 c:\windows\$NtServicePackUninstall$\userinit.exe
    2008-04-14 18:03 26112 6818a533ed3b2fa9936df3daf45352df c:\windows\ServicePackFiles\i386\userinit.exe
    2008-04-14 18:03 26112 6818a533ed3b2fa9936df3daf45352df c:\windows\system32\userinit.exe

    2006-03-02 13:00 297472 e2ce999886a4636026f157deb886aa94 c:\windows\$NtServicePackUninstall$\termsrv.dll
    2008-04-14 18:02 297472 e0aef86a594c9990d6321c5ca239c5b7 c:\windows\ServicePackFiles\i386\termsrv.dll
    2008-04-14 18:02 297472 e0aef86a594c9990d6321c5ca239c5b7 c:\windows\system32\termsrv.dll

    2006-07-05 11:58 1026048 8672ce1e9baf84ec0665d73db8849edb c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
    2007-04-16 17:11 1027072 68757f5935d6d76dd10975b7b7a9751d c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
    2007-04-16 16:54 1025536 6557ea471552bb9af16b66902d572bd5 c:\windows\$NtServicePackUninstall$\kernel32.dll
    2006-03-02 13:00 1024512 54379bd67780fdbbe1590eec142a659c c:\windows\$NtUninstallKB917422$\kernel32.dll
    2006-07-05 11:56 1025024 f2352fb7d9e5c70374568724a32b5cb7 c:\windows\$NtUninstallKB935839$\kernel32.dll
    2008-04-14 18:02 1030656 09bcb7171f8172c2ba0189fe1f9c25cb c:\windows\ServicePackFiles\i386\kernel32.dll
    2008-04-14 18:02 1030656 09bcb7171f8172c2ba0189fe1f9c25cb c:\windows\system32\kernel32.dll

    2006-03-02 13:00 17408 d5a792db732622a393a0469fe6eaa728 c:\windows\$NtServicePackUninstall$\powrprof.dll
    2008-04-14 18:02 17408 32167ce0150dc2a269d99689a143fb67 c:\windows\ServicePackFiles\i386\powrprof.dll
    2008-04-14 18:02 17408 32167ce0150dc2a269d99689a143fb67 c:\windows\system32\powrprof.dll
    .
    ((((((((((((((((((((((((((((( snapshot_2009-01-21_15.52.19.64 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-01-21 13:18:57 64,488 —-a-w c:\windows\system32\perfc009.dat
    + 2009-01-21 14:51:34 64,488 —-a-w c:\windows\system32\perfc009.dat
    - 2009-01-21 13:18:57 84,432 —-a-w c:\windows\system32\perfc013.dat
    + 2009-01-21 14:51:34 84,432 —-a-w c:\windows\system32\perfc013.dat
    - 2009-01-21 13:18:57 409,540 —-a-w c:\windows\system32\perfh009.dat
    + 2009-01-21 14:51:34 409,540 —-a-w c:\windows\system32\perfh009.dat
    - 2009-01-21 13:18:57 475,216 —-a-w c:\windows\system32\perfh013.dat
    + 2009-01-21 14:51:34 475,216 —-a-w c:\windows\system32\perfh013.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.I420"= vdrcodec.dll
    "VIDC.MJPG"= Pvmjpg21.dll
    "VIDC.PIM1"= pclepim1.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Desktop Search.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^Beneden^Menu Start^Programma's^Opstarten^Mediacontrole Picture Motion Browser.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^Beneden^Menu Start^Programma's^Opstarten^OpenOffice.org 2.4 .lnk]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    –a—— 2007-03-22 15:09 63712 c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    –a—— 2008-04-14 18:02 15360 c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    –a—-t- 2008-09-04 21:33 133104 c:\documents and settings\Beneden\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
    –a—— 2008-12-03 19:52 1265296 c:\program files\Malwarebytes' Anti-Malware\mbam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    –a—— 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    –a—— 2006-01-12 14:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPAMfighter Agent]
    –a—— 2008-04-29 13:49 321160 c:\program files\SPAMfighter\SFAgent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    –a—— 2008-09-28 08:37 144792 c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    –a—— 2007-10-19 08:46 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\win system]
    –a—— 2009-01-20 22:32 48690 c:\windows\winav.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update]
    -r-hs—- 2009-01-20 23:00 99890 c:\program files\Common Files\System\sysdrv32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "usnjsvc"=3 (0x3)
    "ose"=3 (0x3)
    "NVSvc"=2 (0x2)
    "MDM"=2 (0x2)
    "AdobeActiveFileMonitor5.0"=2 (0x2)
    "ERSvc"=2 (0x2)
    "CryptSvc"=3 (0x3)
    "WSearch"=2 (0x2)
    "gusvc"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Azureus\\Azureus.exe"=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Shareaza\\Shareaza.exe"=
    "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
    "c:\\Program Files\\SopCast\\SopCast.exe"=
    "c:\\Program Files\\Common Files\\System\\sysdrv32.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6667:TCP"= 6667:TCP:sha
    "6346:TCP"= 6346:TCP:sh

    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-05-24 97928]
    R3 PhTVTune;VideoMate TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [2007-05-17 18560]
    R4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-04 875288]
    R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 231704]
    R4 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-05-24 76040]
    R4 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2008-04-29 184968]
    S3 cpuz130;cpuz130;\??\c:\docume~1\Beneden\LOCALS~1\Temp\cpuz130\cpuz_x32.sys –> c:\docume~1\Beneden\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2008-12-25 8704]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2008-12-25 3072]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
    \Shell\AutoRun\command - J:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a968aa38-25e0-11dd-8bad-0019661a4f22}]
    \Shell\AutoRun\command - J:\LaunchU3.exe -a
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-01-16 c:\windows\Tasks\1-Click Maintenance.job
    - c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-26 21:51]

    2009-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1123561945-839522115-1006.job
    - c:\documents and settings\Beneden\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 21:33]

    2007-12-09 c:\windows\Tasks\RegCure Program Check.job
    - c:\program files\RegCure\RegCure.exe [2007-12-02 12:37]

    2007-12-09 c:\windows\Tasks\RegCure.job
    - c:\program files\RegCure\RegCure.exe [2007-12-02 12:37]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.startpagina.nl/
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-21 16:09:49
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,ca,87,42,88,ff,
    bb,56,1c,c8,28,51,af,b0,29,a3,98,9c,82,1b,35,17,a8,fb,02,e2,63,26,f1,3f,c8,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,7a,0a,59,88,8b,
    51,6a,98,71,3b,04,66,8b,46,0d,96,a2,40,26,d2,bb,08,a1,3f,6a,9c,d6,61,af,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,0f,ef,1f,5a,19,
    ff,53,6c,25,da,ec,7e,55,20,c9,26,e0,8d,0f,13,db,8a,bc,55,ff,7c,85,e0,43,d4,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,9e,e4,ee,e5,f1,
    ac,2c,f6,3e,1e,9e,e0,57,5a,93,61,a9,cd,4c,ef,0e,f6,a0,bf,86,8c,21,01,be,91,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,22,65,1e,17,6a,
    c3,8d,39,cd,44,cd,b9,a6,33,6c,cd,e9,b9,45,ab,68,66,8d,2d,f5,1d,4d,73,a8,13,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,83,ff,99,58,22,
    ed,71,68,b0,18,ed,a7,3f,8d,37,a4,77,2e,00,17,0f,b8,0f,77,df,20,58,62,78,6b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,55,ff,da,52,cd,
    70,51,69,31,77,e1,ba,b1,f8,68,02,70,be,b5,49,f8,ad,2b,61,fb,a7,78,e6,12,2f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,e9,8a,27,8f,51,
    97,55,9d,83,6c,56,8b,a0,85,96,ab,72,72,db,5d,d6,e4,dc,fa,01,3a,48,fc,e8,04,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,29,e7,60,a1,e9,
    5e,4e,16,51,fa,6e,91,28,9e,14,cc,27,8c,47,14,35,30,71,a1,f6,0f,4e,58,98,5b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,6c,4b,8c,2b,a6,
    d0,5a,e1,b1,cd,45,5a,a8,c4,f8,b9,23,8c,12,f4,59,39,88,1d,3d,ce,ea,26,2d,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,31,20,58,60,14,
    d6,00,e1,e3,0e,66,d5,eb,bc,2f,6b,77,d7,c8,74,9d,dd,f2,73,2a,b7,cc,b5,b9,7f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,a0,9d,ce,9a,ac,
    c1,e0,ec,fa,ea,66,7f,d4,3b,6b,70,10,73,e6,09,13,42,a9,b6,6c,43,2d,1e,aa,22,\

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{12510DD1-84D0-4CA4-95D1-595B3831CC8F}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="16"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{12510DD1-84D0-4CA4-95D1-595B3831CC8F}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{12510DD1-84D0-4CA4-95D1-595B3831CC8F}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{94478404-6236-40C4-8850-DF09CE6D95BC}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{12510DD1-84D0-4CA4-95D1-595B3831CC8F}\TypeLib]
    @DACL=(02 0000)
    @="{A591F293-0DB9-4241-B82A-FD754A9370C4}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{38183A1A-D279-4DB5-8C80-2535070CED16}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="15"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{38183A1A-D279-4DB5-8C80-2535070CED16}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{38183A1A-D279-4DB5-8C80-2535070CED16}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{94478404-6236-40C4-8850-DF09CE6D95BC}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{38183A1A-D279-4DB5-8C80-2535070CED16}\TypeLib]
    @DACL=(02 0000)
    @="{A591F293-0DB9-4241-B82A-FD754A9370C4}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{3B089AF4-2197-4391-B1A6-C6A1E1B05BE1}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{3B089AF4-2197-4391-B1A6-C6A1E1B05BE1}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{3B089AF4-2197-4391-B1A6-C6A1E1B05BE1}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{B2C86B23-DE6A-4B0E-A4C2-0EF039A0392A}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{3B089AF4-2197-4391-B1A6-C6A1E1B05BE1}\TypeLib]
    @DACL=(02 0000)
    @="{6C13A1F5-8891-4C29-9A24-3BCA07419128}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{60010E23-CA47-42C0-8D2C-BCDE35310A3D}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="9"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{60010E23-CA47-42C0-8D2C-BCDE35310A3D}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{60010E23-CA47-42C0-8D2C-BCDE35310A3D}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{B5BAD031-12CB-465E-82D6-11B5C536BCD9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{60010E23-CA47-42C0-8D2C-BCDE35310A3D}\TypeLib]
    @DACL=(02 0000)
    @="{D6F870AF-7292-4670-96D3-EAA62A31FB08}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{678EB2A8-C6EB-44E4-A069-029008E82E33}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="15"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{678EB2A8-C6EB-44E4-A069-029008E82E33}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{678EB2A8-C6EB-44E4-A069-029008E82E33}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{94478404-6236-40C4-8850-DF09CE6D95BC}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{678EB2A8-C6EB-44E4-A069-029008E82E33}\TypeLib]
    @DACL=(02 0000)
    @="{A591F293-0DB9-4241-B82A-FD754A9370C4}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{69434B5E-9D4B-4F40-8CBF-5400AA81D43A}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="8"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{69434B5E-9D4B-4F40-8CBF-5400AA81D43A}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{69434B5E-9D4B-4F40-8CBF-5400AA81D43A}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{94478404-6236-40C4-8850-DF09CE6D95BC}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{69434B5E-9D4B-4F40-8CBF-5400AA81D43A}\TypeLib]
    @DACL=(02 0000)
    @="{A591F293-0DB9-4241-B82A-FD754A9370C4}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{8F48F51E-402B-48E3-9FFC-6B4433540A3C}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="11"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{8F48F51E-402B-48E3-9FFC-6B4433540A3C}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{8F48F51E-402B-48E3-9FFC-6B4433540A3C}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{94478404-6236-40C4-8850-DF09CE6D95BC}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{8F48F51E-402B-48E3-9FFC-6B4433540A3C}\TypeLib]
    @DACL=(02 0000)
    @="{A591F293-0DB9-4241-B82A-FD754A9370C4}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{90FD3C81-2B44-43DD-B93C-80CC798F10EB}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="15"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{90FD3C81-2B44-43DD-B93C-80CC798F10EB}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{90FD3C81-2B44-43DD-B93C-80CC798F10EB}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{94478404-6236-40C4-8850-DF09CE6D95BC}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{90FD3C81-2B44-43DD-B93C-80CC798F10EB}\TypeLib]
    @DACL=(02 0000)
    @="{A591F293-0DB9-4241-B82A-FD754A9370C4}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{94478404-6236-40C4-8850-DF09CE6D95BC}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="13"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{94478404-6236-40C4-8850-DF09CE6D95BC}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{94478404-6236-40C4-8850-DF09CE6D95BC}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{94478404-6236-40C4-8850-DF09CE6D95BC}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{94478404-6236-40C4-8850-DF09CE6D95BC}\TypeLib]
    @DACL=(02 0000)
    @="{A591F293-0DB9-4241-B82A-FD754A9370C4}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{963EED81-E2D3-456E-9ECE-B56B38CBE175}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="20"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{963EED81-E2D3-456E-9ECE-B56B38CBE175}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{963EED81-E2D3-456E-9ECE-B56B38CBE175}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{94478404-6236-40C4-8850-DF09CE6D95BC}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{963EED81-E2D3-456E-9ECE-B56B38CBE175}\TypeLib]
    @DACL=(02 0000)
    @="{A591F293-0DB9-4241-B82A-FD754A9370C4}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{B2C86B23-DE6A-4B0E-A4C2-0EF039A0392A}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="9"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{B2C86B23-DE6A-4B0E-A4C2-0EF039A0392A}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{B2C86B23-DE6A-4B0E-A4C2-0EF039A0392A}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{B2C86B23-DE6A-4B0E-A4C2-0EF039A0392A}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{B2C86B23-DE6A-4B0E-A4C2-0EF039A0392A}\TypeLib]
    @DACL=(02 0000)
    @="{6C13A1F5-8891-4C29-9A24-3BCA07419128}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{C6C458C2-07FE-4E89-976B-2BED5C5F3ECD}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="9"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{C6C458C2-07FE-4E89-976B-2BED5C5F3ECD}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{C6C458C2-07FE-4E89-976B-2BED5C5F3ECD}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{B5BAD031-12CB-465E-82D6-11B5C536BCD9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{C6C458C2-07FE-4E89-976B-2BED5C5F3ECD}\TypeLib]
    @DACL=(02 0000)
    @="{D6F870AF-7292-4670-96D3-EAA62A31FB08}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{D0D564BD-BC70-4A0B-89B7-043AB0135137}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="20"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{D0D564BD-BC70-4A0B-89B7-043AB0135137}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{D0D564BD-BC70-4A0B-89B7-043AB0135137}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{94478404-6236-40C4-8850-DF09CE6D95BC}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{D0D564BD-BC70-4A0B-89B7-043AB0135137}\TypeLib]
    @DACL=(02 0000)
    @="{A591F293-0DB9-4241-B82A-FD754A9370C4}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{D42A01FD-9D01-4C45-AA3E-1689E7033643}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="7"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{D42A01FD-9D01-4C45-AA3E-1689E7033643}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{D42A01FD-9D01-4C45-AA3E-1689E7033643}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{B2C86B23-DE6A-4B0E-A4C2-0EF039A0392A}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{D42A01FD-9D01-4C45-AA3E-1689E7033643}\TypeLib]
    @DACL=(02 0000)
    @="{6C13A1F5-8891-4C29-9A24-3BCA07419128}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E4C19BBD-F457-4760-8144-0FA2B3903764}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="13"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E4C19BBD-F457-4760-8144-0FA2B3903764}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E4C19BBD-F457-4760-8144-0FA2B3903764}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{94478404-6236-40C4-8850-DF09CE6D95BC}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E4C19BBD-F457-4760-8144-0FA2B3903764}\TypeLib]
    @DACL=(02 0000)
    @="{A591F293-0DB9-4241-B82A-FD754A9370C4}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{FB010785-9D62-450C-B81B-F3EF3B00C4D9}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="6"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{FB010785-9D62-450C-B81B-F3EF3B00C4D9}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{FB010785-9D62-450C-B81B-F3EF3B00C4D9}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{B2C86B23-DE6A-4B0E-A4C2-0EF039A0392A}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{FB010785-9D62-450C-B81B-F3EF3B00C4D9}\TypeLib]
    @DACL=(02 0000)
    @="{6C13A1F5-8891-4C29-9A24-3BCA07419128}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{57A0E746-3863-4D20-A811-950C84F1DB9B}\1.1]
    @DACL=(02 0000)
    @="FlashAccessibility"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
    "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{077ACEC7-979C-40AB-9835-435BA1511E0D}]
    @DACL=(02 0000)
    "FriendlyName"="Windows Media Files"
    "ComponentGUID"="{077ACEC7-979C-40AB-9835-435BA1511E0D}"
    "Version"=dword:000a0000
    "Sub-Version"=dword:00000eda
    "ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{077ACEC7-979C-40AB-9835-435BA1511E0D}\\MPPRE10.inf"
    "ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{077ACEC7-979C-40AB-9835-435BA1511E0D}\\mppre10.cat"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{30C7234B-6482-4A55-A11D-ECD9030313F2}]
    @DACL=(02 0000)
    "FriendlyName"="Windows Media Files"
    "ComponentGUID"="{30C7234B-6482-4A55-A11D-ECD9030313F2}"
    "Version"=dword:000a0000
    "Sub-Version"=dword:00000eda
    "ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{30C7234B-6482-4A55-A11D-ECD9030313F2}\\WMDM10.inf"
    "ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{30C7234B-6482-4A55-A11D-ECD9030313F2}\\wmdm10.cat"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{981FB688-E76B-4246-987B-92083185B90A}]
    @DACL=(02 0000)
    "FriendlyName"="Windows Media Files"
    "ComponentGUID"="{981FB688-E76B-4246-987B-92083185B90A}"
    "Version"=dword:000a0000
    "Sub-Version"=dword:00000eda
    "ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{981FB688-E76B-4246-987B-92083185B90A}\\WPD10.inf"
    "ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{981FB688-E76B-4246-987B-92083185B90A}\\wpd10.cat"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{A47B3654-48EE-48A5-B629-97D70175E58F}]
    @DACL=(02 0000)
    "FriendlyName"="Windows Media Files"
    "ComponentGUID"="{A47B3654-48EE-48A5-B629-97D70175E58F}"
    "Version"=dword:000a0000
    "Sub-Version"=dword:00000eda
    "ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{A47B3654-48EE-48A5-B629-97D70175E58F}\\codecs10.inf"
    "ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{A47B3654-48EE-48A5-B629-97D70175E58F}\\codecs10.cat"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}]
    @DACL=(02 0000)
    "FriendlyName"="Windows Media Files"
    "ComponentGUID"="{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}"
    "Version"=dword:000a0000
    "Sub-Version"=dword:00000eda
    "ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\\WMFSDK10.inf"
    "ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\\wmfsdk10.cat"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}]
    @DACL=(02 0000)
    "FriendlyName"="Windows Media Files"
    "ComponentGUID"="{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}"
    "Version"=dword:000a0000
    "Sub-Version"=dword:00000eda
    "ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\\DRM10.inf"
    "ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\\drm10.cat"

