ComboFix 09-06-22.08 - User 23/06/2009 12:29.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.32.1043.18.2046.1135 [GMT 2:00]
Gestart vanuit: c:\users\User\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
 * Nieuw herstelpunt werd aangemaakt
.

((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~2\Microsoft\Network\Downloader\qmgr0.dat
c:\progra~2\Microsoft\Network\Downloader\qmgr1.dat
c:\users\User\AppData\Roaming\.#
c:\users\User\AppData\Roaming\.#\MBX@49C@362908.###
c:\users\User\AppData\Roaming\.#\MBX@49C@362938.###
c:\users\User\AppData\Roaming\.#\MBX@49C@362968.###
c:\users\User\AppData\Roaming\.#\MBX@F80@16D2908.###
c:\users\User\AppData\Roaming\.#\MBX@F80@16D2938.###
c:\users\User\AppData\Roaming\.#\MBX@F80@16D2968.###
c:\users\User\AppData\Roaming\.#\MBX@F98@1D42908.###
c:\users\User\AppData\Roaming\.#\MBX@F98@1D42938.###
c:\users\User\AppData\Roaming\.#\MBX@F98@1D42968.###
c:\windows\system32\drivers\SKYNETstrifmyv.sys
c:\windows\system32\SKYNETmvpplxni.dat
c:\windows\system32\SKYNETpweiiqvu.dat
c:\windows\system32\SKYNETrbvsxikp.dll
c:\windows\system32\SKYNETxhcurtfe.dll

----- BITS: Mogelijk geļnfecteerde sites -----

hxxp://pdl.warnerbros.com
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETdpetjrgt
-------\Service_SKYNETdpetjrgt


((((((((((((((((((((   Bestanden Gemaakt van 2009-05-23 to 2009-06-23  ))))))))))))))))))))))))))))))
.

2009-06-23 10:34 . 2009-06-23 10:36	--------	d-----w-	c:\users\User\AppData\Local\temp
2009-06-23 09:54 . 2009-06-23 09:54	--------	d-----w-	c:\progra~2\WindowsSearch
2009-06-23 09:41 . 2009-06-23 09:41	--------	d-----w-	c:\users\User\AppData\Local\Symantec
2009-06-22 17:14 . 2009-06-22 17:14	--------	d-----w-	c:\users\User\AppData\Roaming\Malwarebytes
2009-06-22 17:14 . 2009-06-17 09:27	38160	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-22 17:14 . 2009-06-22 17:14	--------	d-----w-	c:\progra~2\Malwarebytes
2009-06-22 17:14 . 2009-06-17 09:27	19096	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-06-22 10:58 . 2009-06-22 10:58	93	----a-w-	c:\windows\system32\SKYNET.dat
2009-06-19 19:17 . 2009-06-19 19:26	--------	d-----w-	c:\program files\Ultra PSP Movie Converter
2009-06-19 19:16 . 2007-04-12 12:19	129024	----a-w-	c:\windows\system32\AVERM.dll
2009-06-19 19:16 . 2006-09-26 11:57	28672	----a-w-	c:\windows\system32\AVEQT.dll
2009-06-17 14:14 . 2009-06-17 14:14	--------	d-----w-	c:\users\User\AppData\Roaming\4Media Software Studio
2009-06-16 16:08 . 1998-07-30 11:51	305152	----a-w-	c:\windows\IsUninst.exe
2009-06-15 20:28 . 2009-06-15 20:28	--------	d--h--w-	c:\windows\PIF
2009-06-14 09:30 . 2009-04-30 12:37	428544	----a-w-	c:\windows\system32\EncDec.dll
2009-06-14 09:30 . 2009-04-30 12:37	293376	----a-w-	c:\windows\system32\psisdecd.dll
2009-06-03 08:06 . 2009-06-03 08:06	1060864	----a-w-	c:\windows\system32\MFC71.dll
2009-05-29 09:56 . 2006-06-20 08:56	225280	----a-w-	c:\windows\system32\rewire.dll
2009-05-29 09:56 . 2009-05-29 09:56	--------	d-----w-	c:\program files\Image-Line
2009-05-29 09:55 . 2009-05-29 09:55	--------	d-----w-	c:\program files\Outsim

