Nee, die Fontsmap zit niet dwars bij het opstarten!

Dan gaan we proberen jouw Windows sneller op te laten starten:

download en installeer MS Bootvis: http://www.softpedia.com/get/Tweak/System-Tweak/BootVis.shtml

Start Bootvis; klik in de werkbalk op 'Trace' en selecteer dan >Next boot + Driver delays. Klik in het venster 'Trace Repetitions' op >OK.
De computer zal gaan afsluiten en daaropvolgend gaan herstarten.
Doe verder niks totdat het voltalige Bootvisvenster weer op je bureaublad staat. Dan klik je weer op 'Trace' en selekteer je >Optimize System.
Wederom herhaalt zich het afsluiten en weer opstarten. Dan nog even wachten totdat Bootvis helemaal klaar is.

Bootvis kan echter een waarschuwing afgeven, dat het tool niet kan starten vanwege fragmentering van de besturingsschijf.

Nadat Bootvis het systeem onderhanden heeft genomen, is schijfdefragmentatie ook belangrijk, omdat dan bootbestanden naar het begin van de schijf worden verplaatst - dit om sneller opstarten mogelijk te maken!

Ik ben benieuwd of jouw Windows goed reageert op dit tool en sneller zal opstarten in het vervolg?

Ongeveer 1,5 jaar geleden is er op de pc een nieuwe windows XP gekomen (door een deskundig mede-forumlid) Opstarttijd toen ong. 2 min. en nu VIJF .Met regelmaat draai ik Ccleaner,Mbam.Volgens mij start er niet teveel op als ik kijk naar Msconfig, opstarten. Aangezien ik me afvraag of er toch verkeerde zaken in mij pc zitten post ik een HJT-log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:56:59, on 25-2-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\PROGRA~1\MAILWA~1\MAILWA~1.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {46735dee-f862-49d1-876d-6382794dc625} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {46735dee-f862-49d1-876d-6382794dc625} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [MailWasher] C:\PROGRA~1\MAILWA~1\MAILWA~1.EXE
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254212204296
O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} (PCMaticVer Class) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OnlineBackupService - BackupAgent B.V. - c:\program files\backup zeker\onlinebackupservice.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Eigenaar/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

–
End of file - 6034 bytes

Mooi overzichtelijk dacht ik toch?
Wellicht wil iemand kijken en eventueel een advies geven?

Hallo f.j.stols, gebruik eerst het Remover Tool van AVG, om de laatste resten van AVG te verwijderen: http://www.avg.com/nl-nl/download-tools

Na het rebooten van je PC doe je het volgende: download [b:56acc0e449]TFC[/b:56acc0e449] (klick) naar je bureaublad.

• Klik/dubbelklik op [b:56acc0e449]TFC.exe[/b:56acc0e449] om het programma te starten.
• Niet schrikken - het tool sluit alle lopende programma's - ergo: verzeker je dus ervan, dat je werk al is opgeslagen!
• Vervolgens klik je op de knop [b:56acc0e449]Start[/b:56acc0e449] om de scan te starten. Deze scan kan kort of langer duren, wees geduldig en laat TFC zijn taak doen en wacht to TFC klaaar is.
• Indien TFC klaar is, dan komt de melding dat de computer opnieu opgestart wordt.
• Gebeurt het afsluiten niet automatisch, start dan zelf de computer opnieuw op.


Daarna: download, installeer en blijf [b:56acc0e449]MBAM[/b:56acc0e449] gebruiken.
Al meteen na de installatie wil [b:56acc0e449]MBAM[/b:56acc0e449] zijn database opwaarderen – toestaan dus.
Ook bij herhaald gebruik: eerst de tab [b:56acc0e449]Update[/b:56acc0e449] aandoen!

[b:56acc0e449]Download MBAM[/b:56acc0e449] (KLIK)

Start [b:56acc0e449]MBAM[/b:56acc0e449] en kies voor [b:56acc0e449]Snelle Scan[/b:56acc0e449]


[b:56acc0e449]N.B.: Vista- en Windows 7 gebruik(st)ers starten MBAM middels rechtsklikken en dan kiezen voor Als Administrator uitvoeren.[/b:56acc0e449]



Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik dan op de knop [b:56acc0e449]OK[/b:56acc0e449] , daarna op de knop [b:56acc0e449]Bekijk Resultaten[/b:56acc0e449] om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klikken op: [b:56acc0e449]Verwijder geselecteerde[/b:56acc0e449] .
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

Het log wordt automatisch bewaard door [b:56acc0e449]MBAM[/b:56acc0e449] en dat kan je terugvinden door op de tab [b:56acc0e449]Logs[/b:56acc0e449] te klikken in [b:56acc0e449]MBAM[/b:56acc0e449] .

Indien [b:56acc0e449]MBAM[/b:56acc0e449] moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op [b:56acc0e449]OK[/b:56acc0e449] klikken!
Daarna zal [b:56acc0e449]MBAM[/b:56acc0e449] vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.



Als laatste: download [b:56acc0e449] naar je bureaublad.

• dds.scr dubbelklikken (Vista/Win 7 gebruikers doen dit via rechtsklik en kiezen voor Als Administrator uitvoeren) - wacht tot de scan klaar is.
• Na de scan worden twee tekstdocumnenten geopend - post de inhoud van het DDS-log (maar schakel eerst in kladblok via Opmaak de Automatische terugloop uit!).


Post de volgense keer de inhoud van beide DDS-logs en dito het MBAM log.

Deze logs openen in kladblok - schakel eerst in kladblok via Opmaak de Automatische terugloop uit!