    [HKEY_LOCAL_MACHINE\software\Realtek Semiconductor Corp.\Realtek High Definition Audio Driver]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\VideoMate\ComproPVR]
    @DACL=(02 0000)
    .
    Voltooingstijd: 2009-01-21 16:11:37
    ComboFix-quarantined-files.txt 2009-01-21 15:11:21
    ComboFix2.txt 2009-01-21 14:53:16
    ComboFix3.txt 2008-11-26 12:32:12
    ComboFix4.txt 2007-12-01 08:54:57

    Pre-Run: 41.476.993.024 bytes beschikbaar
    Post-Run: 41,461,596,160 bytes beschikbaar

    678 — E O F — 2009-01-14 22:06:55

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:57:39, on 21-1-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32
    etdde.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\clipsrv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Documents and Settings\Beneden\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\Windows Live\Mail\wlmail.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    wprovau.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe


    End of file - 2550 bytes




























  • Probleem lijkt opgelost?
    Dat dacht ik dus niet.




    Download Flash_Disinfector.exe en plaats hem op je bureaublad: http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe
    Zorg dat de flasdrives / usbsticks / externe harde schijven ook ingestoken zijn.
    Dubbelklik op Flash_Disinfector.exe om de tool te starten.
    Als de tool klaar is, zal de computer opnieuw starten.


    Ga naar Virustotal.com
    Upload het volgende bestand door het volgende te kopiëren/plakken (dus niet via "Bladeren…" opzoeken!): [b:1760c91a5f]C:\love.exe[/b:1760c91a5f]
    Wacht totdat het resultaat verschijnt. Post dit mee in je volgende reactie

    Doe hetzelfde met dit bestandje:[b:1760c91a5f]C:\crz.exe[/b:1760c91a5f]
    En deze:[b:1760c91a5f]C:\cohtrn.exe[/b:1760c91a5f]



    Open een kladblokbestand.
    Kopieer de onderstaande code, en plak deze in het kladblokbestand.

  • Op love kwam resultaat 7/38
    op crx greep avg in en is geheald
    op cohtrn kwam resultaat 16/38




    ComboFix 09-01-21.04 - Beneden 2009-01-24 11:28:42.13 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.1983.1508 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Beneden\Mijn documenten\Downloads\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Beneden\Mijn documenten\Downloads\CFScript.txt
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
    * Nieuw herstelpunt werd aangemaakt

    FILE ::
    C:
    tf5.exe
    c:\windows\winav.exe
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:
    tf5.exe
    c:\windows\winav.exe

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-12-24 to 2009-01-24 ))))))))))))))))))))))))))))))
    .

    2009-01-21 15:08 . 2009-01-21 15:08 <DIR> d——– c:\program files\Trend Micro
    2009-01-20 22:48 . 2009-01-21 13:59 102,912 –a—— C:\love.exe
    2009-01-20 21:35 . 2009-01-21 15:42 <DIR> dr-hs—- C:\RESTORE
    2009-01-19 10:49 . 2009-01-19 10:49 <DIR> d——– c:\program files\SopCast
    2009-01-17 12:53 . 2009-01-17 12:53 <DIR> d——– c:\program files\DivX
    2009-01-14 18:31 . 2006-09-14 07:12 429,568 –a—— C:\cohtrn.exe
    2009-01-14 18:19 . 2009-01-14 18:19 428 –a—— c:\windows\zipgenius.xml
    2009-01-14 07:17 . 2009-01-14 07:17 1,374 –a—— c:\windows\imsins.BAK
    2009-01-13 11:10 . 2009-01-14 18:00 664 –a—— c:\windows\system32\d3d9caps.dat
    2009-01-13 11:07 . 2009-01-14 18:05 <DIR> d——– c:\windows\NV13003428.TMP
    2009-01-13 11:07 . 2008-09-17 23:55 201,050 –a—— c:\windows\system32
    vapps.nvb
    2009-01-07 17:36 . 2009-01-07 17:41 <DIR> d——– C:\totalcmd
    2009-01-07 17:36 . 2009-01-07 17:40 729 –a—— c:\windows\wincmd.ini
    2009-01-07 17:36 . 2008-08-08 07:04 545 –a—— c:\windows\UC.PIF
    2009-01-07 17:36 . 2008-08-08 07:04 545 –a—— c:\windows\RAR.PIF
    2009-01-07 17:36 . 2008-08-08 07:04 545 –a—— c:\windows\PKZIP.PIF
    2009-01-07 17:36 . 2008-08-08 07:04 545 –a—— c:\windows\PKUNZIP.PIF
    2009-01-07 17:36 . 2008-08-08 07:04 545 –a—— c:\windows\NOCLOSE.PIF
    2009-01-07 17:36 . 2008-08-08 07:04 545 –a—— c:\windows\LHA.PIF
    2009-01-07 17:36 . 2008-08-08 07:04 545 –a—— c:\windows\ARJ.PIF
    2009-01-07 17:28 . 2009-01-07 17:28 <DIR> d——– c:\documents and settings\Beneden\Application Data\JockerSoft
    2009-01-02 10:44 . 2009-01-02 10:44 <DIR> d——– c:\program files\freshney.org
    2009-01-02 10:44 . 2009-01-02 10:44 <DIR> d——– c:\documents and settings\Beneden\Xinorbis
    2009-01-01 13:24 . 2009-01-01 13:25 <DIR> d——– c:\program files\ZipGenius 6
    2009-01-01 13:24 . 2009-01-04 17:04 <DIR> d——– c:\documents and settings\Beneden\Application Data\ZipGenius
    2008-12-31 09:31 . 2008-12-31 09:31 <DIR> d——– c:\program files\Shareaza
    2008-12-31 09:31 . 2008-12-31 09:31 <DIR> d——– c:\documents and settings\Beneden\Application Data\Shareaza
    2008-12-27 15:44 . 2008-12-27 15:44 <DIR> d——– c:\program files\Seagate
    2008-12-27 14:57 . 2008-12-27 14:57 <DIR> d——– c:\program files\HD Tune
    2008-12-26 17:11 . 2008-12-26 17:11 107,888 –a—— c:\windows\system32\CmdLineExt.dll
    2008-12-25 15:32 . 2008-12-25 15:32 <DIR> d——– c:\program files\EASEUS

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-24 10:17 ——— d—–w c:\program files\SPAMfighter
    2009-01-21 14:07 ——— d—–w c:\program files\Hijack This
    2008-12-31 13:42 ——— d—–w c:\documents and settings\Beneden\Application Data\LimeWire
    2008-12-27 14:29 ——— d—–w c:\program files\Common Files\Wise Installation Wizard
    2008-12-21 21:08 ——— d—–w c:\program files\RegCleaner
    2008-12-21 14:48 86,016 —-a-w c:\windows\system32\OpenAL32.dll
    2008-12-21 14:48 262,144 —-a-w c:\windows\system32\wrap_oal.dll
    2008-12-21 14:46 ——— d–h–w c:\program files\InstallShield Installation Information
    2008-12-21 14:46 ——— d—–w c:\program files\Futuremark
    2008-12-21 14:19 ——— d—–w c:\program files\Common Files\Futuremark Shared
    2008-12-19 21:17 ——— d—–w c:\program files\Malwarebytes' Anti-Malware
    2008-12-19 18:35 ——— d—–w c:\documents and settings\Beneden\Application Data\vlc
    2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys
    2008-12-11 00:33 86,016 —-a-w c:\windows\system32\dpl100.dll
    2008-12-11 00:33 200,704 —-a-w c:\windows\system32\dtu100.dll
    2008-12-09 02:28 593,920 —-a-w c:\windows\system32\dpuGUI11.dll
    2008-12-09 02:28 57,344 —-a-w c:\windows\system32\dpv11.dll
    2008-12-09 02:28 344,064 —-a-w c:\windows\system32\dpus11.dll
    2008-12-09 02:28 294,912 —-a-w c:\windows\system32\dpu11.dll
    2008-12-05 16:33 ——— d—–w c:\program files\Microsoft.NET
    2008-12-05 16:21 ——— d—–w c:\program files\microsoft frontpage
    2008-12-05 16:16 ——— d—–w c:\program files\Microsoft Works
    2008-12-03 18:52 38,496 —-a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2008-12-03 18:52 15,504 —-a-w c:\windows\system32\drivers\mbam.sys
    2008-11-27 07:51 225,280 —-a-w c:\windows\system32\BootMan.exe
    2008-11-26 14:58 472,064 —-a-w c:\windows\system32\NTFSFormat.dll
    2008-11-26 14:55 65,536 —-a-w c:\windows\system32\FatCopy.dll
    2008-11-26 14:54 17,920 —-a-w c:\windows\system32\SectorCopy.dll
    2008-11-26 14:54 139,776 —-a-w c:\windows\system32\NTFSCopy.dll
    2008-11-26 14:52 86,016 —-a-w c:\windows\system32\ResizeNTFS.dll
    2008-11-26 14:51 93,184 —-a-w c:\windows\system32\Partition.dll
    2008-11-26 14:51 61,952 —-a-w c:\windows\system32\FatResizeMove.dll
    2008-11-26 14:51 45,568 —-a-w c:\windows\system32\FileSystemCheck.dll
    2008-11-26 14:50 180,736 —-a-w c:\windows\system32\DeviceManager.dll
    2008-11-26 14:49 86,528 —-a-w c:\windows\system32\NTFSLib.dll
    2008-11-26 14:49 31,744 —-a-w c:\windows\system32\FatLib.dll
    2008-11-26 14:49 22,016 —-a-w c:\windows\system32\FatFormat.dll
    2008-11-26 14:48 68,096 —-a-w c:\windows\system32\Device.dll
    2008-11-26 14:48 6,656 —-a-w c:\windows\system32\CallbackOperator.dll
    2008-11-26 14:48 24,576 —-a-w c:\windows\system32\NTFSFileSystemAnalyser.dll
    2008-11-26 14:48 21,504 —-a-w c:\windows\system32\Fixup.dll
    2008-11-26 14:48 14,848 —-a-w c:\windows\system32\FileSystemAnalyser.dll
    2008-11-26 14:48 10,752 —-a-w c:\windows\system32\DeviceAdapter.dll
    2008-11-26 14:47 25,088 —-a-w c:\windows\system32\FATFileSystemAnalyser.dll
    2008-11-25 16:18 86,408 —-a-w c:\windows\system32\setupempdrv03.exe
    2008-11-25 16:18 8,704 —-a-w c:\windows\system32\epmntdrv.sys
    2008-11-25 16:18 3,072 —-a-w c:\windows\system32\EuGdiDrv.sys
    2008-11-25 16:18 14,848 —-a-w c:\windows\system32\EuEpmGdi.dll
    2008-11-06 16:37 524,288 —-a-w c:\windows\system32\DivXsm.exe
    2008-11-06 16:37 3,596,288 —-a-w c:\windows\system32\qt-dx331.dll
    2008-11-06 16:35 200,704 —-a-w c:\windows\system32\ssldivx.dll
    2008-11-06 16:35 1,044,480 —-a-w c:\windows\system32\libdivx.dll
    2008-11-06 16:33 823,296 —-a-w c:\windows\system32\divx_xx0c.dll
    2008-11-06 16:33 823,296 —-a-w c:\windows\system32\divx_xx07.dll
    2008-11-06 16:33 815,104 —-a-w c:\windows\system32\divx_xx0a.dll
    2008-11-06 16:33 802,816 —-a-w c:\windows\system32\divx_xx11.dll
    2008-11-06 16:33 684,032 —-a-w c:\windows\system32\DivX.dll
    2008-11-06 16:33 12,288 —-a-w c:\windows\system32\DivXWMPExtType.dll
    2008-11-02 14:07 15,628 —-a-w c:\program files\Furnish Lite uninstal.log
    2008-06-18 15:04 56,912 —-a-w c:\documents and settings\Beneden\g2mdlhlpx.exe
    2008-05-15 20:09 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008051520080516\index.dat
    2008-05-15 20:09 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    .

