ComboFix 12-05-18.01 - Guy 20/05/2012 18:38:45.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.2046.1096 [GMT 2:00] Gestart vanuit: d:\documents and settings\Guy\Mijn documenten\Downloads\ComboFix.exe gebruikte Opdracht switches :: d:\documents and settings\Guy\Bureaublad\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66} . FILE :: "C:\user.js" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\DealPly c:\program files\DealPly\DealPly.crx c:\program files\DealPly\DealPly.xpi c:\windows\system32\uxt7C.tmp d:\documents and settings\All Users\Application Data\TEMP d:\documents and settings\Guy\Application Data\Babylon d:\documents and settings\Guy\Application Data\Babylon\log_file.txt d:\documents and settings\Guy\Local Settings\Application Data\Babylon d:\documents and settings\Guy\Local Settings\Application Data\Babylon\Setup\bab033.tbinst.dat d:\documents and settings\Guy\Local Settings\Application Data\Babylon\Setup\bab091.norecovericon.dat d:\documents and settings\Guy\Local Settings\Application Data\Babylon\Setup\Babylon.dat d:\documents and settings\Guy\Local Settings\Application Data\Babylon\Setup\HtmlScreens\blueStar.png d:\documents and settings\Guy\Local Settings\Application Data\Babylon\Setup\HtmlScreens\eula.html d:\documents and settings\Guy\Local Settings\Application Data\Babylon\Setup\HtmlScreens\globe.png d:\documents and settings\Guy\Local Settings\Application Data\Babylon\Setup\HtmlScreens\options.js d:\documents and settings\Guy\Local Settings\Application Data\Babylon\Setup\HtmlScreens\page0.html d:\documents and settings\Guy\Local Settings\Application Data\Babylon\Setup\HtmlScreens\page2.css d:\documents and settings\Guy\Local Settings\Application Data\Babylon\Setup\HtmlScreens\page2.html d:\documents and settings\Guy\Local Settings\Application Data\Babylon\Setup\HtmlScreens\page2Lrg.css d:\documents and settings\Guy\Local Settings\Application Data\Babylon\Setup\HtmlScreens\page3.css d:\documents and settings\Guy\Local Settings\Application Data\Babylon\Setup\HtmlScreens\page3.html d:\documents and settings\Guy\Local Settings\Application Data\Babylon\Setup\HtmlScreens\page3Lrg.css d:\documents and settings\Guy\Local Settings\Application Data\Babylon\Setup\HtmlScreens\pBar.gif d:\documents and settings\Guy\Local Settings\Application Data\Babylon\Setup\HtmlScreens\progress.png d:\documents and settings\Guy\Local Settings\Application Data\Babylon\Setup\HtmlScreens\setup.js d:\documents and settings\Guy\Local Settings\Application Data\Babylon\Setup\HtmlScreens\title.png d:\documents and settings\Guy\Local Settings\Application Data\Babylon\Setup\HtmlScreens\toolBar.jpg d:\documents and settings\Guy\Local Settings\Application Data\Babylon\Setup\Setup-latest-30b.zpb d:\documents and settings\Guy\Local Settings\Application Data\Babylon\Setup\Setup-tbmntr903.zpb d:\documents and settings\Guy\Local Settings\Application Data\Babylon\Setup\SetupStrings.dat d:\documents and settings\Guy\Local Settings\Application Data\Babylon\Setup\sign . . (((((((((((((((((((( Bestanden Gemaakt van 2012-04-20 to 2012-05-20 )))))))))))))))))))))))))))))) . . 2012-05-20 10:19 . 2012-05-20 10:19 56200 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{67A101B9-64FD-48FD-959E-3D26B96EF52F}\offreg.dll 2012-05-20 09:16 . 2012-05-20 09:16 29904 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{67A101B9-64FD-48FD-959E-3D26B96EF52F}\MpKsl80b8ef47.sys 2012-05-20 09:12 . 2012-05-20 09:12 -------- d--h--r- d:\documents and settings\Guy\Onlangs geopend 2012-05-20 08:50 . 2012-05-08 16:40 6737808 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{67A101B9-64FD-48FD-959E-3D26B96EF52F}\mpengine.dll 2012-05-20 08:49 . 2012-05-20 08:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-05-20 08:49 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-19 08:31 . 2012-05-08 16:40 6737808 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-05-19 08:09 . 2012-05-19 08:09 -------- d-sh--w- d:\documents and settings\LocalService.NT AUTHORITY.011 2012-05-19 08:09 . 2012-05-19 08:09 -------- d-sh--w- d:\documents and settings\NetworkService.NT AUTHORITY.011 2012-05-19 08:08 . 2012-05-19 08:08 -------- d-----w- c:\windows\system32\wbem\Repository 2012-05-19 08:06 . 2012-05-19 08:06 -------- d-----w- c:\program files\AVG Secure Search 2012-05-08 14:56 . 2012-05-08 14:56 -------- d-----w- c:\windows\Temp0FA583CB-46B2-4CF8-6D72-D285092CF059-Signatures 2012-04-28 12:58 . 2012-05-19 08:09 -------- d-sh--w- d:\documents and settings\LocalService.NT AUTHORITY.010 2012-04-28 12:58 . 2012-05-19 08:09 -------- d-sh--w- d:\documents and settings\NetworkService.NT AUTHORITY.010 2012-04-28 12:56 . 2012-04-28 12:56 -------- d-----w- d:\documents and settings\All Users\Application Data\AVG Secure Search 2012-04-28 12:56 . 