Abraham 54:
AVG remover heb ik laten lopen. Moet daar ook een logje van?
hier de twee DSS logjes:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Eigenaar at 7:49:45,14 on vr 26-02-2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.598 [GMT 1:00]

AV: ESET NOD32 antivirus systeem 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\PROGRA~1\MAILWA~1\MAILWA~1.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Eigenaar\Bureaublad\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.nl/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = ${URL_SEARCHPAGE}
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = ${URL_SEARCHPAGE}
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
{ef99bd32-c1fb-11d2-892f-0090271d4f88}
uURLSearchHooks: H - No File
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {46735dee-f862-49d1-876d-6382794dc625} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2C688203-7EB3-4327-9995-1CB417BA23F9} - No File
TB: {46735DEE-F862-49D1-876D-6382794DC625} - No File
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
EB: &Onderzoek: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Gadwin PrintScreen] c:\program files\gadwin systems\printscreen\PrintScreen.exe /nosplash
uRun: [MailWasher] c:\progra~1\mailwa~1\MAILWA~1.EXE
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\windows\system32\imon.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254212204296
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\eigenaar\applic~1\mozilla\firefox\profiles\9pvc4xfa.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2088433&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ToggleDU Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

—- FIREFOX POLICIES —-

FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com";
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff";
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties";
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties";
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org";
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com";
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-7-16 15424]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-12-29 486280]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2008-7-16 552064]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service –> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 ham50;V9X HAM 1394V;c:\windows\system32\drivers\CTXH51.sys [2008-7-11 454815]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys –> c:\windows\system32\drivers\Lbd.sys [?]
S2 OnlineBackupService;OnlineBackupService;c:\program files\backup zeker\OnlineBackupService.exe [2009-3-2 34120]
S3 cpuz130;cpuz130;\??\c:\docume~1\eigenaar\locals~1\temp\cpuz130\cpuz_x32.sys –> c:\docume~1\eigenaar\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys –> c:\windows\system32\drivers\hitmanpro3.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-8-29 38224]

=============== Created Last 30 ================

2010-02-24 16:09:44 0 d–h–r- c:\documents and settings\eigenaar\Onlangs geopend
2010-02-23 08:08:42 38 —-a-w- c:\windows\avisplitter.ini
2010-02-23 08:08:41 839680 —-a-w- c:\windows\system32\lameACM.acm
2010-02-23 08:08:41 414 —-a-w- c:\windows\system32\lame_acm.xml
2010-02-23 08:08:40 881664 —-a-w- c:\windows\system32\xvidcore.dll
2010-02-23 08:08:40 217088 —-a-w- c:\windows\system32\yv12vfw.dll
2010-02-23 08:08:40 205824 —-a-w- c:\windows\system32\xvidvfw.dll
2010-02-23 08:08:40 151552 —-a-w- c:\windows\system32\ac3acm.acm
2010-02-23 08:08:37 85504 —-a-w- c:\windows\system32\ff_vfw.dll
2010-02-23 08:08:37 547 —-a-w- c:\windows\system32\ff_vfw.dll.manifest
2010-02-23 08:08:34 0 d—–w- c:\program files\K-Lite Codec Pack
2010-02-22 13:18:10 81920 —-a-w- c:\windows\system32\Startup.cpl
2010-02-22 10:25:06 0 d—–w- c:\docume~1\alluse~1\applic~1\PCPitstop
2010-02-22 10:25:01 0 d—–w- c:\program files\PCPitstop
2010-02-21 14:05:59 50612 —-a-w- c:\docume~1\eigenaar\applic~1\mdbu.bin
2010-02-20 13:32:36 0 d—–w- c:\documents and settings\all users\Sjablonen
2010-02-20 13:31:11 0 d—–w- c:\program files\VS Revo Group
2010-02-20 07:19:26 0 d—–w- c:\docume~1\alluse~1\applic~1\Canneverbe Limited
2010-02-18 09:47:59 0 d—–w- c:\docume~1\eigenaar\applic~1\Canneverbe_Limited
2010-02-18 09:47:36 7168 —-a-w- c:\windows\system32\drivers\StarOpen.sys
2010-02-15 20:12:13 0 d—–w- c:\program files\NirSoft
2010-02-15 07:21:25 1892184 —-a-w- c:\windows\system32\D3DX9_42.dll
2010-02-15 07:21:23 2414360 —-a-w- c:\windows\system32\d3dx9_31.dll
2010-02-15 07:21:11 0 d—–w- c:\windows\Logs
2010-02-15 07:20:56 0 d—–w- c:\program files\Winamp Detect
2010-02-11 10:42:56 86016 —-a-w- c:\windows\system32\frapsvid.dll
2010-02-09 19:34:46 0 d—–r- c:\program files\Skype
2010-02-09 12:01:47 0 d—–w- c:\program files\OpenOffice.org 3

==================== Find3M ====================

2010-02-21 14:23:57 256780 —-a-w- c:\docume~1\eigenaar\applic~1\mdb.bin
2010-01-15 14:53:44 411368 —-a-w- c:\windows\system32\deploytk.dll
2010-01-08 22:42:58 3366912 —-a-w- c:\windows\system32\GPhotos.scr
2010-01-07 15:07:14 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07:04 19160 —-a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 15:34:27 30 —-a-w- c:\program files\Exiferupdate.ini
2009-12-31 16:50:03 353792 —-a-w- c:\windows\system32\drivers\srv.sys
2009-12-29 11:39:09 4212 —ha-w- c:\windows\system32\zllictbl.dat
2009-12-21 19:10:30 916480 —-a-w- c:\windows\system32\wininet.dll
2009-12-17 07:42:53 345600 —-a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10:21 33280 —-a-w- c:\windows\system32\csrsrv.dll
2009-12-12 14:15:30 178176 —-a-w- c:\windows\system32\unrar.dll
2009-12-10 18:18:57 92780 —-a-w- c:\windows\system32\perfc013.dat
2009-12-10 18:18:57 513472 —-a-w- c:\windows\system32\perfh013.dat
2009-12-09 10:11:59 2193536 —-a-w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11:59 2070400 —-a-w- c:\windows\system32\ntkrnlpa.exe
2005-12-15 06:38:32 3584 ——w- c:\program files\1033.mst
2005-12-15 06:38:31 93696 ——w- c:\program files\1034.mst
2005-12-15 06:38:30 98304 ——w- c:\program files\2070.mst
2005-12-15 06:38:29 102400 ——w- c:\program files\1040.mst
2005-12-15 06:38:28 97280 ——w- c:\program files\1036.mst
2005-12-15 06:38:16 894 ——w- c:\program files\Manual~1.cab
2005-12-14 22:35:05 407 ——w- c:\program files\setup.ini
2003-04-21 12:09:50 245408 ——w- c:\program files\unicows.dll
2002-03-11 09:06:30 1822520 ——w- c:\program files\instmsiw.exe
2008-07-12 10:14:37 32768 –sha-w- c:\windows\system32\config\systemprofile\local settings\geschiedenis\history.ie5\mshist012008071220080713\index.dat