    ——- Sigcheck ——-

    2006-03-02 13:00 14336 ab8c6d89a897bacba4657fdf00e344a6 c:\windows\$NtServicePackUninstall$\svchost.exe
    2008-04-14 18:03 14336 e410ec73e2be2a41d923b006f51c8427 c:\windows\ServicePackFiles\i386\svchost.exe
    2008-04-14 18:03 14336 e410ec73e2be2a41d923b006f51c8427 c:\windows\system32\svchost.exe

    2005-03-02 19:21 578560 0b62745ce93e8c6f56547f70269dbabc c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
    2007-03-08 16:51 579584 fa35431e333943f4b2a6d33fa4ee3ce9 c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
    2007-03-08 16:39 579072 cb18f701a5d55a6308fab8d18322c060 c:\windows\$NtServicePackUninstall$\user32.dll
    2006-03-02 13:00 578560 8e5d344fd717d35ee7ed1c8e0ad0cbe6 c:\windows\$NtUninstallKB890859$\user32.dll
    2005-03-02 19:19 578560 a9f2ebfc6ef9c1fb38cedcf747162b6c c:\windows\$NtUninstallKB925902$\user32.dll
    2008-04-14 18:02 580096 4cf588d2f2363b73eb4af57967d46dff c:\windows\ServicePackFiles\i386\user32.dll
    2008-04-14 18:02 580096 4cf588d2f2363b73eb4af57967d46dff c:\windows\system32\user32.dll

    2006-03-02 13:00 82944 06ebcbe58321e924980148b7e3dbd753 c:\windows\$NtServicePackUninstall$\ws2_32.dll
    2008-04-14 18:02 82432 520391367546218929749612abfe840c c:\windows\ServicePackFiles\i386\ws2_32.dll
    2008-04-14 18:02 82432 520391367546218929749612abfe840c c:\windows\system32\ws2_32.dll

    2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
    2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
    2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtServicePackUninstall$\tcpip.sys
    2006-03-02 13:00 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB917953$\tcpip.sys
    2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys
    2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\$NtUninstallKB951748$\tcpip.sys
    2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\tcpip.sys
    2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\dllcache\tcpip.sys
    2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\drivers\tcpip.sys

    2006-03-02 13:00 504832 732ed791711df9c9dd15e5515bc681b8 c:\windows\$NtServicePackUninstall$\winlogon.exe
    2008-04-14 18:03 510464 1247d4d5444e28519bbe31be8ab4c029 c:\windows\ServicePackFiles\i386\winlogon.exe
    2008-04-14 18:03 510464 1247d4d5444e28519bbe31be8ab4c029 c:\windows\system32\winlogon.exe

    2006-03-02 13:00 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\$NtServicePackUninstall$
    dis.sys
    2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386
    dis.sys
    2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers
    dis.sys

    2006-03-02 13:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
    2008-04-13 19:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\ServicePackFiles\i386\ip6fw.sys
    2008-04-13 19:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\system32\drivers\ip6fw.sys

    2005-03-02 19:14 2061312 c26d84b802567e629d42861a11c7ec04 c:\windows\$hf_mig$\KB890859\SP2QFE
    tkrnlpa.exe
    2007-02-28 17:09 2063744 f51b8d8b0703518349096604e788b83e c:\windows\$hf_mig$\KB931784\SP2QFE
    tkrnlpa.exe
    2008-08-14 18:28 2070400 de961b54d30c7dd6aa6c3bd27d584e30 c:\windows\$hf_mig$\KB956841\SP3QFE
    tkrnlpa.exe
    2007-02-28 17:05 2061952 57b09ad681c1d8db77ccc3e92d8f5d14 c:\windows\$NtServicePackUninstall$
    tkrnlpa.exe
    2006-03-02 13:00 2061184 e0399688d466b7c3afdffb5a2ed9f351 c:\windows\$NtUninstallKB890859$
    tkrnlpa.exe
    2005-03-02 19:09 2061184 c6cf1974acdb8329daf9d001c0937cb0 c:\windows\$NtUninstallKB931784$
    tkrnlpa.exe
    2008-04-14 17:41 2070272 6129da5c68c13dca12e77580730fd770 c:\windows\$NtUninstallKB956841$
    tkrnlpa.exe
    2008-08-14 14:27 2070400 c92e65cbb38161373319bb11340de919 c:\windows\Driver Cache\i386
    tkrnlpa.exe
    2008-04-14 17:41 2070272 6129da5c68c13dca12e77580730fd770 c:\windows\ServicePackFiles\i386
    tkrnlpa.exe
    2008-08-14 14:27 2070400 c92e65cbb38161373319bb11340de919 c:\windows\system32
    tkrnlpa.exe
    2008-08-14 14:27 2070400 c92e65cbb38161373319bb11340de919 c:\windows\system32\dllcache
    tkrnlpa.exe

    2005-03-02 19:15 2183936 5db3e8dec987b5d350e4a105dceaee6a c:\windows\$hf_mig$\KB890859\SP2QFE
    toskrnl.exe
    2007-02-28 17:09 2186496 59dca97dc201792c1ccf9fe621ee5ed7 c:\windows\$hf_mig$\KB931784\SP2QFE
    toskrnl.exe
    2008-08-14 18:28 2193536 e332b6de826d4222a758e3264ad8d520 c:\windows\$hf_mig$\KB956841\SP3QFE
    toskrnl.exe
    2007-02-28 17:05 2184704 caaa8fd3c034a227691a43b60873f097 c:\windows\$NtServicePackUninstall$
    toskrnl.exe
    2006-03-02 13:00 2185344 87aaea3908e069fb1be37380c895dfb8 c:\windows\$NtUninstallKB890859$
    toskrnl.exe
    2005-03-02 19:09 2183680 281a1e82f5f8fc0b2f4b57ef296a4240 c:\windows\$NtUninstallKB931784$
    toskrnl.exe
    2008-04-14 17:42 2193408 140a1bad8a6642c1386bb5b388eb447f c:\windows\$NtUninstallKB956841$
    toskrnl.exe
    2008-08-14 14:27 2193536 3e5e63d926c5e9f81045f3646815d2a1 c:\windows\Driver Cache\i386
    toskrnl.exe
    2008-04-14 17:42 2193408 140a1bad8a6642c1386bb5b388eb447f c:\windows\ServicePackFiles\i386
    toskrnl.exe
    2008-08-14 14:27 2193536 3e5e63d926c5e9f81045f3646815d2a1 c:\windows\system32
    toskrnl.exe
    2008-08-14 14:27 2193536 3e5e63d926c5e9f81045f3646815d2a1 c:\windows\system32\dllcache
    toskrnl.exe

    2008-04-14 18:02 1037312 aa04f042a820bf1868e643575887e1a6 c:\windows\explorer.exe
    2007-06-13 14:12 1036800 1d6245afbd3faabc16a885116be1874d c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
    2007-06-13 14:24 1036800 147e95a42a58ce99e403f7f57656bbeb c:\windows\$NtServicePackUninstall$\explorer.exe
    2006-03-02 13:00 1035776 a1d7304a87fc3093150f5e3cc7b0f338 c:\windows\$NtUninstallKB938828$\explorer.exe
    2008-04-14 18:02 1037312 aa04f042a820bf1868e643575887e1a6 c:\windows\ServicePackFiles\i386\explorer.exe

    2006-03-02 13:00 108544 39991cd3c17b7529d039151a88e84499 c:\windows\$NtServicePackUninstall$\services.exe
    2008-04-14 18:03 109056 b77bc5cd88eb96d4352af5202ec4aec2 c:\windows\ServicePackFiles\i386\services.exe
    2008-04-14 18:03 109056 b77bc5cd88eb96d4352af5202ec4aec2 c:\windows\system32\services.exe

    2006-03-02 13:00 13312 34a82debefb057fcccbe15f619fc98a7 c:\windows\$NtServicePackUninstall$\lsass.exe
    2008-04-14 18:03 13312 8754210a3399d19610ce2d71e0c3e5d9 c:\windows\ServicePackFiles\i386\lsass.exe
    2008-04-14 18:03 13312 8754210a3399d19610ce2d71e0c3e5d9 c:\windows\system32\lsass.exe

    2006-03-02 13:00 15360 7de46c9c40abb58c8fdfe0212a3bf2b4 c:\windows\$NtServicePackUninstall$\ctfmon.exe
    2008-04-14 18:02 15360 e98a8c802cdb31fcf4121d9dfbea3677 c:\windows\ServicePackFiles\i386\ctfmon.exe
    2008-04-14 18:02 15360 e98a8c802cdb31fcf4121d9dfbea3677 c:\windows\system32\ctfmon.exe

    2005-06-11 01:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
    2005-06-11 00:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f c:\windows\$NtServicePackUninstall$\spoolsv.exe
    2006-03-02 13:00 57856 cccb8b94b17466efb9dc27f42625b0e5 c:\windows\$NtUninstallKB896423$\spoolsv.exe
    2008-04-14 18:03 57856 db454135de1a09fe7feda7b554b5cca2 c:\windows\ServicePackFiles\i386\spoolsv.exe
    2008-04-14 18:03 57856 db454135de1a09fe7feda7b554b5cca2 c:\windows\system32\spoolsv.exe

    2006-03-02 13:00 24576 de7a0ee4a6a28e6dfe3118eb22468da6 c:\windows\$NtServicePackUninstall$\userinit.exe
    2008-04-14 18:03 26112 6818a533ed3b2fa9936df3daf45352df c:\windows\ServicePackFiles\i386\userinit.exe
    2008-04-14 18:03 26112 6818a533ed3b2fa9936df3daf45352df c:\windows\system32\userinit.exe

    2006-03-02 13:00 297472 e2ce999886a4636026f157deb886aa94 c:\windows\$NtServicePackUninstall$\termsrv.dll
    2008-04-14 18:02 297472 e0aef86a594c9990d6321c5ca239c5b7 c:\windows\ServicePackFiles\i386\termsrv.dll
    2008-04-14 18:02 297472 e0aef86a594c9990d6321c5ca239c5b7 c:\windows\system32\termsrv.dll

    2006-07-05 11:58 1026048 8672ce1e9baf84ec0665d73db8849edb c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
    2007-04-16 17:11 1027072 68757f5935d6d76dd10975b7b7a9751d c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
    2007-04-16 16:54 1025536 6557ea471552bb9af16b66902d572bd5 c:\windows\$NtServicePackUninstall$\kernel32.dll
    2006-03-02 13:00 1024512 54379bd67780fdbbe1590eec142a659c c:\windows\$NtUninstallKB917422$\kernel32.dll
    2006-07-05 11:56 1025024 f2352fb7d9e5c70374568724a32b5cb7 c:\windows\$NtUninstallKB935839$\kernel32.dll
    2008-04-14 18:02 1030656 09bcb7171f8172c2ba0189fe1f9c25cb c:\windows\ServicePackFiles\i386\kernel32.dll
    2008-04-14 18:02 1030656 09bcb7171f8172c2ba0189fe1f9c25cb c:\windows\system32\kernel32.dll