2012-04-28 12:56 -------- d-----w- c:\program files\Common Files\AVG Secure Search 2012-04-26 20:31 . 2012-04-26 19:35 12952 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys 2012-04-26 20:31 . 2012-04-26 19:35 16024 ----a-w- c:\windows\system32\drivers\pssnap.sys 2012-04-26 20:31 . 2012-04-26 19:34 53912 ----a-w- c:\windows\system32\drivers\psmounter.sys 2012-04-25 15:36 . 2012-04-25 15:36 -------- d-----w- d:\documents and settings\All Users\Application Data\Macrium 2012-04-25 15:35 . 2012-04-25 15:35 -------- d-----w- c:\program files\Macrium 2012-04-24 15:56 . 2012-04-24 15:56 -------- d-----w- d:\documents and settings\Guy\Application Data\OpenOffice.org 2012-04-24 15:54 . 2012-04-24 15:54 -------- d-----w- c:\program files\OpenOffice.org 3 2012-04-22 17:13 . 2012-04-22 17:13 -------- d-----w- c:\program files\Bomber Mario 2012-04-22 17:03 . 1994-09-20 22:00 92208 ----a-w- c:\windows\system\WING.DLL 2012-04-22 17:03 . 1994-09-20 22:00 6736 ----a-w- c:\windows\system\WINGDIB.DRV 2012-04-22 17:03 . 1994-09-20 22:00 12800 ----a-w- c:\windows\system\WING32.DLL 2012-04-22 17:03 . 1994-08-23 22:00 188960 ----a-w- c:\windows\system\WINGDE.DLL 2012-04-22 16:57 . 2012-04-22 17:03 -------- d-----w- C:\KA 2012-04-22 16:22 . 2012-04-28 12:58 -------- d-sh--w- d:\documents and settings\LocalService.NT AUTHORITY.009 2012-04-22 16:22 . 2012-04-28 12:58 -------- d-sh--w- d:\documents and settings\NetworkService.NT AUTHORITY.009 2012-04-22 16:10 . 2012-04-22 16:10 -------- d-----w- d:\documents and settings\Guy\Local Settings\Application Data\VS Revo Group 2012-04-22 16:10 . 2012-04-22 16:10 -------- d-----w- c:\program files\VS Revo Group 2012-04-22 07:32 . 2012-04-22 07:32 237 ----a-w- C:\user.js 2012-04-22 07:32 . 2012-04-22 16:21 -------- d-----w- c:\program files\GPLGS 2012-04-22 07:32 . 2012-04-22 16:21 -------- d-----w- C:\Program1 2012-04-22 07:32 . 2012-04-22 16:21 -------- d-----w- c:\program files\PDFCreator 2012-04-22 07:06 . 2012-04-22 17:20 -------- d-----w- c:\program files\Mario Forever . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-10 14:25 . 2012-04-11 14:24 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-10 14:25 . 2011-05-19 06:33 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-13 16:28 . 2011-09-25 06:20 11232 ----a-w- c:\windows\system32\drivers\SWDUMon.sys 2012-04-11 13:55 . 2004-08-03 22:58 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-11 13:55 . 2004-09-10 15:23 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 13:55 . 2004-09-10 15:23 1862400 ----a-w- c:\windows\system32\win32k.sys 2012-03-20 18:44 . 2011-04-18 11:18 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-03-07 00:15 . 2011-08-10 16:34 41184 ----a-w- c:\windows\avastSS.scr 2012-03-07 00:15 . 2011-08-10 16:34 201352 ----a-w- c:\windows\system32\aswBoot.exe 2012-03-07 00:03 . 2011-08-10 16:34 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-03-07 00:03 . 2011-08-10 16:34 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-03-07 00:02 . 2011-08-10 16:34 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-03-07 00:01 . 2011-08-10 16:34 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-03-07 00:01 . 2011-08-10 16:34 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2012-03-07 00:01 . 2011-08-10 16:34 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys 2012-03-07 00:01 . 2011-08-10 16:34 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-03-06 23:58 . 2011-08-10 16:34 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2012-03-01 18:13 . 2012-03-01 18:13 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-03-01 18:13 . 2011-02-07 21:31 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-01 11:00 . 2004-09-10 15:23 916992 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 11:00 . 2004-09-10 15:23 43520 ------w- c:\windows\system32\licmgr10.dll 2012-03-01 11:00 . 2004-09-10 15:23 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:10 . 2004-09-10 15:23 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10 . 2004-09-10 15:23 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:17 . 2004-09-10 15:22 385024 ------w- c:\windows\system32\html.iec 2011-12-21 08:02 . 2011-12-23 09:28 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-05-20_10.49.08 ))))))))))))))))))))))))))))))))))))))))) . + 2011-04-15 08:47 . 2012-05-20 11:28 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll - 2011-04-15 08:47 . 2012-05-19 10:07 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll + 2012-05-20 11:27 . 2012-05-20 11:27 23771136 c:\windows\Installer\78f673.msp . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-09 39408] "A9478F9A050BCBAFD47A20722A9FB242E54AEE42._service_run"="d:\documents and settings\Guy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011-10-26 1036344] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512] "PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 29984] "PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoFileAssociate"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina] 2006-01-30 06:53 49152 ----a-w- c:\apps\Softex\OmniPass\OPXPGina.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk /r \??\J:\0autocheck autochk * . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A9478F9A050BCBAFD47A20722A9FB242E54AEE42._service_run] 2011-10-26 08:10 1036344 ----a-w- d:\documents and settings\Guy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid] 2011-02-03 08:20 2068480 ----a-w- c:\program files\Belgium Identity Card\beid35gui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2011-02-09 19:12 136176 ----atw- d:\documents and settings\Guy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPass] 2006-01-30 07:56 1978368 ----a-w- c:\apps\Softex\OmniPass\scureapp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] 2006-02-23 10:08 147456 ----a-w- c:\apps\Powercinema\PCMService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2011-02-09 19:12 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBestCR] 2011-05-19 13:48 7041024 ----a-w- c:\program files\Sitecom MD-020 SIM Editor\iconcs278734.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" -r "d:\documents and settings\All Users\Application Data\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "d:\\Program Files\\FrostWire\\FrostWire.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2011.SP1\\RpcAgentSrv.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2011.SP1\\WNt500x86\\RpcSandraSrv.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\WINDOWS\\system32\\muzapp.exe"= "c:\\Program Files\\Blubster\\Blubster.exe"= "c:\\APPS\\skype\\phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) . R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [23/09/2011 20:37 38920] R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [23/09/2011 20:37 42376] R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [26/04/2012 22:31 16024] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/09/2011 13:09 697328] R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [22/05/2011 12:02 752128] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/08/2011 18:34 612184] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/08/2011 18:34 337880] R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [23/09/2011 20:37 16008] R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [23/09/2011 20:37 184072] R1 MpKsl80b8ef47;MpKsl80b8ef47;d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{67A101B9-64FD-48FD-959E-3D26B96EF52F}\MpKsl80b8ef47.sys [20/05/2012 11:16 29904] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/08/2011 18:34 20696] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [20/05/2012 10:49 654408] R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [9/03/2010 0:40 144672] R2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [26/04/2012 22:31 224920] R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [10/02/2011 19:40 14976] R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [13/04/2012 18:28 918880] R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [5/09/2006 15:55 2831232] R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [3/07/2011 7:44 167968] R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [8/09/2011 9:26 71424] R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSib.sys [8/09/2011 9:26 11520] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [20/05/2012 10:49 22344] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [15/02/2011 21:42 47360] S2 AfaService;Afa Card Reader Service;c:\windows\system32\afasrv32.exe [19/05/2011 15:48 65536] S2 afcdpsrv;Acronis Nonstop Backup-service ;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [3/07/2011 7:44 3246040] S2 EaseUS Agent;EaseUS Agent;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [23/09/2011 20:34 60040] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/02/2011 21:12 136176] S2 LiveTunerPM;Ashampoo LiveTuner ProcessMonitor Driver;\??\j:\ashampoo winoptimizer 8\LiveTunerProcessMonitor32.sys --> j:\ashampoo winoptimizer 8\LiveTunerProcessMonitor32.sys [?] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [11/04/2012 16:24 257696] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [25/09/2011 8:23 1691480] S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [30/09/2011 15:27 30312] S3 DfSdkS;Defragmentation-Service;d:\program files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\DfSdkS.exe [20/09/2011 22:38 406016] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [23/09/2011 21:35 13192] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [23/09/2011 21:35 8456] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/02/2011 21:12 136176] S3 MHIKEY10;MHIKEY10;c:\windows\system32\drivers\MHIKEY10.sys [19/05/2011 15:47 51072] S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [6/01/2010 17:21 594048] S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP1\RpcAgentSrv.exe [14/02/2011 22:06 93848] S3 SIVDriver;SIV Kernel Driver;c:\windows\system32\drivers\SIVX32.sys [14/02/2011 14:38 82368] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [30/09/2011 15:27 121064] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [30/09/2011 15:27 12776] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [30/09/2011 15:27 136808] S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [30/09/2011 15:27 114280] S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [25/09/2011 8:20 11232] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [10/09/2004 17:23 14336] S3 WO_LiveService;Ashampoo LiveTuner Service;j:\ashampoo winoptimizer 8\LiveTunerService.exe --> j:\ashampoo winoptimizer 8\LiveTunerService.exe [?] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - CPUZ135 *NewlyCreated* - MPKSL80B8EF47 *Deregistered* - cpuz135 *Deregistered* - TuneUpUtilitiesDrv . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM . Inhoud van de 'Gedeelde Taken' map . 2012-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 14:25] . 2011-05-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . 2012-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd09094c35cd84.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-09 19:12] . 2011-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-09 19:12] . 2011-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644227680-366422122-658230906-1006Core.job - d:\documents and settings\Guy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-16 19:12] . 2011-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644227680-366422122-658230906-1006UA.job - d:\documents and settings\Guy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-16 19:12] . 2012-05-20 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 15:03] . 2012-05-20 c:\windows\Tasks\MpIdleTask.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 15:03] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.deredactie.be/ mStart Page = hxxp://www.toggle.com/nl/index.php?rvs=hompag IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Openen in PDF Viewer Plus - c:\program files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm TCP: DhcpNameServer = 195.130.130.130 195.130.131.130 FF - ProfilePath - d:\documents and settings\Guy\Application Data\Mozilla\Firefox\Profiles\8ewwy4mv.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.volleyvvb.be/ FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B1f33fe5b-fb2a-467e-892d-d050ce43348b%7D&mid=a8457af9d2da5ebf55dd7c71ac316922-4bda6dd43da2bdd49fc8b94c5fb3226d5539cf44&ds=ts024&v=10.2.0.3&lang=nl&pr=sa&d=2012-04-13%2018%3A28%3A53&sap=ku&q= FF - prefs.js: network.proxy.type - 0 FF - user.js: browser.blink_allowed - true FF - user.js: network.prefetch-next - true FF - user.js: nglayout.initialpaint.delay - 50 FF - user.js: layout.spellcheckDefault - 1 FF - user.js: browser.urlbar.autoFill - false FF - user.js: browser.search.openintab - false FF - user.js: browser.tabs.closeButtons - 1 FF - user.js: browser.tabs.opentabfor.middleclick - true FF - user.js: browser.tabs.tabMinWidth - 100 FF - user.js: browser.urlbar.hideGoButton - true user_pref('extensions.dealply.partner', 'iron'); user_pref('extensions.dealply.channel', 'iron3'); user_pref('extensions.dealply.installId', 'v23600285398777482253472012042209331214'); user_pref('extensions.dealply.installIdSource', 'inst'); user_pref('extensions.dealply.sampleGroup', '4'); . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-05-20 18:45 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** "ImagePath"="\"c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe\"\00\00\00\00\02\00\00\00ð [%\00«Ô‘|\00\00\00\00 \185\03\00\00\00\00\00¢6\03\00\00/\03pè\13\00pè\13\00À\01" . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1644227680-366422122-658230906-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\software\Microsoft\Environment*] "v5Licence0"="15-D3B3-T282-7E18-N3DU-U8TZ-SANPJD1" "Activated"="Y" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(1320) c:\apps\Softex\OmniPass\opxpgina.dll . Voltooingstijd: 2012-05-20 18:47:37 ComboFix-quarantined-files.txt 2012-05-20 16:47 ComboFix2.txt 2012-05-20 10:51 . Pre-Run: 6.880.972.800 bytes beschikbaar Post-Run: 6.851.579.904 bytes beschikbaar . - - End Of File - - 23A731CCC7428040F9CE85E48450D830