.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-23 10:35 . 2008-01-21 06:47	651958	----a-w-	c:\windows\system32\perfh013.dat
2009-06-23 10:35 . 2008-01-21 06:47	121762	----a-w-	c:\windows\system32\perfc013.dat
2009-06-23 09:37 . 2008-10-14 16:22	1356	----a-w-	c:\users\User\AppData\Local\d3d9caps.dat
2009-06-22 21:13 . 2008-10-18 13:03	--------	d-----w-	c:\users\User\AppData\Roaming\uTorrent
2009-06-22 15:43 . 2008-12-19 10:56	--------	d-----w-	c:\program files\PokerStars.NET
2009-06-21 16:00 . 2009-02-16 12:58	--------	d-----w-	c:\program files\Norton Security Scan
2009-06-17 07:18 . 2008-10-14 16:22	101912	----a-w-	c:\users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-17 07:18 . 2008-10-15 01:07	--------	d-----w-	c:\progra~2\NVIDIA
2009-06-17 07:02 . 2008-10-15 08:22	--------	d-----w-	c:\progra~2\Microsoft Help
2009-06-17 07:02 . 2008-10-15 10:18	--------	d-----w-	c:\program files\Microsoft Works
2009-06-14 15:01 . 2009-03-17 15:08	355584	----a-w-	c:\windows\system32\TuneUpDefragService.exe
2009-06-02 19:41 . 2009-04-03 17:21	--------	d-----w-	c:\users\User\AppData\Roaming\Dreamlords
2009-05-26 20:32 . 2008-11-24 22:23	--------	d-----w-	c:\program files\Cheat Engine
2009-05-21 09:53 . 2009-03-10 17:03	--------	d-----w-	c:\program files\Acoustica Shared Effects
2009-05-15 06:33 . 2009-03-24 12:49	--------	d-----w-	c:\users\User\AppData\Roaming\PlayFirst
2009-05-15 06:33 . 2009-03-24 12:49	--------	d-----w-	c:\progra~2\PlayFirst
2009-05-15 06:32 . 2009-03-24 12:35	--------	d-----w-	c:\program files\Shockwave.com
2009-05-14 16:26 . 2009-05-14 16:26	2161452	----a-w-	c:\users\User\AppData\Roaming\Dreamlords\DreamlordsPatch_1.5.3.10478_to_1.5.4.10509.exe
2009-05-13 20:52 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2009-05-10 14:11 . 2009-05-10 14:11	--------	d-----w-	c:\program files\ReflexiveArcade
2009-05-05 17:02 . 2009-05-04 18:51	--------	d-----w-	c:\users\User\AppData\Roaming\GetRightToGo
2009-05-04 19:00 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Microsoft Games
2009-05-02 16:08 . 2009-05-02 16:08	--------	d-----w-	c:\progra~2\cerasus.media
2009-05-02 16:08 . 2009-05-02 16:08	--------	d-----w-	c:\users\User\AppData\Roaming\cerasus.media
2009-05-02 10:05 . 2009-05-02 10:04	11080863	----a-w-	c:\users\User\AppData\Roaming\Dreamlords\DreamlordsPatch_1.5.2.10433_to_1.5.3.10478.exe
2009-04-30 15:52 . 2008-11-16 20:58	--------	d-----w-	c:\program files\Common Files\Adobe
2009-04-29 17:53 . 2009-04-29 17:53	--------	d-----w-	c:\program files\MSXML 4.0
2009-04-29 16:39 . 2009-04-29 16:37	18773170	----a-w-	c:\users\User\AppData\Roaming\Dreamlords\DreamlordsPatch_1.5.1.10390_to_1.5.2.10433.exe
2009-04-24 16:05 . 2009-06-11 14:12	827904	----a-w-	c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-11 14:12	78336	----a-w-	c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-06-11 14:12	26624	----a-w-	c:\windows\system32\ieUnatt.exe
2009-04-23 12:43 . 2009-06-11 14:12	784896	----a-w-	c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-11 14:12	636928	----a-w-	c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-11 14:12	2033152	----a-w-	c:\windows\system32\win32k.sys
2009-04-20 17:40 . 2009-04-20 17:40	2168183	----a-w-	c:\users\User\AppData\Roaming\Dreamlords\DreamlordsPatch_1.5.0.10372_to_1.5.1.10390.exe
2009-04-03 17:18 . 2009-04-03 17:18	413696	----a-w-	c:\windows\system32\wrap_oal.dll
2009-04-03 17:18 . 2009-04-03 17:18	110592	----a-w-	c:\windows\system32\OpenAL32.dll
2009-03-31 20:47 . 2008-10-18 12:40	324976	----a-w-	c:\program files\mozilla firefox\components\coFFPlgn.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"Diamondback"="d:\gebruikers\Razer\razerhid.exe" [2007-08-01 147456]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-05-07 6139904]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-11-20 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="d:\gebruikers\User\Documenten\quicktime7\qttask.exe" -atboottime
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7CBC947F-0959-4581-BA62-0DFF93CEB12D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E9F1217E-5925-40FE-BFC0-3381EDB42FFE}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A136442B-4E39-47CB-9FC6-3CC271CE74DC}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{B1514516-74A2-47B4-86CB-E960F05F6DCB}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{3A7E0A9A-A4D2-49C7-944A-EB3C6B6BFDDD}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{805DACD0-5DF1-429B-814E-47431DF6252A}d:\\soulseek\\soulseekns\\slsk.exe"= UDP:d:\soulseek\soulseekns\slsk.exe:SoulSeek
"UDP Query User{F12F5140-17AD-4984-A6F1-210830D98714}d:\\soulseek\\soulseekns\\slsk.exe"= TCP:d:\soulseek\soulseekns\slsk.exe:SoulSeek
"TCP Query User{F06C3A7F-53B0-4CAF-895D-725D370E94C0}d:\\gebruikers\\dreamlords\\dreamlords.exe"= UDP:d:\gebruikers\dreamlords\dreamlords.exe:Dreamlords Game Client
"UDP Query User{80DF0B29-E742-4D43-BBC0-16AED8DF9846}d:\\gebruikers\\dreamlords\\dreamlords.exe"= TCP:d:\gebruikers\dreamlords\dreamlords.exe:Dreamlords Game Client
"TCP Query User{03C1B37F-9890-47E4-A1DD-4423536696B3}d:\\gebruikers\\aoe\\empiresx.exe"= UDP:d:\gebruikers\aoe\empiresx.exe:Age of Empires, the Rise of Rome
"UDP Query User{466DD67A-2B83-4E91-BDA6-6CC1806C4CEF}d:\\gebruikers\\aoe\\empiresx.exe"= TCP:d:\gebruikers\aoe\empiresx.exe:Age of Empires, the Rise of Rome
"TCP Query User{E95E8CC7-BA83-4B9E-A111-E37AC41EDBFF}d:\\gebruikers\\aoe2\\empires2.exe"= UDP:d:\gebruikers\aoe2\empires2.exe:Age of Empires II
"UDP Query User{162504FB-EC1A-4843-9E46-61BC2104C19C}d:\\gebruikers\\aoe2\\empires2.exe"= TCP:d:\gebruikers\aoe2\empires2.exe:Age of Empires II
"TCP Query User{0C2C6047-F9B0-4DF4-BEB5-728CF0B23D41}d:\\gebruikers\\aoe2\\age2_x1\\age2_x1.exe"= UDP:d:\gebruikers\aoe2\age2_x1\age2_x1.exe:Age of Empires II Expansion
"UDP Query User{D4D7713A-B6E4-4535-A992-833CC843511F}d:\\gebruikers\\aoe2\\age2_x1\\age2_x1.exe"= TCP:d:\gebruikers\aoe2\age2_x1\age2_x1.exe:Age of Empires II Expansion