    2006-03-02 13:00 17408 d5a792db732622a393a0469fe6eaa728 c:\windows\$NtServicePackUninstall$\powrprof.dll
    2008-04-14 18:02 17408 32167ce0150dc2a269d99689a143fb67 c:\windows\ServicePackFiles\i386\powrprof.dll
    2008-04-14 18:02 17408 32167ce0150dc2a269d99689a143fb67 c:\windows\system32\powrprof.dll
    .
    ((((((((((((((((((((((((((((( snapshot_2009-01-21_15.52.19.64 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-01-21 13:18:57 64,488 —-a-w c:\windows\system32\perfc009.dat
    + 2009-01-24 10:21:11 64,488 —-a-w c:\windows\system32\perfc009.dat
    - 2009-01-21 13:18:57 84,432 —-a-w c:\windows\system32\perfc013.dat
    + 2009-01-24 10:21:11 84,432 —-a-w c:\windows\system32\perfc013.dat
    - 2009-01-21 13:18:57 409,540 —-a-w c:\windows\system32\perfh009.dat
    + 2009-01-24 10:21:11 409,540 —-a-w c:\windows\system32\perfh009.dat
    - 2009-01-21 13:18:57 475,216 —-a-w c:\windows\system32\perfh013.dat
    + 2009-01-24 10:21:11 475,216 —-a-w c:\windows\system32\perfh013.dat
    + 2009-01-24 10:17:12 16,384 —-atw c:\windows\TEMP\Perflib_Perfdata_6b8.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.I420"= vdrcodec.dll
    "VIDC.MJPG"= Pvmjpg21.dll
    "VIDC.PIM1"= pclepim1.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Desktop Search.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^Beneden^Menu Start^Programma's^Opstarten^Mediacontrole Picture Motion Browser.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^Beneden^Menu Start^Programma's^Opstarten^OpenOffice.org 2.4 .lnk]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    –a—— 2007-03-22 15:09 63712 c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    –a—— 2008-04-14 18:02 15360 c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    –a—-t- 2008-09-04 21:33 133104 c:\documents and settings\Beneden\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
    –a—— 2008-12-03 19:52 1265296 c:\program files\Malwarebytes' Anti-Malware\mbam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    –a—— 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    –a—— 2006-01-12 14:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPAMfighter Agent]
    –a—— 2008-04-29 13:49 321160 c:\program files\SPAMfighter\SFAgent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    –a—— 2008-09-28 08:37 144792 c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    –a—— 2007-10-19 08:46 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update]
    -r-hs—- 2009-01-20 23:00 99890 c:\program files\Common Files\System\sysdrv32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "usnjsvc"=3 (0x3)
    "ose"=3 (0x3)
    "NVSvc"=2 (0x2)
    "MDM"=2 (0x2)
    "AdobeActiveFileMonitor5.0"=2 (0x2)
    "ERSvc"=2 (0x2)
    "CryptSvc"=3 (0x3)
    "WSearch"=2 (0x2)
    "gusvc"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Azureus\\Azureus.exe"=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Shareaza\\Shareaza.exe"=
    "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
    "c:\\Program Files\\SopCast\\SopCast.exe"=
    "c:\\Program Files\\Common Files\\System\\sysdrv32.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6667:TCP"= 6667:TCP:sha
    "6346:TCP"= 6346:TCP:sh
    "1118:UDP"= 1118:UDP:Windows Media Format SDK (iexplore.exe)
    "1119:UDP"= 1119:UDP:Windows Media Format SDK (iexplore.exe)
    "1127:UDP"= 1127:UDP:Windows Media Format SDK (iexplore.exe)
    "1126:UDP"= 1126:UDP:Windows Media Format SDK (iexplore.exe)

    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-05-24 97928]
    R3 PhTVTune;VideoMate TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [2007-05-17 18560]
    R4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-04 875288]
    R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 231704]
    R4 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-05-24 76040]
    R4 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2008-04-29 184968]
    S3 cpuz130;cpuz130;\??\c:\docume~1\Beneden\LOCALS~1\Temp\cpuz130\cpuz_x32.sys –> c:\docume~1\Beneden\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2008-12-25 8704]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2008-12-25 3072]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-01-23 c:\windows\Tasks\1-Click Maintenance.job
    - c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-26 21:51]

    2009-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1123561945-839522115-1006.job
    - c:\documents and settings\Beneden\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 21:33]

    2007-12-09 c:\windows\Tasks\RegCure Program Check.job
    - c:\program files\RegCure\RegCure.exe [2007-12-02 12:37]

    2007-12-09 c:\windows\Tasks\RegCure.job
    - c:\program files\RegCure\RegCure.exe [2007-12-02 12:37]
    .
    - - - - ORPHANS VERWIJDERD - - - -

    MSConfigStartUp-win system - c:\windows\winav.exe


    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.startpagina.nl/
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-24 11:31:54
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,ca,87,42,88,ff,
    bb,56,1c,c8,28,51,af,b0,29,a3,98,9c,82,1b,35,17,a8,fb,02,e2,63,26,f1,3f,c8,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,7a,0a,59,88,8b,
    51,6a,98,71,3b,04,66,8b,46,0d,96,a2,40,26,d2,bb,08,a1,3f,6a,9c,d6,61,af,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,0f,ef,1f,5a,19,
    ff,53,6c,25,da,ec,7e,55,20,c9,26,e0,8d,0f,13,db,8a,bc,55,ff,7c,85,e0,43,d4,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,9e,e4,ee,e5,f1,
    ac,2c,f6,3e,1e,9e,e0,57,5a,93,61,a9,cd,4c,ef,0e,f6,a0,bf,86,8c,21,01,be,91,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,22,65,1e,17,6a,
    c3,8d,39,cd,44,cd,b9,a6,33,6c,cd,e9,b9,45,ab,68,66,8d,2d,f5,1d,4d,73,a8,13,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,83,ff,99,58,22,
    ed,71,68,b0,18,ed,a7,3f,8d,37,a4,77,2e,00,17,0f,b8,0f,77,df,20,58,62,78,6b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,55,ff,da,52,cd,
    70,51,69,31,77,e1,ba,b1,f8,68,02,70,be,b5,49,f8,ad,2b,61,fb,a7,78,e6,12,2f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,e9,8a,27,8f,51,
    97,55,9d,83,6c,56,8b,a0,85,96,ab,72,72,db,5d,d6,e4,dc,fa,01,3a,48,fc,e8,04,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,29,e7,60,a1,e9,
    5e,4e,16,51,fa,6e,91,28,9e,14,cc,27,8c,47,14,35,30,71,a1,f6,0f,4e,58,98,5b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,6c,4b,8c,2b,a6,
    d0,5a,e1,b1,cd,45,5a,a8,c4,f8,b9,23,8c,12,f4,59,39,88,1d,3d,ce,ea,26,2d,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,31,20,58,60,14,
    d6,00,e1,e3,0e,66,d5,eb,bc,2f,6b,77,d7,c8,74,9d,dd,f2,73,2a,b7,cc,b5,b9,7f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,a0,9d,ce,9a,ac,
    c1,e0,ec,fa,ea,66,7f,d4,3b,6b,70,10,73,e6,09,13,42,a9,b6,6c,43,2d,1e,aa,22,\

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{12510DD1-84D0-4CA4-95D1-595B3831CC8F}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="16"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{12510DD1-84D0-4CA4-95D1-595B3831CC8F}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{12510DD1-84D0-4CA4-95D1-595B3831CC8F}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{94478404-6236-40C4-8850-DF09CE6D95BC}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{12510DD1-84D0-4CA4-95D1-595B3831CC8F}\TypeLib]
    @DACL=(02 0000)
    @="{A591F293-0DB9-4241-B82A-FD754A9370C4}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{38183A1A-D279-4DB5-8C80-2535070CED16}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="15"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{38183A1A-D279-4DB5-8C80-2535070CED16}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{38183A1A-D279-4DB5-8C80-2535070CED16}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{94478404-6236-40C4-8850-DF09CE6D95BC}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{38183A1A-D279-4DB5-8C80-2535070CED16}\TypeLib]
    @DACL=(02 0000)
    @="{A591F293-0DB9-4241-B82A-FD754A9370C4}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{3B089AF4-2197-4391-B1A6-C6A1E1B05BE1}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{3B089AF4-2197-4391-B1A6-C6A1E1B05BE1}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{3B089AF4-2197-4391-B1A6-C6A1E1B05BE1}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{B2C86B23-DE6A-4B0E-A4C2-0EF039A0392A}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{3B089AF4-2197-4391-B1A6-C6A1E1B05BE1}\TypeLib]
    @DACL=(02 0000)
    @="{6C13A1F5-8891-4C29-9A24-3BCA07419128}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{60010E23-CA47-42C0-8D2C-BCDE35310A3D}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="9"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{60010E23-CA47-42C0-8D2C-BCDE35310A3D}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{60010E23-CA47-42C0-8D2C-BCDE35310A3D}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{B5BAD031-12CB-465E-82D6-11B5C536BCD9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{60010E23-CA47-42C0-8D2C-BCDE35310A3D}\TypeLib]
    @DACL=(02 0000)
    @="{D6F870AF-7292-4670-96D3-EAA62A31FB08}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{678EB2A8-C6EB-44E4-A069-029008E82E33}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="15"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{678EB2A8-C6EB-44E4-A069-029008E82E33}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{678EB2A8-C6EB-44E4-A069-029008E82E33}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{94478404-6236-40C4-8850-DF09CE6D95BC}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{678EB2A8-C6EB-44E4-A069-029008E82E33}\TypeLib]
    @DACL=(02 0000)
    @="{A591F293-0DB9-4241-B82A-FD754A9370C4}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{69434B5E-9D4B-4F40-8CBF-5400AA81D43A}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="8"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{69434B5E-9D4B-4F40-8CBF-5400AA81D43A}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{69434B5E-9D4B-4F40-8CBF-5400AA81D43A}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{94478404-6236-40C4-8850-DF09CE6D95BC}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{69434B5E-9D4B-4F40-8CBF-5400AA81D43A}\TypeLib]
    @DACL=(02 0000)
    @="{A591F293-0DB9-4241-B82A-FD754A9370C4}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{8F48F51E-402B-48E3-9FFC-6B4433540A3C}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="11"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{8F48F51E-402B-48E3-9FFC-6B4433540A3C}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{8F48F51E-402B-48E3-9FFC-6B4433540A3C}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{94478404-6236-40C4-8850-DF09CE6D95BC}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{8F48F51E-402B-48E3-9FFC-6B4433540A3C}\TypeLib]
    @DACL=(02 0000)
    @="{A591F293-0DB9-4241-B82A-FD754A9370C4}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{90FD3C81-2B44-43DD-B93C-80CC798F10EB}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="15"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{90FD3C81-2B44-43DD-B93C-80CC798F10EB}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{90FD3C81-2B44-43DD-B93C-80CC798F10EB}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{94478404-6236-40C4-8850-DF09CE6D95BC}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{90FD3C81-2B44-43DD-B93C-80CC798F10EB}\TypeLib]
    @DACL=(02 0000)
    @="{A591F293-0DB9-4241-B82A-FD754A9370C4}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{94478404-6236-40C4-8850-DF09CE6D95BC}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="13"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{94478404-6236-40C4-8850-DF09CE6D95BC}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{94478404-6236-40C4-8850-DF09CE6D95BC}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{94478404-6236-40C4-8850-DF09CE6D95BC}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{94478404-6236-40C4-8850-DF09CE6D95BC}\TypeLib]
    @DACL=(02 0000)
    @="{A591F293-0DB9-4241-B82A-FD754A9370C4}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{963EED81-E2D3-456E-9ECE-B56B38CBE175}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="20"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{963EED81-E2D3-456E-9ECE-B56B38CBE175}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{963EED81-E2D3-456E-9ECE-B56B38CBE175}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{94478404-6236-40C4-8850-DF09CE6D95BC}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{963EED81-E2D3-456E-9ECE-B56B38CBE175}\TypeLib]
    @DACL=(02 0000)
    @="{A591F293-0DB9-4241-B82A-FD754A9370C4}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{B2C86B23-DE6A-4B0E-A4C2-0EF039A0392A}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="9"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{B2C86B23-DE6A-4B0E-A4C2-0EF039A0392A}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{B2C86B23-DE6A-4B0E-A4C2-0EF039A0392A}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{B2C86B23-DE6A-4B0E-A4C2-0EF039A0392A}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{B2C86B23-DE6A-4B0E-A4C2-0EF039A0392A}\TypeLib]
    @DACL=(02 0000)
    @="{6C13A1F5-8891-4C29-9A24-3BCA07419128}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{C6C458C2-07FE-4E89-976B-2BED5C5F3ECD}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="9"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{C6C458C2-07FE-4E89-976B-2BED5C5F3ECD}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{C6C458C2-07FE-4E89-976B-2BED5C5F3ECD}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{B5BAD031-12CB-465E-82D6-11B5C536BCD9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{C6C458C2-07FE-4E89-976B-2BED5C5F3ECD}\TypeLib]
    @DACL=(02 0000)
    @="{D6F870AF-7292-4670-96D3-EAA62A31FB08}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{D0D564BD-BC70-4A0B-89B7-043AB0135137}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="20"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{D0D564BD-BC70-4A0B-89B7-043AB0135137}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{D0D564BD-BC70-4A0B-89B7-043AB0135137}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{94478404-6236-40C4-8850-DF09CE6D95BC}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{D0D564BD-BC70-4A0B-89B7-043AB0135137}\TypeLib]
    @DACL=(02 0000)
    @="{A591F293-0DB9-4241-B82A-FD754A9370C4}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{D42A01FD-9D01-4C45-AA3E-1689E7033643}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="7"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{D42A01FD-9D01-4C45-AA3E-1689E7033643}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{D42A01FD-9D01-4C45-AA3E-1689E7033643}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{B2C86B23-DE6A-4B0E-A4C2-0EF039A0392A}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{D42A01FD-9D01-4C45-AA3E-1689E7033643}\TypeLib]
    @DACL=(02 0000)
    @="{6C13A1F5-8891-4C29-9A24-3BCA07419128}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E4C19BBD-F457-4760-8144-0FA2B3903764}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="13"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E4C19BBD-F457-4760-8144-0FA2B3903764}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E4C19BBD-F457-4760-8144-0FA2B3903764}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{94478404-6236-40C4-8850-DF09CE6D95BC}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E4C19BBD-F457-4760-8144-0FA2B3903764}\TypeLib]
    @DACL=(02 0000)
    @="{A591F293-0DB9-4241-B82A-FD754A9370C4}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{FB010785-9D62-450C-B81B-F3EF3B00C4D9}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="6"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{FB010785-9D62-450C-B81B-F3EF3B00C4D9}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{FB010785-9D62-450C-B81B-F3EF3B00C4D9}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{B2C86B23-DE6A-4B0E-A4C2-0EF039A0392A}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{FB010785-9D62-450C-B81B-F3EF3B00C4D9}\TypeLib]
    @DACL=(02 0000)
    @="{6C13A1F5-8891-4C29-9A24-3BCA07419128}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{57A0E746-3863-4D20-A811-950C84F1DB9B}\1.1]
    @DACL=(02 0000)
    @="FlashAccessibility"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
    "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{077ACEC7-979C-40AB-9835-435BA1511E0D}]
    @DACL=(02 0000)
    "FriendlyName"="Windows Media Files"
    "ComponentGUID"="{077ACEC7-979C-40AB-9835-435BA1511E0D}"
    "Version"=dword:000a0000
    "Sub-Version"=dword:00000eda
    "ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{077ACEC7-979C-40AB-9835-435BA1511E0D}\\MPPRE10.inf"
    "ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{077ACEC7-979C-40AB-9835-435BA1511E0D}\\mppre10.cat"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{30C7234B-6482-4A55-A11D-ECD9030313F2}]
    @DACL=(02 0000)
    "FriendlyName"="Windows Media Files"
    "ComponentGUID"="{30C7234B-6482-4A55-A11D-ECD9030313F2}"
    "Version"=dword:000a0000
    "Sub-Version"=dword:00000eda
    "ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{30C7234B-6482-4A55-A11D-ECD9030313F2}\\WMDM10.inf"
    "ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{30C7234B-6482-4A55-A11D-ECD9030313F2}\\wmdm10.cat"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{981FB688-E76B-4246-987B-92083185B90A}]
    @DACL=(02 0000)
    "FriendlyName"="Windows Media Files"
    "ComponentGUID"="{981FB688-E76B-4246-987B-92083185B90A}"
    "Version"=dword:000a0000
    "Sub-Version"=dword:00000eda
    "ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{981FB688-E76B-4246-987B-92083185B90A}\\WPD10.inf"
    "ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{981FB688-E76B-4246-987B-92083185B90A}\\wpd10.cat"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{A47B3654-48EE-48A5-B629-97D70175E58F}]
    @DACL=(02 0000)
    "FriendlyName"="Windows Media Files"
    "ComponentGUID"="{A47B3654-48EE-48A5-B629-97D70175E58F}"
    "Version"=dword:000a0000
    "Sub-Version"=dword:00000eda
    "ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{A47B3654-48EE-48A5-B629-97D70175E58F}\\codecs10.inf"
    "ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{A47B3654-48EE-48A5-B629-97D70175E58F}\\codecs10.cat"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}]
    @DACL=(02 0000)
    "FriendlyName"="Windows Media Files"
    "ComponentGUID"="{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}"
    "Version"=dword:000a0000
    "Sub-Version"=dword:00000eda
    "ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\\WMFSDK10.inf"
    "ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\\wmfsdk10.cat"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}]
    @DACL=(02 0000)
    "FriendlyName"="Windows Media Files"
    "ComponentGUID"="{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}"
    "Version"=dword:000a0000
    "Sub-Version"=dword:00000eda
    "ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\\DRM10.inf"
    "ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\\drm10.cat"