============= FINISH: 7:52:57,12 ===============

en:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 13-8-2008 16:41:08
System Uptime: 26-2-2010 7:43:11 (0 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-6513
Processor: Intel(R) Pentium(R) 4 CPU 2.00GHz | Socket 478 | 1993/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 23,411 GiB free.
D: is FIXED (NTFS) - 31 GiB total, 29,589 GiB free.
E: is FIXED (FAT32) - 6 GiB total, 5,765 GiB free.
F: is CDROM ()
G: is CDROM ()
Y: is FIXED (FAT32) - 298 GiB total, 282,659 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP640: 22-2-2010 11:04:51 - Controlepunt van systeem
RP641: 22-2-2010 16:11:13 - Geïnstalleerd Google SketchUp 6
RP642: 22-2-2010 16:11:35 - Geïnstalleerd Google SketchUp 6
RP643: 23-2-2010 17:17:30 - Controlepunt van systeem
RP644: 24-2-2010 8:32:12 - Software Distribution Service 3.0
RP645: 24-2-2010 14:51:26 - Software Distribution Service 3.0

==== Installed Programs ======================

7-Zip 4.65
ACDSee
Adobe Flash Player 10 ActiveX
Adobe Help Center 2.1
Adobe Photoshop Elements 7.0
Adobe® Flash® Player 10 Plugin
Adres 2000 Versie 1.923
Advanced SystemCare 3
Albert Heijn Fotoservice
ArcSoft Panorama Maker 3
Backup Zeker
Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127-v2)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB953838)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB956390)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB958215)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB960714)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB971961)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB974455)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB976325)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB978207)
Beveiligingsupdate voor Windows XP (KB923789)
Beveiligingsupdate voor Windows XP (KB969947)
Beveiligingsupdate voor Windows XP (KB970430)
Beveiligingsupdate voor Windows XP (KB971468)
Beveiligingsupdate voor Windows XP (KB972270)
Beveiligingsupdate voor Windows XP (KB973904)
Beveiligingsupdate voor Windows XP (KB974318)
Beveiligingsupdate voor Windows XP (KB974392)
Beveiligingsupdate voor Windows XP (KB975560)
Beveiligingsupdate voor Windows XP (KB975713)
Beveiligingsupdate voor Windows XP (KB977165)
Beveiligingsupdate voor Windows XP (KB977914)
Beveiligingsupdate voor Windows XP (KB978037)
Beveiligingsupdate voor Windows XP (KB978251)
Beveiligingsupdate voor Windows XP (KB978262)
Beveiligingsupdate voor Windows XP (KB978706)
Canon CanoScan Toolbox 5.0
Canon iP5300
CanoScan 4400F
CCleaner
CD-LabelPrint
CDBurnerXP
Compatibility Pack for the 2007 Office system
CrossLoop 2.60
CutePDF Writer 2.7
Defraggler
Easy Rolodex 3.0
Exact Audio Copy 0.99pb4
FastStone Photo Resizer 2.9
FileHippo.com Update Checker
Flickr Uploadr 3.1.3
Fotoservice
Foxit Reader
Fraps
Gadwin PrintScreen
Gebruikersregistratie voor Canon iP5300
Google Earth
Google SketchUp 6
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Hotfix voor Windows XP (KB976098-v2)
Hotfix voor Windows XP (KB979306)
Image Resizer Powertoy for Windows XP
Java Auto Updater
Java(TM) 6 Update 18
Jing
K-Lite Codec Pack 5.7.5 (Full)
KB9908 Uninstall
MailWasher Pro
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - NLD
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - NLD
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 Language Pack - nld
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft DirectX Transform optional components
Microsoft Office Outlook Connector
Microsoft Office Professional Editie 2003
Microsoft Outlook Reservekopie van persoonlijke mappen
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Mozilla Firefox (3.5.5)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
neroxml
NOD32 antivirus systeem
NTREGOPT 1.1j
NVIDIA Windows 2000/XP Display Drivers
PCI Audio Driver
Picasa 3
PTLens
Recuva
Remove Empty Directories 2.1
Security Update for CAPICOM (KB931906)
Skype™ 4.1
Swiff Player 1.5
Taalpakket voor Microsoft .NET Framework 3.5 - NL
TomTom HOME 2.7.3.1894
TomTom HOME Visual Studio Merge Modules
Tweak UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update voor Windows Internet Explorer 8 (KB975364)
Update voor Windows Internet Explorer 8 (KB976662)
Update voor Windows Internet Explorer 8 (KB976749)
Update voor Windows XP (KB955759)
Update voor Windows XP (KB971737)
Update voor Windows XP (KB973687)
VC 9.0 Runtime
VCRedistSetup
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.5
WebFldrs XP
Winamp
Winamp Detector Plug-in
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
YouTube Downloader 2.5.3
ZoneAlarm
ZoneAlarm Spy Blocker

==== End Of File ===========================
en de MBAM:
Malwarebytes' Anti-Malware 1.44
Database versie: 3792
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

26-2-2010 8:13:54
mbam-log-2010-02-26 (08-13-54).txt

Scan type: Snelle Scan
Objecten gescand: 124151
Verstreken tijd: 19 minute(s), 5 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

nu hoop ik dat hier iets meet te doen valt. Alvast veel dank.FJS

Hallo f.j.stols, ik kan me vergissen hoor, maar zo te zien heb je een keygen gebruikt voor ZoneAlarm.

Doe daarom ook het volgende, want keygens zijn niet te vertrouwen: Download, installeer en blijf [b:d8c6f4386f]a-squared Free 4.5 [/b:d8c6f4386f]gebruiken.

Direkt na de installatie wil ook [b:d8c6f4386f]a-squared Free 4.5[/b:d8c6f4386f] updaten.

Dat verhinder je. Start [b:d8c6f4386f]a-squared Free 4.5[/b:d8c6f4386f] en klik op [b:d8c6f4386f]Configureer updates[/b:d8c6f4386f] en [b:d8c6f4386f]haal dan het vinkje weg bij Extra talen installeren[/b:d8c6f4386f]!