    [HKEY_LOCAL_MACHINE\software\Realtek Semiconductor Corp.\Realtek High Definition Audio Driver]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\VideoMate\ComproPVR]
    @DACL=(02 0000)
    .
    Voltooingstijd: 2009-01-24 11:33:58
    ComboFix-quarantined-files.txt 2009-01-24 10:33:40
    ComboFix2.txt 2009-01-22 21:54:39
    ComboFix3.txt 2009-01-21 15:11:39
    ComboFix4.txt 2009-01-21 14:53:16
    ComboFix5.txt 2009-01-24 10:27:35

    Pre-Run: 41.323.319.296 bytes beschikbaar
    Post-Run: 41,338,257,408 bytes beschikbaar

    679 — E O F — 2009-01-14 22:06:55



























  • Open een kladblokbestand.
    Kopieer de onderstaande code, en plak deze in het kladblokbestand.

  • ComboFix 09-01-21.04 - Beneden 2009-01-24 12:49:00.14 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.1983.1469 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Beneden\Mijn documenten\Downloads\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Beneden\Mijn documenten\Downloads\CFScript.txt
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
    * Nieuw herstelpunt werd aangemaakt

    FILE ::
    C:\cohtrn.exe
    C:\love.exe
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\cohtrn.exe
    C:\love.exe
    c:\windows\NV13003428.TMP
    c:\windows\NV13003428.TMP
    v3d.chm
    c:\windows\NV13003428.TMP
    v3dara.chm
    c:\windows\NV13003428.TMP
    v3dchs.chm
    c:\windows\NV13003428.TMP
    v3dcht.chm
    c:\windows\NV13003428.TMP
    v3dcsy.chm
    c:\windows\NV13003428.TMP
    v3ddan.chm
    c:\windows\NV13003428.TMP
    v3ddeu.chm
    c:\windows\NV13003428.TMP
    v3dell.chm
    c:\windows\NV13003428.TMP
    v3deng.chm
    c:\windows\NV13003428.TMP
    v3desm.chm
    c:\windows\NV13003428.TMP
    v3desn.chm
    c:\windows\NV13003428.TMP
    v3dfin.chm
    c:\windows\NV13003428.TMP
    v3dfra.chm
    c:\windows\NV13003428.TMP
    v3dheb.chm
    c:\windows\NV13003428.TMP
    v3dhun.chm
    c:\windows\NV13003428.TMP
    v3dita.chm
    c:\windows\NV13003428.TMP
    v3djpn.chm
    c:\windows\NV13003428.TMP
    v3dkor.chm
    c:\windows\NV13003428.TMP
    v3dnld.chm
    c:\windows\NV13003428.TMP
    v3dnor.chm
    c:\windows\NV13003428.TMP
    v3dplk.chm
    c:\windows\NV13003428.TMP
    v3dptb.chm
    c:\windows\NV13003428.TMP
    v3dptg.chm
    c:\windows\NV13003428.TMP
    v3drus.chm
    c:\windows\NV13003428.TMP
    v3dsky.chm
    c:\windows\NV13003428.TMP
    v3dslv.chm
    c:\windows\NV13003428.TMP
    v3dsve.chm
    c:\windows\NV13003428.TMP
    v3dtha.chm
    c:\windows\NV13003428.TMP
    v3dtrk.chm
    c:\windows\NV13003428.TMP
    vcpl.chm
    c:\windows\NV13003428.TMP
    vcplara.chm
    c:\windows\NV13003428.TMP
    vcplchs.chm
    c:\windows\NV13003428.TMP
    vcplcht.chm
    c:\windows\NV13003428.TMP
    vcplcsy.chm
    c:\windows\NV13003428.TMP
    vcpldan.chm
    c:\windows\NV13003428.TMP
    vcpldeu.chm
    c:\windows\NV13003428.TMP
    vcplell.chm
    c:\windows\NV13003428.TMP
    vcpleng.chm
    c:\windows\NV13003428.TMP
    vcplesm.chm
    c:\windows\NV13003428.TMP
    vcplesn.chm
    c:\windows\NV13003428.TMP
    vcplfin.chm
    c:\windows\NV13003428.TMP
    vcplfra.chm
    c:\windows\NV13003428.TMP
    vcplheb.chm
    c:\windows\NV13003428.TMP
    vcplhun.chm
    c:\windows\NV13003428.TMP
    vcplita.chm
    c:\windows\NV13003428.TMP
    vcpljpn.chm
    c:\windows\NV13003428.TMP
    vcplkor.chm
    c:\windows\NV13003428.TMP
    vcplnld.chm
    c:\windows\NV13003428.TMP
    vcplnor.chm
    c:\windows\NV13003428.TMP
    vcplplk.chm
    c:\windows\NV13003428.TMP
    vcplptb.chm
    c:\windows\NV13003428.TMP
    vcplptg.chm
    c:\windows\NV13003428.TMP
    vcplrus.chm
    c:\windows\NV13003428.TMP
    vcplsky.chm
    c:\windows\NV13003428.TMP
    vcplslv.chm
    c:\windows\NV13003428.TMP
    vcplsve.chm
    c:\windows\NV13003428.TMP
    vcpltha.chm
    c:\windows\NV13003428.TMP
    vcpltrk.chm
    c:\windows\NV13003428.TMP
    vdsp.chm
    c:\windows\NV13003428.TMP
    vdspara.chm
    c:\windows\NV13003428.TMP
    vdspchs.chm
    c:\windows\NV13003428.TMP
    vdspcht.chm
    c:\windows\NV13003428.TMP
    vdspcsy.chm
    c:\windows\NV13003428.TMP
    vdspdan.chm
    c:\windows\NV13003428.TMP
    vdspdeu.chm
    c:\windows\NV13003428.TMP
    vdspell.chm
    c:\windows\NV13003428.TMP
    vdspeng.chm
    c:\windows\NV13003428.TMP
    vdspesm.chm
    c:\windows\NV13003428.TMP
    vdspesn.chm
    c:\windows\NV13003428.TMP
    vdspfin.chm
    c:\windows\NV13003428.TMP
    vdspfra.chm
    c:\windows\NV13003428.TMP
    vdspheb.chm
    c:\windows\NV13003428.TMP
    vdsphun.chm
    c:\windows\NV13003428.TMP
    vdspita.chm
    c:\windows\NV13003428.TMP
    vdspjpn.chm
    c:\windows\NV13003428.TMP
    vdspkor.chm
    c:\windows\NV13003428.TMP
    vdspnld.chm
    c:\windows\NV13003428.TMP
    vdspnor.chm
    c:\windows\NV13003428.TMP
    vdspplk.chm
    c:\windows\NV13003428.TMP
    vdspptb.chm
    c:\windows\NV13003428.TMP
    vdspptg.chm
    c:\windows\NV13003428.TMP
    vdsprus.chm
    c:\windows\NV13003428.TMP
    vdspsky.chm
    c:\windows\NV13003428.TMP
    vdspslv.chm
    c:\windows\NV13003428.TMP
    vdspsve.chm
    c:\windows\NV13003428.TMP
    vdsptha.chm
    c:\windows\NV13003428.TMP
    vdsptrk.chm
    c:\windows\NV13003428.TMP
    vmob.chm
    c:\windows\NV13003428.TMP
    vmobara.chm
    c:\windows\NV13003428.TMP
    vmobchs.chm
    c:\windows\NV13003428.TMP
    vmobcht.chm
    c:\windows\NV13003428.TMP
    vmobcsy.chm
    c:\windows\NV13003428.TMP
    vmobdan.chm
    c:\windows\NV13003428.TMP
    vmobdeu.chm
    c:\windows\NV13003428.TMP
    vmobell.chm
    c:\windows\NV13003428.TMP
    vmobeng.chm
    c:\windows\NV13003428.TMP
    vmobesm.chm
    c:\windows\NV13003428.TMP
    vmobesn.chm
    c:\windows\NV13003428.TMP
    vmobfin.chm
    c:\windows\NV13003428.TMP
    vmobfra.chm
    c:\windows\NV13003428.TMP
    vmobheb.chm
    c:\windows\NV13003428.TMP
    vmobhun.chm
    c:\windows\NV13003428.TMP
    vmobita.chm
    c:\windows\NV13003428.TMP
    vmobjpn.chm
    c:\windows\NV13003428.TMP
    vmobkor.chm
    c:\windows\NV13003428.TMP
    vmobnld.chm
    c:\windows\NV13003428.TMP
    vmobnor.chm
    c:\windows\NV13003428.TMP
    vmobplk.chm
    c:\windows\NV13003428.TMP
    vmobptb.chm
    c:\windows\NV13003428.TMP
    vmobptg.chm
    c:\windows\NV13003428.TMP
    vmobrus.chm
    c:\windows\NV13003428.TMP
    vmobsky.chm
    c:\windows\NV13003428.TMP
    vmobslv.chm
    c:\windows\NV13003428.TMP
    vmobsve.chm
    c:\windows\NV13003428.TMP
    vmobtha.chm
    c:\windows\NV13003428.TMP
    vmobtrk.chm

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-12-24 to 2009-01-24 ))))))))))))))))))))))))))))))
    .

    2009-01-21 15:08 . 2009-01-21 15:08 <DIR> d——– c:\program files\Trend Micro
    2009-01-20 21:35 . 2009-01-21 15:42 <DIR> dr-hs—- C:\RESTORE
    2009-01-19 10:49 . 2009-01-19 10:49 <DIR> d——– c:\program files\SopCast
    2009-01-17 12:53 . 2009-01-17 12:53 <DIR> d——– c:\program files\DivX
    2009-01-14 18:19 . 2009-01-14 18:19 428 –a—— c:\windows\zipgenius.xml
    2009-01-14 07:17 . 2009-01-14 07:17 1,374 –a—— c:\windows\imsins.BAK
    2009-01-13 11:10 . 2009-01-14 18:00 664 –a—— c:\windows\system32\d3d9caps.dat
    2009-01-13 11:07 . 2008-09-17 23:55 201,050 –a—— c:\windows\system32
    vapps.nvb
    2009-01-07 17:36 . 2009-01-07 17:41 <DIR> d——– C:\totalcmd
    2009-01-07 17:36 . 2009-01-07 17:40 729 –a—— c:\windows\wincmd.ini
    2009-01-07 17:36 . 2008-08-08 07:04 545 –a—— c:\windows\UC.PIF
    2009-01-07 17:36 . 2008-08-08 07:04 545 –a—— c:\windows\RAR.PIF
    2009-01-07 17:36 . 2008-08-08 07:04 545 –a—— c:\windows\PKZIP.PIF
    2009-01-07 17:36 . 2008-08-08 07:04 545 –a—— c:\windows\PKUNZIP.PIF
    2009-01-07 17:36 . 2008-08-08 07:04 545 –a—— c:\windows\NOCLOSE.PIF
    2009-01-07 17:36 . 2008-08-08 07:04 545 –a—— c:\windows\LHA.PIF
    2009-01-07 17:36 . 2008-08-08 07:04 545 –a—— c:\windows\ARJ.PIF
    2009-01-07 17:28 . 2009-01-07 17:28 <DIR> d——– c:\documents and settings\Beneden\Application Data\JockerSoft
    2009-01-02 10:44 . 2009-01-02 10:44 <DIR> d——– c:\program files\freshney.org
    2009-01-02 10:44 . 2009-01-02 10:44 <DIR> d——– c:\documents and settings\Beneden\Xinorbis
    2009-01-01 13:24 . 2009-01-01 13:25 <DIR> d——– c:\program files\ZipGenius 6
    2009-01-01 13:24 . 2009-01-04 17:04 <DIR> d——– c:\documents and settings\Beneden\Application Data\ZipGenius
    2008-12-31 09:31 . 2008-12-31 09:31 <DIR> d——– c:\program files\Shareaza
    2008-12-31 09:31 . 2008-12-31 09:31 <DIR> d——– c:\documents and settings\Beneden\Application Data\Shareaza
    2008-12-27 15:44 . 2008-12-27 15:44 <DIR> d——– c:\program files\Seagate
    2008-12-27 14:57 . 2008-12-27 14:57 <DIR> d——– c:\program files\HD Tune
    2008-12-26 17:11 . 2008-12-26 17:11 107,888 –a—— c:\windows\system32\CmdLineExt.dll
    2008-12-25 15:32 . 2008-12-25 15:32 <DIR> d——– c:\program files\EASEUS

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-24 10:17 ——— d—–w c:\program files\SPAMfighter
    2009-01-21 14:07 ——— d—–w c:\program files\Hijack This
    2008-12-31 13:42 ——— d—–w c:\documents and settings\Beneden\Application Data\LimeWire
    2008-12-27 14:29 ——— d—–w c:\program files\Common Files\Wise Installation Wizard
    2008-12-21 21:08 ——— d—–w c:\program files\RegCleaner
    2008-12-21 14:48 86,016 —-a-w c:\windows\system32\OpenAL32.dll
    2008-12-21 14:48 262,144 —-a-w c:\windows\system32\wrap_oal.dll
    2008-12-21 14:46 ——— d–h–w c:\program files\InstallShield Installation Information
    2008-12-21 14:46 ——— d—–w c:\program files\Futuremark
    2008-12-21 14:19 ——— d—–w c:\program files\Common Files\Futuremark Shared
    2008-12-19 21:17 ——— d—–w c:\program files\Malwarebytes' Anti-Malware
    2008-12-19 18:35 ——— d—–w c:\documents and settings\Beneden\Application Data\vlc
    2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys
    2008-12-11 00:33 86,016 —-a-w c:\windows\system32\dpl100.dll
    2008-12-11 00:33 200,704 —-a-w c:\windows\system32\dtu100.dll
    2008-12-09 02:28 593,920 —-a-w c:\windows\system32\dpuGUI11.dll
    2008-12-09 02:28 57,344 —-a-w c:\windows\system32\dpv11.dll
    2008-12-09 02:28 344,064 —-a-w c:\windows\system32\dpus11.dll
    2008-12-09 02:28 294,912 —-a-w c:\windows\system32\dpu11.dll
    2008-12-05 16:33 ——— d—–w c:\program files\Microsoft.NET
    2008-12-05 16:21 ——— d—–w c:\program files\microsoft frontpage
    2008-12-05 16:16 ——— d—–w c:\program files\Microsoft Works
    2008-12-03 18:52 38,496 —-a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2008-12-03 18:52 15,504 —-a-w c:\windows\system32\drivers\mbam.sys
    2008-11-27 07:51 225,280 —-a-w c:\windows\system32\BootMan.exe
    2008-11-26 14:58 472,064 —-a-w c:\windows\system32\NTFSFormat.dll
    2008-11-26 14:55 65,536 —-a-w c:\windows\system32\FatCopy.dll
    2008-11-26 14:54 17,920 —-a-w c:\windows\system32\SectorCopy.dll
    2008-11-26 14:54 139,776 —-a-w c:\windows\system32\NTFSCopy.dll
    2008-11-26 14:52 86,016 —-a-w c:\windows\system32\ResizeNTFS.dll
    2008-11-26 14:51 93,184 —-a-w c:\windows\system32\Partition.dll
    2008-11-26 14:51 61,952 —-a-w c:\windows\system32\FatResizeMove.dll
    2008-11-26 14:51 45,568 —-a-w c:\windows\system32\FileSystemCheck.dll
    2008-11-26 14:50 180,736 —-a-w c:\windows\system32\DeviceManager.dll
    2008-11-26 14:49 86,528 —-a-w c:\windows\system32\NTFSLib.dll
    2008-11-26 14:49 31,744 —-a-w c:\windows\system32\FatLib.dll
    2008-11-26 14:49 22,016 —-a-w c:\windows\system32\FatFormat.dll
    2008-11-26 14:48 68,096 —-a-w c:\windows\system32\Device.dll
    2008-11-26 14:48 6,656 —-a-w c:\windows\system32\CallbackOperator.dll
    2008-11-26 14:48 24,576 —-a-w c:\windows\system32\NTFSFileSystemAnalyser.dll
    2008-11-26 14:48 21,504 —-a-w c:\windows\system32\Fixup.dll
    2008-11-26 14:48 14,848 —-a-w c:\windows\system32\FileSystemAnalyser.dll
    2008-11-26 14:48 10,752 —-a-w c:\windows\system32\DeviceAdapter.dll
    2008-11-26 14:47 25,088 —-a-w c:\windows\system32\FATFileSystemAnalyser.dll
    2008-11-25 16:18 86,408 —-a-w c:\windows\system32\setupempdrv03.exe
    2008-11-25 16:18 8,704 —-a-w c:\windows\system32\epmntdrv.sys
    2008-11-25 16:18 3,072 —-a-w c:\windows\system32\EuGdiDrv.sys
    2008-11-25 16:18 14,848 —-a-w c:\windows\system32\EuEpmGdi.dll
    2008-11-06 16:37 524,288 —-a-w c:\windows\system32\DivXsm.exe
    2008-11-06 16:37 3,596,288 —-a-w c:\windows\system32\qt-dx331.dll
    2008-11-06 16:35 200,704 —-a-w c:\windows\system32\ssldivx.dll
    2008-11-06 16:35 1,044,480 —-a-w c:\windows\system32\libdivx.dll
    2008-11-06 16:33 823,296 —-a-w c:\windows\system32\divx_xx0c.dll
    2008-11-06 16:33 823,296 —-a-w c:\windows\system32\divx_xx07.dll
    2008-11-06 16:33 815,104 —-a-w c:\windows\system32\divx_xx0a.dll
    2008-11-06 16:33 802,816 —-a-w c:\windows\system32\divx_xx11.dll
    2008-11-06 16:33 684,032 —-a-w c:\windows\system32\DivX.dll
    2008-11-06 16:33 12,288 —-a-w c:\windows\system32\DivXWMPExtType.dll
    2008-11-02 14:07 15,628 —-a-w c:\program files\Furnish Lite uninstal.log
    2008-06-18 15:04 56,912 —-a-w c:\documents and settings\Beneden\g2mdlhlpx.exe
    2008-05-15 20:09 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008051520080516\index.dat
    2008-05-15 20:09 32,768 –sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    .

    ——- Sigcheck ——-

    2006-03-02 13:00 14336 ab8c6d89a897bacba4657fdf00e344a6 c:\windows\$NtServicePackUninstall$\svchost.exe
    2008-04-14 18:03 14336 e410ec73e2be2a41d923b006f51c8427 c:\windows\ServicePackFiles\i386\svchost.exe
    2008-04-14 18:03 14336 e410ec73e2be2a41d923b006f51c8427 c:\windows\system32\svchost.exe

    2005-03-02 19:21 578560 0b62745ce93e8c6f56547f70269dbabc c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
    2007-03-08 16:51 579584 fa35431e333943f4b2a6d33fa4ee3ce9 c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
    2007-03-08 16:39 579072 cb18f701a5d55a6308fab8d18322c060 c:\windows\$NtServicePackUninstall$\user32.dll
    2006-03-02 13:00 578560 8e5d344fd717d35ee7ed1c8e0ad0cbe6 c:\windows\$NtUninstallKB890859$\user32.dll
    2005-03-02 19:19 578560 a9f2ebfc6ef9c1fb38cedcf747162b6c c:\windows\$NtUninstallKB925902$\user32.dll
    2008-04-14 18:02 580096 4cf588d2f2363b73eb4af57967d46dff c:\windows\ServicePackFiles\i386\user32.dll
    2008-04-14 18:02 580096 4cf588d2f2363b73eb4af57967d46dff c:\windows\system32\user32.dll

    2006-03-02 13:00 82944 06ebcbe58321e924980148b7e3dbd753 c:\windows\$NtServicePackUninstall$\ws2_32.dll
    2008-04-14 18:02 82432 520391367546218929749612abfe840c c:\windows\ServicePackFiles\i386\ws2_32.dll
    2008-04-14 18:02 82432 520391367546218929749612abfe840c c:\windows\system32\ws2_32.dll

    2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
    2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
    2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtServicePackUninstall$\tcpip.sys
    2006-03-02 13:00 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB917953$\tcpip.sys
    2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys
    2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\$NtUninstallKB951748$\tcpip.sys
    2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\tcpip.sys
    2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\dllcache\tcpip.sys
    2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\drivers\tcpip.sys

    2006-03-02 13:00 504832 732ed791711df9c9dd15e5515bc681b8 c:\windows\$NtServicePackUninstall$\winlogon.exe
    2008-04-14 18:03 510464 1247d4d5444e28519bbe31be8ab4c029 c:\windows\ServicePackFiles\i386\winlogon.exe
    2008-04-14 18:03 510464 1247d4d5444e28519bbe31be8ab4c029 c:\windows\system32\winlogon.exe

    2006-03-02 13:00 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\$NtServicePackUninstall$
    dis.sys
    2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386
    dis.sys
    2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers
    dis.sys

    2006-03-02 13:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
    2008-04-13 19:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\ServicePackFiles\i386\ip6fw.sys
    2008-04-13 19:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\system32\drivers\ip6fw.sys

    2005-03-02 19:14 2061312 c26d84b802567e629d42861a11c7ec04 c:\windows\$hf_mig$\KB890859\SP2QFE
    tkrnlpa.exe
    2007-02-28 17:09 2063744 f51b8d8b0703518349096604e788b83e c:\windows\$hf_mig$\KB931784\SP2QFE
    tkrnlpa.exe
    2008-08-14 18:28 2070400 de961b54d30c7dd6aa6c3bd27d584e30 c:\windows\$hf_mig$\KB956841\SP3QFE
    tkrnlpa.exe
    2007-02-28 17:05 2061952 57b09ad681c1d8db77ccc3e92d8f5d14 c:\windows\$NtServicePackUninstall$
    tkrnlpa.exe
    2006-03-02 13:00 2061184 e0399688d466b7c3afdffb5a2ed9f351 c:\windows\$NtUninstallKB890859$
    tkrnlpa.exe
    2005-03-02 19:09 2061184 c6cf1974acdb8329daf9d001c0937cb0 c:\windows\$NtUninstallKB931784$
    tkrnlpa.exe
    2008-04-14 17:41 2070272 6129da5c68c13dca12e77580730fd770 c:\windows\$NtUninstallKB956841$
    tkrnlpa.exe
    2008-08-14 14:27 2070400 c92e65cbb38161373319bb11340de919 c:\windows\Driver Cache\i386
    tkrnlpa.exe
    2008-04-14 17:41 2070272 6129da5c68c13dca12e77580730fd770 c:\windows\ServicePackFiles\i386
    tkrnlpa.exe
    2008-08-14 14:27 2070400 c92e65cbb38161373319bb11340de919 c:\windows\system32
    tkrnlpa.exe
    2008-08-14 14:27 2070400 c92e65cbb38161373319bb11340de919 c:\windows\system32\dllcache
    tkrnlpa.exe

    2005-03-02 19:15 2183936 5db3e8dec987b5d350e4a105dceaee6a c:\windows\$hf_mig$\KB890859\SP2QFE
    toskrnl.exe
    2007-02-28 17:09 2186496 59dca97dc201792c1ccf9fe621ee5ed7 c:\windows\$hf_mig$\KB931784\SP2QFE
    toskrnl.exe
    2008-08-14 18:28 2193536 e332b6de826d4222a758e3264ad8d520 c:\windows\$hf_mig$\KB956841\SP3QFE
    toskrnl.exe
    2007-02-28 17:05 2184704 caaa8fd3c034a227691a43b60873f097 c:\windows\$NtServicePackUninstall$
    toskrnl.exe
    2006-03-02 13:00 2185344 87aaea3908e069fb1be37380c895dfb8 c:\windows\$NtUninstallKB890859$
    toskrnl.exe
    2005-03-02 19:09 2183680 281a1e82f5f8fc0b2f4b57ef296a4240 c:\windows\$NtUninstallKB931784$
    toskrnl.exe
    2008-04-14 17:42 2193408 140a1bad8a6642c1386bb5b388eb447f c:\windows\$NtUninstallKB956841$
    toskrnl.exe
    2008-08-14 14:27 2193536 3e5e63d926c5e9f81045f3646815d2a1 c:\windows\Driver Cache\i386
    toskrnl.exe
    2008-04-14 17:42 2193408 140a1bad8a6642c1386bb5b388eb447f c:\windows\ServicePackFiles\i386
    toskrnl.exe
    2008-08-14 14:27 2193536 3e5e63d926c5e9f81045f3646815d2a1 c:\windows\system32
    toskrnl.exe
    2008-08-14 14:27 2193536 3e5e63d926c5e9f81045f3646815d2a1 c:\windows\system32\dllcache
    toskrnl.exe

    2008-04-14 18:02 1037312 aa04f042a820bf1868e643575887e1a6 c:\windows\explorer.exe
    2007-06-13 14:12 1036800 1d6245afbd3faabc16a885116be1874d c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
    2007-06-13 14:24 1036800 147e95a42a58ce99e403f7f57656bbeb c:\windows\$NtServicePackUninstall$\explorer.exe
    2006-03-02 13:00 1035776 a1d7304a87fc3093150f5e3cc7b0f338 c:\windows\$NtUninstallKB938828$\explorer.exe
    2008-04-14 18:02 1037312 aa04f042a820bf1868e643575887e1a6 c:\windows\ServicePackFiles\i386\explorer.exe

    2006-03-02 13:00 108544 39991cd3c17b7529d039151a88e84499 c:\windows\$NtServicePackUninstall$\services.exe
    2008-04-14 18:03 109056 b77bc5cd88eb96d4352af5202ec4aec2 c:\windows\ServicePackFiles\i386\services.exe
    2008-04-14 18:03 109056 b77bc5cd88eb96d4352af5202ec4aec2 c:\windows\system32\services.exe

    2006-03-02 13:00 13312 34a82debefb057fcccbe15f619fc98a7 c:\windows\$NtServicePackUninstall$\lsass.exe
    2008-04-14 18:03 13312 8754210a3399d19610ce2d71e0c3e5d9 c:\windows\ServicePackFiles\i386\lsass.exe
    2008-04-14 18:03 13312 8754210a3399d19610ce2d71e0c3e5d9 c:\windows\system32\lsass.exe