Hierna kan je [b:d8c6f4386f]a-squared Free 4.5[/b:d8c6f4386f] de nieuwste definities binnenhalen.
[b:d8c6f4386f]Nadat de update gedaan is kies je voor Grondige Scan[/b:d8c6f4386f].


[i:d8c6f4386f][b:d8c6f4386f]Download a-squared Free 4.5[/b:d8c6f4386f][/i:d8c6f4386f]


[b:d8c6f4386f]Vista- en Windows 7 gebruik(st)ers: klik de betreffende snelkoppeling met rechts aan en kies voor Eigenschappen.
In het Eigenschappenvenster klik je dan op de knop Geavanceerd en zet je een vinkje bij Als administrator uitvoeren.[/b:d8c6f4386f]


Post het log van a-squared!

tussentijds berichtje: A² zal nog wel een halve dag duren. Volgens mij heb ik een gewone versie van ZoneAlarm (9.1.007002).Die Keygen zou met de installatie van een officie pakket meegekomen kunnen zijn.
Tot nu toe één melding bij de scan: een Trace.file.Remote Office manager 3.3!A2 melding met "gemiddeld risico".

hier komt ie dan na ongeveer 5,5 uur:
a-squared Anti-Malware - Versie 4.5
Laatste Update: 26-2-2010 9:54:28

Scan instellingen:

Scan type: N/A
Objecten: Geheugen, Sporen, Cookies, C:\, D:\, E:\, Y:\
Scan archieven: Aan
Heuristieken: Uit
ADS Scan: Aan

Scan starten: 26-2-2010 9:54:57

c:\windows\system32\romwln.dll Ontdekt: Trace.File.Remote Office Manager 3.3!A2
C:\WINDOWS\system32\ROMwln.dll Ontdekt: Trojan-Downloader.Win32.Delf!IK
Y:\System Volume Information\System Volume Information 2\_restore{58CB2224-E74B-4C05-9EF9-4374F1365BCC}F.J.Stols\RP588\A0145146.exe/xpcom.js Ontdekt: Trojan.Win32.C4DLMedia!IK
Y:\System Volume Information\System Volume Information 2\_restore{58CB2224-E74B-4C05-9EF9-4374F1365BCC}F.J.Stols\RP588\A0145146.exe/zigbert.sf Ontdekt: Trojan.Win32.C4DLMedia!IK
Y:\System Volume Information\System Volume Information 2\_restore{58CB2224-E74B-4C05-9EF9-4374F1365BCC}F.J.Stols\RP598\A0147864.exe Ontdekt: Trojan.Win32.Shutdowner!IK
Y:\07 niet classificeerbaar\bird.exe Ontdekt: Trojan.Win32.Refroso.adav!A2

Gescand

Bestanden: 185477
Sporen: 673366
Cookies: 0
Processen: 33

Gevonden

Bestanden: 5
Sporen: 1
Cookies: 0
Processen: 0
Registersleutels: 0

Scan einde: 26-2-2010 14:43:30
Scan tijd: 4:48:33

Merkwaardig was dus dat er in de externe harde schijf ook wat zat. Voorlopig alles in quarantaine gezet. Wat is er nog meer?

Hallo f.j.stols, dat je externe disk ook besmet kan raken, dat is gewoon een feit!

Heel veel besmettingen tegenwoordig gaan via bijv. USB-stick.

Zelfs een bedrijfsnetwerk kan hierdoor danig besmet raken, dat professionele hulp ingeroepen moet worden, om de boel weer recht te trekken!

Nu moet je eerst het volgende doen: de systeemherstelpunten "flushen":

Dus eerst doe je het volgende: Klik met rechts op [b:87f7055f9e]Deze computer [/b:87f7055f9e]en kies [b:87f7055f9e]Eigenschappen[/b:87f7055f9e].
Klik op de tab [b:87f7055f9e]Systeemherstel[/b:87f7055f9e] en schakel [b:87f7055f9e]Systeemherstel[/b:87f7055f9e] uit.

Combofix:
ComboFix 10-02-26.01 - Eigenaar 26-02-2010 18:48:34.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.641 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFix.exe
AV: ESET NOD32 antivirus systeem 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
PEV Error: CookiesFile

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Eigenaar\Application Data\AD ON Multimedia
c:\documents and settings\Eigenaar\Application Data\AD ON Multimedia\eBay Shortcuts\eBayShortcuts.exe
c:\windows\system32\lsprst7.dll
c:\windows\system32\tmpPrst.dll
c:\windows\system32\VB6FR.DLL

.
(((((((((((((((((((( Bestanden Gemaakt van 2010-01-26 to 2010-02-26 ))))))))))))))))))))))))))))))
.