    2006-03-02 13:00 15360 7de46c9c40abb58c8fdfe0212a3bf2b4 c:\windows\$NtServicePackUninstall$\ctfmon.exe
    2008-04-14 18:02 15360 e98a8c802cdb31fcf4121d9dfbea3677 c:\windows\ServicePackFiles\i386\ctfmon.exe
    2008-04-14 18:02 15360 e98a8c802cdb31fcf4121d9dfbea3677 c:\windows\system32\ctfmon.exe

    2005-06-11 01:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
    2005-06-11 00:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f c:\windows\$NtServicePackUninstall$\spoolsv.exe
    2006-03-02 13:00 57856 cccb8b94b17466efb9dc27f42625b0e5 c:\windows\$NtUninstallKB896423$\spoolsv.exe
    2008-04-14 18:03 57856 db454135de1a09fe7feda7b554b5cca2 c:\windows\ServicePackFiles\i386\spoolsv.exe
    2008-04-14 18:03 57856 db454135de1a09fe7feda7b554b5cca2 c:\windows\system32\spoolsv.exe

    2006-03-02 13:00 24576 de7a0ee4a6a28e6dfe3118eb22468da6 c:\windows\$NtServicePackUninstall$\userinit.exe
    2008-04-14 18:03 26112 6818a533ed3b2fa9936df3daf45352df c:\windows\ServicePackFiles\i386\userinit.exe
    2008-04-14 18:03 26112 6818a533ed3b2fa9936df3daf45352df c:\windows\system32\userinit.exe

    2006-03-02 13:00 297472 e2ce999886a4636026f157deb886aa94 c:\windows\$NtServicePackUninstall$\termsrv.dll
    2008-04-14 18:02 297472 e0aef86a594c9990d6321c5ca239c5b7 c:\windows\ServicePackFiles\i386\termsrv.dll
    2008-04-14 18:02 297472 e0aef86a594c9990d6321c5ca239c5b7 c:\windows\system32\termsrv.dll

    2006-07-05 11:58 1026048 8672ce1e9baf84ec0665d73db8849edb c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
    2007-04-16 17:11 1027072 68757f5935d6d76dd10975b7b7a9751d c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
    2007-04-16 16:54 1025536 6557ea471552bb9af16b66902d572bd5 c:\windows\$NtServicePackUninstall$\kernel32.dll
    2006-03-02 13:00 1024512 54379bd67780fdbbe1590eec142a659c c:\windows\$NtUninstallKB917422$\kernel32.dll
    2006-07-05 11:56 1025024 f2352fb7d9e5c70374568724a32b5cb7 c:\windows\$NtUninstallKB935839$\kernel32.dll
    2008-04-14 18:02 1030656 09bcb7171f8172c2ba0189fe1f9c25cb c:\windows\ServicePackFiles\i386\kernel32.dll
    2008-04-14 18:02 1030656 09bcb7171f8172c2ba0189fe1f9c25cb c:\windows\system32\kernel32.dll

    2006-03-02 13:00 17408 d5a792db732622a393a0469fe6eaa728 c:\windows\$NtServicePackUninstall$\powrprof.dll
    2008-04-14 18:02 17408 32167ce0150dc2a269d99689a143fb67 c:\windows\ServicePackFiles\i386\powrprof.dll
    2008-04-14 18:02 17408 32167ce0150dc2a269d99689a143fb67 c:\windows\system32\powrprof.dll
    .
    ((((((((((((((((((((((((((((( snapshot_2009-01-21_15.52.19.64 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-01-21 13:18:57 64,488 —-a-w c:\windows\system32\perfc009.dat
    + 2009-01-24 10:21:11 64,488 —-a-w c:\windows\system32\perfc009.dat
    - 2009-01-21 13:18:57 84,432 —-a-w c:\windows\system32\perfc013.dat
    + 2009-01-24 10:21:11 84,432 —-a-w c:\windows\system32\perfc013.dat
    - 2009-01-21 13:18:57 409,540 —-a-w c:\windows\system32\perfh009.dat
    + 2009-01-24 10:21:11 409,540 —-a-w c:\windows\system32\perfh009.dat
    - 2009-01-21 13:18:57 475,216 —-a-w c:\windows\system32\perfh013.dat
    + 2009-01-24 10:21:11 475,216 —-a-w c:\windows\system32\perfh013.dat
    + 2009-01-24 10:17:12 16,384 —-atw c:\windows\TEMP\Perflib_Perfdata_6b8.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.I420"= vdrcodec.dll
    "VIDC.MJPG"= Pvmjpg21.dll
    "VIDC.PIM1"= pclepim1.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Desktop Search.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^Beneden^Menu Start^Programma's^Opstarten^Mediacontrole Picture Motion Browser.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^Beneden^Menu Start^Programma's^Opstarten^OpenOffice.org 2.4 .lnk]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    –a—— 2007-03-22 15:09 63712 c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    –a—— 2008-04-14 18:02 15360 c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    –a—-t- 2008-09-04 21:33 133104 c:\documents and settings\Beneden\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
    –a—— 2008-12-03 19:52 1265296 c:\program files\Malwarebytes' Anti-Malware\mbam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    –a—— 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    –a—— 2006-01-12 14:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPAMfighter Agent]
    –a—— 2008-04-29 13:49 321160 c:\program files\SPAMfighter\SFAgent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    –a—— 2008-09-28 08:37 144792 c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    –a—— 2007-10-19 08:46 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update]
    -r-hs—- 2009-01-20 23:00 99890 c:\program files\Common Files\System\sysdrv32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "usnjsvc"=3 (0x3)
    "ose"=3 (0x3)
    "NVSvc"=2 (0x2)
    "MDM"=2 (0x2)
    "AdobeActiveFileMonitor5.0"=2 (0x2)
    "ERSvc"=2 (0x2)
    "CryptSvc"=3 (0x3)
    "WSearch"=2 (0x2)
    "gusvc"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Azureus\\Azureus.exe"=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Shareaza\\Shareaza.exe"=
    "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
    "c:\\Program Files\\SopCast\\SopCast.exe"=
    "c:\\Program Files\\Common Files\\System\\sysdrv32.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6667:TCP"= 6667:TCP:sha
    "6346:TCP"= 6346:TCP:sh
    "1118:UDP"= 1118:UDP:Windows Media Format SDK (iexplore.exe)
    "1119:UDP"= 1119:UDP:Windows Media Format SDK (iexplore.exe)
    "1127:UDP"= 1127:UDP:Windows Media Format SDK (iexplore.exe)
    "1126:UDP"= 1126:UDP:Windows Media Format SDK (iexplore.exe)

    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-05-24 97928]
    R3 PhTVTune;VideoMate TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [2007-05-17 18560]
    R4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-04 875288]
    R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 231704]
    R4 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-05-24 76040]
    R4 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2008-04-29 184968]
    S3 cpuz130;cpuz130;\??\c:\docume~1\Beneden\LOCALS~1\Temp\cpuz130\cpuz_x32.sys –> c:\docume~1\Beneden\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2008-12-25 8704]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2008-12-25 3072]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-01-23 c:\windows\Tasks\1-Click Maintenance.job
    - c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-26 21:51]

    2009-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1123561945-839522115-1006.job
    - c:\documents and settings\Beneden\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 21:33]

    2007-12-09 c:\windows\Tasks\RegCure Program Check.job
    - c:\program files\RegCure\RegCure.exe [2007-12-02 12:37]

    2007-12-09 c:\windows\Tasks\RegCure.job
    - c:\program files\RegCure\RegCure.exe [2007-12-02 12:37]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.startpagina.nl/
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-24 12:50:07
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,ca,87,42,88,ff,
    bb,56,1c,c8,28,51,af,b0,29,a3,98,9c,82,1b,35,17,a8,fb,02,e2,63,26,f1,3f,c8,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,7a,0a,59,88,8b,
    51,6a,98,71,3b,04,66,8b,46,0d,96,a2,40,26,d2,bb,08,a1,3f,6a,9c,d6,61,af,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,0f,ef,1f,5a,19,
    ff,53,6c,25,da,ec,7e,55,20,c9,26,e0,8d,0f,13,db,8a,bc,55,ff,7c,85,e0,43,d4,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,9e,e4,ee,e5,f1,
    ac,2c,f6,3e,1e,9e,e0,57,5a,93,61,a9,cd,4c,ef,0e,f6,a0,bf,86,8c,21,01,be,91,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,22,65,1e,17,6a,
    c3,8d,39,cd,44,cd,b9,a6,33,6c,cd,e9,b9,45,ab,68,66,8d,2d,f5,1d,4d,73,a8,13,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,83,ff,99,58,22,
    ed,71,68,b0,18,ed,a7,3f,8d,37,a4,77,2e,00,17,0f,b8,0f,77,df,20,58,62,78,6b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,55,ff,da,52,cd,
    70,51,69,31,77,e1,ba,b1,f8,68,02,70,be,b5,49,f8,ad,2b,61,fb,a7,78,e6,12,2f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,e9,8a,27,8f,51,
    97,55,9d,83,6c,56,8b,a0,85,96,ab,72,72,db,5d,d6,e4,dc,fa,01,3a,48,fc,e8,04,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,29,e7,60,a1,e9,
    5e,4e,16,51,fa,6e,91,28,9e,14,cc,27,8c,47,14,35,30,71,a1,f6,0f,4e,58,98,5b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,6c,4b,8c,2b,a6,
    d0,5a,e1,b1,cd,45,5a,a8,c4,f8,b9,23,8c,12,f4,59,39,88,1d,3d,ce,ea,26,2d,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,31,20,58,60,14,
    d6,00,e1,e3,0e,66,d5,eb,bc,2f,6b,77,d7,c8,74,9d,dd,f2,73,2a,b7,cc,b5,b9,7f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,a0,9d,ce,9a,ac,
    c1,e0,ec,fa,ea,66,7f,d4,3b,6b,70,10,73,e6,09,13,42,a9,b6,6c,43,2d,1e,aa,22,\

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{12510DD1-84D0-4CA4-95D1-595B3831CC8F}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="16"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{12510DD1-84D0-4CA4-95D1-595B3831CC8F}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{12510DD1-84D0-4CA4-95D1-595B3831CC8F}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{94478404-6236-40C4-8850-DF09CE6D95BC}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{12510DD1-84D0-4CA4-95D1-595B3831CC8F}\TypeLib]
    @DACL=(02 0000)
    @="{A591F293-0DB9-4241-B82A-FD754A9370C4}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{38183A1A-D279-4DB5-8C80-2535070CED16}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="15"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{38183A1A-D279-4DB5-8C80-2535070CED16}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{38183A1A-D279-4DB5-8C80-2535070CED16}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{94478404-6236-40C4-8850-DF09CE6D95BC}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{38183A1A-D279-4DB5-8C80-2535070CED16}\TypeLib]
    @DACL=(02 0000)
    @="{A591F293-0DB9-4241-B82A-FD754A9370C4}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{3B089AF4-2197-4391-B1A6-C6A1E1B05BE1}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{3B089AF4-2197-4391-B1A6-C6A1E1B05BE1}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{3B089AF4-2197-4391-B1A6-C6A1E1B05BE1}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{B2C86B23-DE6A-4B0E-A4C2-0EF039A0392A}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{3B089AF4-2197-4391-B1A6-C6A1E1B05BE1}\TypeLib]
    @DACL=(02 0000)
    @="{6C13A1F5-8891-4C29-9A24-3BCA07419128}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{60010E23-CA47-42C0-8D2C-BCDE35310A3D}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="9"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{60010E23-CA47-42C0-8D2C-BCDE35310A3D}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{60010E23-CA47-42C0-8D2C-BCDE35310A3D}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{B5BAD031-12CB-465E-82D6-11B5C536BCD9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{60010E23-CA47-42C0-8D2C-BCDE35310A3D}\TypeLib]
    @DACL=(02 0000)
    @="{D6F870AF-7292-4670-96D3-EAA62A31FB08}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{678EB2A8-C6EB-44E4-A069-029008E82E33}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="15"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{678EB2A8-C6EB-44E4-A069-029008E82E33}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{678EB2A8-C6EB-44E4-A069-029008E82E33}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{94478404-6236-40C4-8850-DF09CE6D95BC}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{678EB2A8-C6EB-44E4-A069-029008E82E33}\TypeLib]
    @DACL=(02 0000)
    @="{A591F293-0DB9-4241-B82A-FD754A9370C4}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{69434B5E-9D4B-4F40-8CBF-5400AA81D43A}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="8"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{69434B5E-9D4B-4F40-8CBF-5400AA81D43A}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{69434B5E-9D4B-4F40-8CBF-5400AA81D43A}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{94478404-6236-40C4-8850-DF09CE6D95BC}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{69434B5E-9D4B-4F40-8CBF-5400AA81D43A}\TypeLib]
    @DACL=(02 0000)
    @="{A591F293-0DB9-4241-B82A-FD754A9370C4}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{8F48F51E-402B-48E3-9FFC-6B4433540A3C}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="11"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{8F48F51E-402B-48E3-9FFC-6B4433540A3C}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{8F48F51E-402B-48E3-9FFC-6B4433540A3C}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{94478404-6236-40C4-8850-DF09CE6D95BC}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{8F48F51E-402B-48E3-9FFC-6B4433540A3C}\TypeLib]
    @DACL=(02 0000)
    @="{A591F293-0DB9-4241-B82A-FD754A9370C4}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{90FD3C81-2B44-43DD-B93C-80CC798F10EB}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="15"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{90FD3C81-2B44-43DD-B93C-80CC798F10EB}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{90FD3C81-2B44-43DD-B93C-80CC798F10EB}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{94478404-6236-40C4-8850-DF09CE6D95BC}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{90FD3C81-2B44-43DD-B93C-80CC798F10EB}\TypeLib]
    @DACL=(02 0000)
    @="{A591F293-0DB9-4241-B82A-FD754A9370C4}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{94478404-6236-40C4-8850-DF09CE6D95BC}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="13"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{94478404-6236-40C4-8850-DF09CE6D95BC}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{94478404-6236-40C4-8850-DF09CE6D95BC}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{94478404-6236-40C4-8850-DF09CE6D95BC}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{94478404-6236-40C4-8850-DF09CE6D95BC}\TypeLib]
    @DACL=(02 0000)
    @="{A591F293-0DB9-4241-B82A-FD754A9370C4}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{963EED81-E2D3-456E-9ECE-B56B38CBE175}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="20"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{963EED81-E2D3-456E-9ECE-B56B38CBE175}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{963EED81-E2D3-456E-9ECE-B56B38CBE175}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{94478404-6236-40C4-8850-DF09CE6D95BC}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{963EED81-E2D3-456E-9ECE-B56B38CBE175}\TypeLib]
    @DACL=(02 0000)
    @="{A591F293-0DB9-4241-B82A-FD754A9370C4}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{B2C86B23-DE6A-4B0E-A4C2-0EF039A0392A}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="9"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{B2C86B23-DE6A-4B0E-A4C2-0EF039A0392A}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{B2C86B23-DE6A-4B0E-A4C2-0EF039A0392A}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{B2C86B23-DE6A-4B0E-A4C2-0EF039A0392A}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{B2C86B23-DE6A-4B0E-A4C2-0EF039A0392A}\TypeLib]
    @DACL=(02 0000)
    @="{6C13A1F5-8891-4C29-9A24-3BCA07419128}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{C6C458C2-07FE-4E89-976B-2BED5C5F3ECD}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="9"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{C6C458C2-07FE-4E89-976B-2BED5C5F3ECD}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{C6C458C2-07FE-4E89-976B-2BED5C5F3ECD}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{B5BAD031-12CB-465E-82D6-11B5C536BCD9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{C6C458C2-07FE-4E89-976B-2BED5C5F3ECD}\TypeLib]
    @DACL=(02 0000)
    @="{D6F870AF-7292-4670-96D3-EAA62A31FB08}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{D0D564BD-BC70-4A0B-89B7-043AB0135137}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="20"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{D0D564BD-BC70-4A0B-89B7-043AB0135137}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{D0D564BD-BC70-4A0B-89B7-043AB0135137}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{94478404-6236-40C4-8850-DF09CE6D95BC}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{D0D564BD-BC70-4A0B-89B7-043AB0135137}\TypeLib]
    @DACL=(02 0000)
    @="{A591F293-0DB9-4241-B82A-FD754A9370C4}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{D42A01FD-9D01-4C45-AA3E-1689E7033643}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="7"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{D42A01FD-9D01-4C45-AA3E-1689E7033643}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{D42A01FD-9D01-4C45-AA3E-1689E7033643}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{B2C86B23-DE6A-4B0E-A4C2-0EF039A0392A}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{D42A01FD-9D01-4C45-AA3E-1689E7033643}\TypeLib]
    @DACL=(02 0000)
    @="{6C13A1F5-8891-4C29-9A24-3BCA07419128}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E4C19BBD-F457-4760-8144-0FA2B3903764}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="13"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E4C19BBD-F457-4760-8144-0FA2B3903764}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E4C19BBD-F457-4760-8144-0FA2B3903764}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{94478404-6236-40C4-8850-DF09CE6D95BC}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E4C19BBD-F457-4760-8144-0FA2B3903764}\TypeLib]
    @DACL=(02 0000)
    @="{A591F293-0DB9-4241-B82A-FD754A9370C4}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{FB010785-9D62-450C-B81B-F3EF3B00C4D9}\NumMethods]
    @Class="REG_SZ"
    @DACL=(02 0000)
    @="6"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{FB010785-9D62-450C-B81B-F3EF3B00C4D9}\ProxyStubClsid]
    @DACL=(02 0000)
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{FB010785-9D62-450C-B81B-F3EF3B00C4D9}\ProxyStubClsid32]
    @DACL=(02 0000)
    @="{B2C86B23-DE6A-4B0E-A4C2-0EF039A0392A}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{FB010785-9D62-450C-B81B-F3EF3B00C4D9}\TypeLib]
    @DACL=(02 0000)
    @="{6C13A1F5-8891-4C29-9A24-3BCA07419128}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{57A0E746-3863-4D20-A811-950C84F1DB9B}\1.1]
    @DACL=(02 0000)
    @="FlashAccessibility"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
    "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{077ACEC7-979C-40AB-9835-435BA1511E0D}]
    @DACL=(02 0000)
    "FriendlyName"="Windows Media Files"
    "ComponentGUID"="{077ACEC7-979C-40AB-9835-435BA1511E0D}"
    "Version"=dword:000a0000
    "Sub-Version"=dword:00000eda
    "ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{077ACEC7-979C-40AB-9835-435BA1511E0D}\\MPPRE10.inf"
    "ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{077ACEC7-979C-40AB-9835-435BA1511E0D}\\mppre10.cat"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{30C7234B-6482-4A55-A11D-ECD9030313F2}]
    @DACL=(02 0000)
    "FriendlyName"="Windows Media Files"
    "ComponentGUID"="{30C7234B-6482-4A55-A11D-ECD9030313F2}"
    "Version"=dword:000a0000
    "Sub-Version"=dword:00000eda
    "ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{30C7234B-6482-4A55-A11D-ECD9030313F2}\\WMDM10.inf"
    "ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{30C7234B-6482-4A55-A11D-ECD9030313F2}\\wmdm10.cat"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{981FB688-E76B-4246-987B-92083185B90A}]
    @DACL=(02 0000)
    "FriendlyName"="Windows Media Files"
    "ComponentGUID"="{981FB688-E76B-4246-987B-92083185B90A}"
    "Version"=dword:000a0000
    "Sub-Version"=dword:00000eda
    "ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{981FB688-E76B-4246-987B-92083185B90A}\\WPD10.inf"
    "ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{981FB688-E76B-4246-987B-92083185B90A}\\wpd10.cat"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{A47B3654-48EE-48A5-B629-97D70175E58F}]
    @DACL=(02 0000)
    "FriendlyName"="Windows Media Files"
    "ComponentGUID"="{A47B3654-48EE-48A5-B629-97D70175E58F}"
    "Version"=dword:000a0000
    "Sub-Version"=dword:00000eda
    "ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{A47B3654-48EE-48A5-B629-97D70175E58F}\\codecs10.inf"
    "ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{A47B3654-48EE-48A5-B629-97D70175E58F}\\codecs10.cat"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}]
    @DACL=(02 0000)
    "FriendlyName"="Windows Media Files"
    "ComponentGUID"="{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}"
    "Version"=dword:000a0000
    "Sub-Version"=dword:00000eda
    "ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\\WMFSDK10.inf"
    "ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\\wmfsdk10.cat"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}]
    @DACL=(02 0000)
    "FriendlyName"="Windows Media Files"
    "ComponentGUID"="{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}"
    "Version"=dword:000a0000
    "Sub-Version"=dword:00000eda
    "ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\\DRM10.inf"
    "ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\\drm10.cat"

    [HKEY_LOCAL_MACHINE\software\Realtek Semiconductor Corp.\Realtek High Definition Audio Driver]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\VideoMate\ComproPVR]
    @DACL=(02 0000)
    .
    Voltooingstijd: 2009-01-24 12:52:01
    ComboFix-quarantined-files.txt 2009-01-24 11:51:39
    ComboFix2.txt 2009-01-24 10:33:59
    ComboFix3.txt 2009-01-22 21:54:39
    ComboFix4.txt 2009-01-21 15:11:39
    ComboFix5.txt 2009-01-24 11:48:21

    Pre-Run: 41.307.320.320 bytes beschikbaar
    Post-Run: 41,299,542,016 bytes beschikbaar

    791 — E O F — 2009-01-14 22:06:55













































































































































  • Hoe staat het met de problemen?
  • Dag,

    Allereerst een dank je wel voor alle hulp.

    De problemen bij opstarten ed zijn voorbij. Wel zo nu en dan een melding van avg dat hij een foute file vindt, ik ben de naam even kwijt, maar lijkt op barbeque. Die heal ik dan en dan is het weer voorbij. laatste melding vanochtend vroeg.
  • Hmm, dat is niet mooi.
    Als je de naam weer tegenkomt moet je het zeggen, dan kan maken we ook daar een eind aan.
    Die laatste foutmelding was die trouwens vóór de laatste instructies die ik jou gaf of erna?
  • Voordat we vandaag weer begonnen. Kan dus zijn dat het nu niet meer voorkomt. Indien ik weer iets zie dan hoor je het.
  • Dag,

    Vanochtend kreeg mijn zoon tijdens MSN een raar scherm in beeld. Toen ik wilde afsluiten verscheen een zwart dos scherm met pips.exe erboven. Googelen levert nu twee nederlandstalige hits op via andere fora, oa weet comfix met een extra toevoeging. Ik kan daarmee wel vooruit maar ben toch wel benieuwd naar jouw mening of suggestie om dit nu weer aan te pakken.
  • kort geleden nu wer enekle meldingen, hierbij het avg verslag:
    Resident Shield detection
    "Infection" "Object" "Result" "Detection time" "Object Type" "Process"
    "Trojan horse BackDoor.RBot.BI" "C:\Documents and Settings\Beneden\Local Settings\Temporary Internet Files\Content.IE5\JO7Q7H4T\200507[1].exe" "Moved to Virus Vault" "20-1-2009, 23:01:37" "file" "C:\WINDOWS\winav.exe"
    "Trojan horse BHO.HCU" "C:\WINDOWS\system32\mlJCvWOG.dll" "Moved to Virus Vault" "21-1-2009, 12:35:50" "file" "C:\WINDOWS\system32\lsass.exe"
    "Trojan horse BHO.HCU" "C:\System Volume Information\_restore{122CE652-8D0F-44A9-B968-40C5C2A73F01}\RP768\A0150973.dll" "Moved to Virus Vault" "22-1-2009, 22:08:25" "file" "C:\WINDOWS\System32\svchost.exe"
    "Trojan horse SHeur2.MKT" "C:\System Volume Information\_restore{122CE652-8D0F-44A9-B968-40C5C2A73F01}\RP768\A0153016.exe" "Moved to Virus Vault" "22-1-2009, 22:30:04" "file" "C:\WINDOWS\System32\svchost.exe"
    "Trojan horse BHO.HDT" "C:\System Volume Information\_restore{122CE652-8D0F-44A9-B968-40C5C2A73F01}\RP769\A0153061.dll" "Moved to Virus Vault" "23-1-2009, 11:30:10" "file" "C:\WINDOWS\System32\svchost.exe"
    "Trojan horse Adload_r.GZ" "C:\System Volume Information\_restore{122CE652-8D0F-44A9-B968-40C5C2A73F01}\RP769\A0153062.dll" "Infected" "23-1-2009, 12:01:06" "file" "C:\WINDOWS\System32\svchost.exe"
    "Trojan horse Adload_r.GZ" "C:\System Volume Information\_restore{122CE652-8D0F-44A9-B968-40C5C2A73F01}\RP769\A0153062.dll" "Moved to Virus Vault" "23-1-2009, 13:17:55" "file" "C:\WINDOWS\System32\svchost.exe"
    "Trojan horse BHO.HDQ" "C:\System Volume Information\_restore{122CE652-8D0F-44A9-B968-40C5C2A73F01}\RP769\A0153063.dll" "Moved to Virus Vault" "24-1-2009, 0:49:16" "file" "C:\WINDOWS\System32\svchost.exe"
    "Trojan horse BHO.HDT" "C:\System Volume Information\_restore{122CE652-8D0F-44A9-B968-40C5C2A73F01}\RP769\A0153066.dll" "Moved to Virus Vault" "24-1-2009, 8:46:39" "file" "C:\WINDOWS\System32\svchost.exe"
    "Trojan horse Dropper.Small.ANB" "C:\crz.exe" "Moved to Virus Vault" "24-1-2009, 11:21:48" "file" "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
    "Trojan horse Adload_r.HC" "C:\Documents and Settings\Beneden\Local Settings\Temporary Internet Files\Content.IE5\FWFGOFQT\apstpldr.dll[1].htm" "Infected" "25-1-2009, 13:01:54" "file" "C:\WINDOWS\Explorer.EXE"
    "Trojan horse Vundo.DJ" "C:\Documents and Settings\Beneden\Local Settings\Temporary Internet Files\Content.IE5\TT5XCG81\divx20[1]" "Infected" "25-1-2009, 13:06:55" "file" "C:\WINDOWS\Explorer.EXE"
    "Trojan horse Vundo.DJ" "C:\Documents and Settings\Beneden\Local Settings\Temporary Internet Files\Content.IE5\XW11FJYQ\divx20[1]" "Infected" "25-1-2009, 14:03:22" "file" "C:\WINDOWS\Explorer.EXE"
    "Trojan horse Vundo.DJ" "C:\Documents and Settings\Beneden\Local Settings\Temporary Internet Files\Content.IE5\ELXN7AXV\divx20[1]" "Moved to Virus Vault" "25-1-2009, 15:03:23" "file" "C:\WINDOWS\Explorer.EXE"
    "Trojan horse BHO.HDT" "C:\System Volume Information\_restore{122CE652-8D0F-44A9-B968-40C5C2A73F01}\RP769\A0153067.dll" "Moved to Virus Vault" "25-1-2009, 19:59:20" "file" "C:\WINDOWS\System32\svchost.exe"
    "Trojan horse BHO.HDT" "C:\System Volume Information\_restore{122CE652-8D0F-44A9-B968-40C5C2A73F01}\RP769\A0153068.dll" "Moved to Virus Vault" "25-1-2009, 20:30:40" "file" "C:\WINDOWS\System32\svchost.exe"
  • Het is niet handig om instructies op te volgen die aan iemand anders zijn gegeven omdat elke computer verschillend is.


    Als je goed kijkt zie je dat de infecties allemaal uit de systeemherstelmap en de temporary map komen, doe daarom dit:


    Download ATF cleaner (mirror)(gemaakt door Atribune)

    Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

    Dubbelklik op

    ATF cleaner om het programma te starten.
    Op het tabblad Main, plaats je een vinkje bij Select All.
    Klik op de knop Empty Selected.

    Het volgende doen als je ook FireFox als browser hebt:

    Klik op tabblad Firefox, plaats een vinkje bij Select All.
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
    (dit haalt het vinkje weer weg bij Firefox saved passwords)
    Klik op de knop Empty Selected.

    Het volgende doen als je ook Opera als browser hebt:

    Klik op tabblad Opera, plaats een vinkje bij Select All.
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
    Klik op de knop Empty Selected.
    Ga naar het tabblad Main en klik op de knop Exit om het programma af te sluiten.3.

    - Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".
    - Zet een vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Windows vraagt of je dat zeker weet.
    - Klik "Ja".
    - Klik "OK".
    - Start de pc opnieuw op.
    - Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"
    - Klik "Ja".
    - Verwijder het vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Klik "OK".
    - Start de pc opnieuw op
    - Er is nu een nieuw schoon herstel punt aangemaakt



    Plaats nu een nieuw

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.