2010-02-26 08:44 . 2010-02-26 17:44 ——– d—–w- c:\program files\a-squared Anti-Malware
2010-02-24 16:09 . 2010-02-26 17:38 ——– d–h–r- c:\documents and settings\Eigenaar\Onlangs geopend
2010-02-23 19:41 . 2010-02-23 19:41 ——– d—–w- c:\documents and settings\Eigenaar\Local Settings\Application Data\CutePDF Writer
2010-02-23 08:08 . 2009-05-29 21:37 205824 —-a-w- c:\windows\system32\xvidvfw.dll
2010-02-23 08:08 . 2009-05-29 21:31 881664 —-a-w- c:\windows\system32\xvidcore.dll
2010-02-23 08:08 . 2004-01-25 16:18 217088 —-a-w- c:\windows\system32\yv12vfw.dll
2010-02-23 08:08 . 2010-02-02 18:00 85504 —-a-w- c:\windows\system32\ff_vfw.dll
2010-02-23 08:08 . 2010-02-23 08:10 ——– d—–w- c:\program files\K-Lite Codec Pack
2010-02-23 07:54 . 2010-02-23 09:23 ——– d—–w- c:\documents and settings\Eigenaar\Application Data\vlc
2010-02-22 10:25 . 2010-02-22 10:32 ——– d—–w- c:\documents and settings\All Users\Application Data\PCPitstop
2010-02-22 10:25 . 2010-02-22 10:40 ——– d—–w- c:\program files\PCPitstop
2010-02-21 14:15 . 2010-02-21 14:15 ——– d—–w- c:\documents and settings\Eigenaar\Local Settings\Application Data\AH Fotoservice
2010-02-20 13:32 . 2010-02-20 13:32 ——– d—–w- c:\documents and settings\All Users\Sjablonen
2010-02-20 13:31 . 2010-02-20 13:35 ——– d—–w- c:\program files\VS Revo Group
2010-02-20 09:35 . 2010-02-20 09:35 ——– d—–w- c:\documents and settings\Eigenaar\Local Settings\Application Data\Help
2010-02-20 07:19 . 2010-02-20 07:19 ——– d—–w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2010-02-18 09:47 . 2010-02-18 09:47 ——– d—–w- c:\documents and settings\Eigenaar\Application Data\Canneverbe_Limited
2010-02-18 09:47 . 2009-11-12 12:48 7168 —-a-w- c:\windows\system32\drivers\StarOpen.sys
2010-02-18 09:47 . 2010-02-18 09:47 ——– d—–w- c:\program files\CDBurnerXP
2010-02-15 20:12 . 2010-02-15 20:19 ——– d—–w- c:\program files\NirSoft
2010-02-15 07:21 . 2009-09-04 16:29 1892184 —-a-w- c:\windows\system32\D3DX9_42.dll
2010-02-15 07:21 . 2006-09-28 15:05 2414360 —-a-w- c:\windows\system32\d3dx9_31.dll
2010-02-15 07:21 . 2010-02-15 07:21 ——– d—–w- c:\windows\Logs
2010-02-15 07:20 . 2010-02-15 07:20 ——– d—–w- c:\program files\Winamp Detect
2010-02-11 10:42 . 2010-02-11 10:42 86016 —-a-w- c:\windows\system32\frapsvid.dll
2010-02-09 19:35 . 2010-02-10 09:38 ——– d—–w- c:\documents and settings\Eigenaar\Application Data\Skype
2010-02-09 19:34 . 2010-02-09 19:34 ——– d—–w- c:\program files\Common Files\Skype
2010-02-09 19:34 . 2010-02-09 19:34 ——– d—–r- c:\program files\Skype
2010-02-09 12:01 . 2010-02-10 13:39 ——– d—–w- c:\program files\OpenOffice.org 3
2010-02-05 08:01 . 2010-02-05 08:01 348160 —-a-w- c:\documents and settings\Eigenaar\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-60dbcdb9-n\msvcr71.dll
2010-02-05 08:01 . 2010-02-05 08:01 503808 —-a-w- c:\documents and settings\Eigenaar\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-60dbcdb9-n\msvcp71.dll
2010-02-05 08:01 . 2010-02-05 08:01 61440 —-a-w- c:\documents and settings\Eigenaar\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-22c610d6-n\decora-sse.dll
2010-02-05 08:01 . 2010-02-05 08:01 499712 —-a-w- c:\documents and settings\Eigenaar\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-60dbcdb9-n\jmc.dll
2010-02-05 08:01 . 2010-02-05 08:01 12800 —-a-w- c:\documents and settings\Eigenaar\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-22c610d6-n\decora-d3d.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-26 15:55 . 2008-07-14 15:24 ——– d—–w- c:\documents and settings\Eigenaar\Application Data\MailWasherPro
2010-02-26 15:52 . 2008-10-09 12:04 2902524 —-a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-02-26 07:51 . 2008-07-15 08:52 ——– d–h–w- c:\program files\InstallShield Installation Information
2010-02-25 16:33 . 2009-08-29 13:22 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
2010-02-25 09:35 . 2010-02-25 15:48 1867776 —-a-w- c:\windows\Internet Logs\xDB26.tmp
2010-02-23 20:01 . 2010-01-20 10:21 2247688 —-a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-23 20:01 . 2010-02-24 07:30 41984 —-a-w- c:\windows\Internet Logs\xDBF8.tmp
2010-02-23 09:22 . 2008-12-27 16:22 ——– d—–w- c:\documents and settings\Eigenaar\Application Data\dvdcss
2010-02-22 20:04 . 2010-02-23 07:49 1860096 —-a-w- c:\windows\Internet Logs\xDB3E.tmp
2010-02-22 20:04 . 2010-02-23 07:49 114176 —-a-w- c:\windows\Internet Logs\xDB3D.tmp
2010-02-22 15:11 . 2008-07-16 17:53 ——– d—–w- c:\program files\Google
2010-02-22 09:22 . 2009-10-31 10:14 ——– d—–w- c:\program files\7-Zip
2010-02-21 14:23 . 2008-07-17 07:11 256780 —-a-w- c:\documents and settings\Eigenaar\Application Data\mdb.bin
2010-02-21 14:05 . 2010-02-21 14:05 50612 —-a-w- c:\documents and settings\Eigenaar\Application Data\mdbu.bin
2010-02-20 11:29 . 2010-02-20 11:33 37888 —-a-w- c:\windows\Internet Logs\xDB8.tmp
2010-02-20 07:06 . 2009-03-02 10:16 ——– d—–w- c:\documents and settings\All Users\Application Data\OnlineBackupClient
2010-02-19 14:17 . 2010-02-20 07:07 163840 —-a-w- c:\windows\Internet Logs\xDB17.tmp
2010-02-19 10:14 . 2008-07-19 12:39 ——– d—–w- c:\documents and settings\Eigenaar\Application Data\ArcSoft
2010-02-18 09:43 . 2008-08-17 17:19 ——– d—–w- c:\program files\Defraggler
2010-02-18 09:38 . 2010-02-18 09:41 1832960 —-a-w- c:\windows\Internet Logs\xDB7.tmp
2010-02-18 09:35 . 2008-12-26 13:44 ——– d—–w- c:\documents and settings\All Users\Application Data\Nero
2010-02-18 09:31 . 2008-12-26 15:37 ——– d—–w- c:\program files\Common Files\Nero
2010-02-18 08:56 . 2008-12-26 13:49 ——– d—–w- c:\documents and settings\Eigenaar\Application Data\Nero
2010-02-17 09:27 . 2008-07-14 15:48 ——– d—–w- c:\program files\PowerArchiver
2010-02-15 20:24 . 2010-02-16 06:33 1817088 —-a-w- c:\windows\Internet Logs\xDB71.tmp
2010-02-15 20:24 . 2010-02-16 06:33 65024 —-a-w- c:\windows\Internet Logs\xDB70.tmp
2010-02-15 07:21 . 2008-11-01 04:58 ——– d—–w- c:\program files\Winamp
2010-02-15 07:07 . 2010-01-06 16:23 ——– d—–w- c:\program files\Recuva
2010-02-14 19:45 . 2010-02-15 06:29 26624 —-a-w- c:\windows\Internet Logs\xDB6.tmp
2010-02-14 13:05 . 2010-02-14 18:20 40448 —-a-w- c:\windows\Internet Logs\xDB5.tmp
2010-02-13 12:14 . 2010-02-13 13:21 97280 —-a-w- c:\windows\Internet Logs\xDB21.tmp
2010-02-13 12:14 . 2010-02-13 13:21 1803264 —-a-w- c:\windows\Internet Logs\xDB25.tmp
2010-02-10 15:46 . 2010-02-11 08:00 77312 —-a-w- c:\windows\Internet Logs\xDB1F.tmp
2010-02-10 08:38 . 2009-11-23 10:30 ——– d—–w- c:\documents and settings\Eigenaar\Application Data\skypePM
2010-02-09 19:34 . 2009-11-23 10:24 ——– d—–w- c:\documents and settings\All Users\Application Data\Skype
2010-02-09 14:33 . 2009-10-02 13:39 1 —-a-w- c:\documents and settings\Eigenaar\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-09 12:21 . 2008-07-11 15:54 82344 —-a-w- c:\documents and settings\Eigenaar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-08 20:28 . 2010-02-09 07:52 50176 —-a-w- c:\windows\Internet Logs\xDB24.tmp
2010-02-07 11:09 . 2008-07-16 17:50 ——– d—–w- c:\program files\Easy Rolodex 3.0
2010-02-06 20:01 . 2010-02-07 07:31 53248 —-a-w- c:\windows\Internet Logs\xDB23.tmp
2010-02-06 20:01 . 2010-02-07 07:31 1778688 —-a-w- c:\windows\Internet Logs\xDB27.tmp
2010-02-06 19:47 . 2009-02-24 09:35 ——– d—–w- c:\program files\Flickr Uploadr
2010-02-06 09:59 . 2010-02-06 10:02 74752 —-a-w- c:\windows\Internet Logs\xDB3.tmp
2010-02-06 09:59 . 2010-02-06 10:02 1775616 —-a-w- c:\windows\Internet Logs\xDB4.tmp
2010-01-20 15:33 . 2010-01-20 16:53 1772032 —-a-w- c:\windows\Internet Logs\xDB2.tmp
2010-01-20 15:33 . 2010-01-20 16:53 155648 —-a-w- c:\windows\Internet Logs\xDB1.tmp
2010-01-20 10:21 . 2010-01-20 10:19 ——– d—–w- c:\program files\1AVCapture
2010-01-20 09:54 . 2010-01-20 09:54 ——– d—–w- c:\program files\TechSmith
2010-01-20 09:53 . 2010-01-20 09:53 ——– d—–w- c:\program files\Common Files\Wise Installation Wizard
2010-01-18 11:30 . 2010-01-18 11:30 ——– d—–w- c:\program files\GlobFX
2010-01-17 21:01 . 2010-01-18 07:53 50176 —-a-w- c:\windows\Internet Logs\xDB60.tmp
2010-01-16 11:30 . 2010-01-16 15:28 171008 —-a-w- c:\windows\Internet Logs\xDB22.tmp
2010-01-16 11:29 . 2010-01-16 11:22 ——– d—–w- c:\documents and settings\Eigenaar\Application Data\SWF.max
2010-01-16 10:55 . 2010-01-16 10:55 ——– d—–w- c:\program files\IObit
2010-01-16 10:10 . 2009-12-03 08:20 ——– d—–w- c:\program files\a-squared Free
2010-01-15 14:54 . 2010-01-15 14:54 503808 —-a-w- c:\documents and settings\Eigenaar\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26d1b5d8-n\msvcp71.dll
2010-01-15 14:54 . 2010-01-15 14:54 348160 —-a-w- c:\documents and settings\Eigenaar\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26d1b5d8-n\msvcr71.dll
2010-01-15 14:54 . 2010-01-15 14:54 499712 —-a-w- c:\documents and settings\Eigenaar\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26d1b5d8-n\jmc.dll
2010-01-15 14:54 . 2010-01-15 14:54 61440 —-a-w- c:\documents and settings\Eigenaar\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26d1b5d8-n\decora-sse.dll
2010-01-15 14:54 . 2010-01-15 14:54 12800 —-a-w- c:\documents and settings\Eigenaar\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-26d1b5d8-n\decora-d3d.dll
2010-01-15 14:54 . 2010-01-15 14:54 315392 —-a-w- c:\documents and settings\Eigenaar\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-7fea3633-n\jogl.dll
2010-01-15 14:54 . 2010-01-15 14:54 20480 —-a-w- c:\documents and settings\Eigenaar\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-7fea3633-n\jogl_awt.dll
2010-01-15 14:54 . 2010-01-15 14:54 114688 —-a-w- c:\documents and settings\Eigenaar\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-7fea3633-n\jogl_cg.dll
2010-01-15 14:54 . 2010-01-15 14:54 20480 —-a-w- c:\documents and settings\Eigenaar\Application Data\Sun\Java\Deployment\SystemCache\6.0\45\4f710eed-5481c916-n\gluegen-rt.dll
2010-01-15 14:54 . 2008-07-15 08:23 ——– d—–w- c:\program files\Common Files\Java
2010-01-15 14:53 . 2008-11-26 12:18 411368 —-a-w- c:\windows\system32\deploytk.dll
2010-01-15 14:53 . 2010-01-15 14:53 ——– d—–w- c:\program files\Java
2010-01-15 14:39 . 2010-01-15 14:10 ——– d—–w- c:\documents and settings\Eigenaar\Application Data\eM Client
2010-01-13 02:59 . 2010-01-13 02:59 ——– d—–w- c:\program files\NT Registry Optimizer
2010-01-12 14:17 . 2008-12-21 20:22 ——– d—–w- c:\program files\Adres 2000
2010-01-11 15:31 . 2010-01-11 15:31 ——– d—–w- c:\program files\MailWasher Pro
2010-01-11 15:28 . 2010-01-11 15:26 ——– d—–w- c:\documents and settings\Eigenaar\Application Data\MailWasher
2010-01-08 22:42 . 2010-01-08 22:42 3366912 —-a-w- c:\windows\system32\GPhotos.scr
2010-01-07 15:07 . 2009-08-29 13:22 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-08-29 13:22 19160 —-a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 19:41 . 2009-03-02 10:16 ——– d—–w- c:\program files\Backup Zeker
2010-01-05 18:06 . 2010-01-05 18:06 118274 —-a-w- c:\windows\Internet Logs\vsmon_2nd_2010_01_05_19_00_03_small.dmp.zip
2010-01-05 15:34 . 2009-01-18 15:58 30 —-a-w- c:\program files\Exiferupdate.ini
2010-01-05 12:12 . 2010-01-05 12:10 ——– d—–w- c:\documents and settings\Eigenaar\Application Data\GoodSync
2010-01-05 10:59 . 2010-01-05 10:59 ——– d—–w- c:\documents and settings\All Users\Application Data\Softland
2010-01-05 10:58 . 2010-01-05 10:58 ——– d—–w- c:\program files\Softland
2010-01-05 10:58 . 2010-01-05 10:58 ——– d—–w- c:\documents and settings\Eigenaar\Application Data\Softland
2010-01-04 07:22 . 2009-12-17 12:48 ——– d—–w- c:\program files\Exif Viewer
2010-01-02 18:14 . 2009-12-27 12:50 ——– d—–w- c:\program files\Exact Audio Copy
2010-01-01 12:44 . 2010-01-01 12:49 1394608 —-a-w- c:\documents and settings\All Users\Application Data\hps\8\Setup Fotoservice\setup_Fotoservice.exe
2010-01-01 12:44 . 2009-11-01 08:48 1394608 —-a-w- c:\documents and settings\All Users\Application Data\hps\8\setup_Fotoservice.exe
2010-01-01 09:48 . 2009-01-19 13:05 ——– d—–w- c:\program files\FastStone Photo Resizer
2009-12-31 16:50 . 2004-08-04 12:00 353792 —-a-w- c:\windows\system32\drivers\srv.sys
2009-12-30 11:05 . 2009-12-30 11:05 ——– d—–w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-12-29 11:39 . 2009-12-29 11:39 ——– d—–w- c:\documents and settings\Eigenaar\Application Data\CheckPoint
2009-12-29 11:39 . 2009-12-29 11:39 ——– d—–w- c:\program files\CheckPoint
2009-12-29 11:39 . 2008-07-14 15:50 4212 —ha-w- c:\windows\system32\zllictbl.dat
2009-12-21 19:10 . 2004-08-04 12:00 916480 —-a-w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2008-07-11 14:58 345600 —-a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-04 12:00 33280 —-a-w- c:\windows\system32\csrsrv.dll
2009-12-12 14:15 . 2009-12-26 11:17 178176 —-a-w- c:\windows\system32\unrar.dll
2009-12-10 18:18 . 2001-09-07 12:00 92780 —-a-w- c:\windows\system32\perfc013.dat
2009-12-10 18:18 . 2001-09-07 12:00 513472 —-a-w- c:\windows\system32\perfh013.dat
2009-12-09 10:11 . 2004-08-04 12:00 2193536 —-a-w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-04 00:58 2070400 —-a-w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-08-01 949376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"nwiz"="nwiz.exe" [2003-07-28 323584]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /Lutch /KBD:2

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^FotoStation Easy AutoLaunch.lnk]
backup=c:\windows\pss\FotoStation Easy AutoLaunch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Eigenaar^Menu Start^Programma's^Opstarten^ePrompter.lnk]
backup=c:\windows\pss\ePrompter.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Eigenaar^Menu Start^Programma's^Opstarten^OneNote 2007 Schermopname en Snel starten.lnk]
backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Eigenaar^Menu Start^Programma's^Opstarten^OpenOffice.org 2.0.lnk]
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Eigenaar^Menu Start^Programma's^Opstarten^Photoshop Elements 7.0.lnk]
backup=c:\windows\pss\Photoshop Elements 7.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Eigenaar^Menu Start^Programma's^Opstarten^Secunia PSI.lnk]
backup=c:\windows\pss\Secunia PSI.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Eigenaar^Menu Start^Programma's^Opstarten^Shrink Pic.lnk]
backup=c:\windows\pss\Shrink Pic.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shico
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-01-06 14:33 2335952 —-a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
2001-09-25 08:39 1134592 —-a-w- c:\windows\Mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotKey]
2000-08-30 15:55 456192 —-a-w- c:\windows\mHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detection]
2007-06-25 12:16 101376 —-a-w- c:\program files\Albert Heijn Fotoservice\dd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\filehippo.com]
2009-11-02 13:54 155648 —-a-w- c:\program files\filehippo.com\UpdateChecker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jing]
2009-12-14 16:27 3118344 —-a-w- c:\program files\TechSmith\Jing\Jing.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 —-a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TimeUp]
2003-01-31 15:00 1081344 ——w- c:\program files\TimeUp\TimeUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-11-13 11:31 247144 —-a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Backup Zeker\\OnlineBackupClient.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [16-7-2008 21:07 15424]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16-9-2008 12:03 169312]
R2 OnlineBackupService;OnlineBackupService;c:\program files\Backup Zeker\OnlineBackupService.exe [2-3-2009 11:16 34120]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13-11-2009 12:31 92008]
R3 ham50;V9X HAM 1394V;c:\windows\system32\drivers\CTXH51.sys [11-7-2008 16:23 454815]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys –> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\Eigenaar\LOCALS~1\Temp\cpuz130\cpuz_x32.sys –> c:\docume~1\Eigenaar\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys –> c:\windows\system32\drivers\hitmanpro3.sys [?]
.
Inhoud van de 'Gedeelde Taken' map

2010-02-26 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df.exe [2010-02-12 14:39]
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.google.nl/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: c:\windows\system32\imon.dll
DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
FF - ProfilePath - c:\documents and settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\9pvc4xfa.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2088433&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ToggleDU Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

—- FIREFOX POLICIES —-

FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com";
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff";
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties";
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties";
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org";
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com";
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS VERWIJDERD - - - -

URLSearchHooks-{46735dee-f862-49d1-876d-6382794dc625} - (no file)
BHO-{46735dee-f862-49d1-876d-6382794dc625} - (no file)
WebBrowser-{46735DEE-F862-49D1-876D-6382794DC625} - (no file)
MSConfigStartUp-NBJ - c:\program files\Ahead\Nero BackItUp\NBJ.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
MSConfigStartUp-PowerArchiver Tray - c:\program files\PowerArchiver\PASTARTER.EXE
MSConfigStartUp-SSBkgdUpdate - c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
MSConfigStartUp-VistaStartMenuSE - c:\program files\Vista Start Menu\VistaStartMenu.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-26 19:00
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen …

scannen van verborgen autostart items …

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MailWasher = c:\progra~1\MAILWA~1\MAILWA~1.EXE?

scannen van verborgen bestanden …

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10e.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•¤|ÿÿÿÿ"•¤|þ»Ñw*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–¤|ÿÿÿÿ¤•¤|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\¤–}|ÿÿÿÿÀ•}|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
——————— DLLs Geladen Onder Lopende Processen ———————

- - - - - - - > 'lsass.exe'(724)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Voltooingstijd: 2010-02-26 19:06:04
ComboFix-quarantined-files.txt 2010-02-26 18:05

Pre-Run: 25.573.621.760 bytes beschikbaar
Post-Run: 25.521.836.032 bytes beschikbaar

- - End Of File - - 673C0F71D4E1CDAFFCE6ED0520A0D5BF
(ben benieuwd!)

Hallo f.j.stols, hoe heeft jouw Windows gereageerd op Combofix?

Op zich een plezierig idee dat er een aantal verkeerde zaken verwijderd zijn. Het opstarten van de pc is niet echt sneller geworden; wel de email (O.E.) en internet (F.F.) lijkt hetDaar valt mee te leven, en zal waarschijnlijk alleen verbeteren met een nieuwe Windows. Vraagje: hoe zat dat nou met die keylogger? Moet ik A squared laten meedraaien, of was dat alleen voor deze actie? Als regel gebruik ik alleen Ccleaner en Mbam.In ieder geval heel veel dank voor de uitvoerige adviezen en begeleiding.

Hallo f.j.stols, ik ben nog niet aan het einde van mijn latijn hoor.

Eerst even twee vragen:

1) defragmenteer je wel eens

2) als je Taakbeheer opstart, wat staat er dan aangegeven voor Processorverbruik en aantal processen?


A-squarred overlapt deels MBAM (en andersom) - je kan het zien als aanvulling!



Dan mag je nu wat opruimwerkzaamheden gaan doen:


Combofix mag je nu verwijderen: ga naar

Antwoorden:
Defragmenteren doe ik regelmatig(met Defraggler). In taakbeheer zie ik
[img:f060f50c18]http://i45.tinypic.com/r7oodj.jpg[/img:f060f50c18]
Was dat de bedoeling?
Combofix is verwijderd en O.T.C. heb ik inmiddels laten lopen.
Merkwaardig is wel dat F.F. ineens niet meer mij standaardbrowser is.

Als je FireFox opstart - komt dan niet de vraag of FF je standaard browser is?

Indien wel, dan een vinkje zetten!

Wat Taakbeheer betreft bedoel ik eigenlijk datgeen wat op de onderste regel staat of via de tab Prestaties af te lezen is.

Inmiddels met FF geregeld.Hoe zat dat nu met die Keygen die ergens nog te zien was?
En bedoel je met taakbeheer die grafieken van CPU en wisselbestand? (geeft wel aan hoe het met mijn kennis gesteld is..)
Opstarttijd blijft vrijwel gelijk: alle fases duren lang zoals de blauwe blokjes, het welkom-scherm en het lege bureaublad. na 3 minuten hoor ik als eerste de printer ontwaken.

Wat betreft de lange opstart - hoe groot is de Fontsmap in C:\Windows?

Fijn dat je FF hebt kunnen regelen.

Wat lees je nu in de onderste balk van Taakbeher over Processen en CPU-gebruik?

Dit had ik geschreven over die keygen: "ik kan me vergissen hoor, maar zo te zien heb je een keygen gebruikt voor ZoneAlarm."

Doe daarom het volgende: Download [b:ebf8913bb5]CKScanner by askey 127[/b:ebf8913bb5] en sla het op je bueaublad op.

Vista en Win 7 gebruikers gebruiken dit tool via rechtsklik en kiezen voor Als Administrator uitvoeren.

• Klik/dubbelklik op [b:ebf8913bb5]CKScanner by askey 127[/b:ebf8913bb5] om het tool te starten en klik op Search for Files.
• Na een korte tijd, wanneer de zandloper verdwijnt, klik dan op Save List To File
• Een berichtvenster zal bevestigen dat het dokument is opgelagen.
• Klik/dubbelklik op de CKFiles.txt snelkoppeling op je bureaublad en kopiëer en plak de inhoud in je volgende post.

in taakbeheer:
processe 34, CPU 19% (varieert uiteraard) Geheugengebruik 326/2462 MB, en de Fontsmap is 79,6 M in Windows.
Logje : CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11
—– EOF —–
Ben benieuwd.

Mooi resultaat van de CKS-skanner.
Wees dus gerust dat mijn vermoeden over die keygen niet bewaarheid is geworden.

[b:d2bf9b29db]processe 34, CPU 19% (varieert uiteraard)[/b:d2bf9b29db]

- het aantal processen is netjes; dat CPU-gebruik - is dat met FF opgestart?

gôh wat een tijd steek je hier in! CPU is dus mèt FF opgestart.
Nog meer wat ik doen kan? Font map niet te groot? per slot gebruik ik maar een dozijn lettertypes hooguit.

Bootvis was ik op het forum al eens eerder tegen gekomen, maar al deze handelingen toen niet verricht (nu wel).Het opstarten gaat inderdaad wat sneller. Probeerde de diverse opstart-schermen te timen, maar alles bij elkaar zo'n 3,5 minuten. In ieder geval heeft het geholpen.
Kan bootvis nu weer weg of blijft het op de achtergrond meedraaien? Defrag zal ik hierna doen.