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090618.001\IDSvix86.sys [19/06/2009 22:22 272432]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [18/02/2008 13:37 149352]
R2 TeamViewer4;TeamViewer 4;d:\teamviewerv4.0\TeamViewer_Service.exe [23/12/2008 14:44 185640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [26/02/2009 15:27 101936]
R3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\System32\drivers\DB3G.sys [3/04/2009 18:27 13225]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [19/02/2009 12:31 41008]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\System32\drivers\atl01v32.sys [14/10/2008 18:41 48128]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [12/01/2008 20:32 23888]

--- Andere Services/Drivers In Geheugen ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\k9laja0z.default\
FF - prefs.js: browser.startup.homepage - www.google.be
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
FF - plugin: d:\gebruikers\User\Documenten\quicktime7\Plugins\npqtplugin.dll
FF - plugin: d:\gebruikers\User\Documenten\quicktime7\Plugins\npqtplugin2.dll
FF - plugin: d:\gebruikers\User\Documenten\quicktime7\Plugins\npqtplugin3.dll
FF - plugin: d:\gebruikers\User\Documenten\quicktime7\Plugins\npqtplugin4.dll
FF - plugin: d:\gebruikers\User\Documenten\quicktime7\Plugins\npqtplugin5.dll
FF - plugin: d:\gebruikers\User\Documenten\quicktime7\Plugins\npqtplugin6.dll
FF - plugin: d:\gebruikers\User\Documenten\quicktime7\Plugins\npqtplugin7.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: content.max.tokenizing.time - 1500000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 100
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-23 12:37
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ... 

scannen van verborgen autostart items ... 

scannen van verborgen bestanden ... 

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-1702675901-850211238-1575609460-1000\Software\SecuROM\License information*]
"datasecu"=hex:b8,80,6a,e0,53,3f,4c,e0,e9,aa,22,fb,15,c5,81,e2,7e,1d,37,76,e2,
   70,fd,56,8a,d1,4b,36,d0,b9,f3,26,82,34,37,39,ee,d5,32,ff,17,90,a1,ea,55,1e,\
"rkeysecu"=hex:58,26,59,db,35,f6,f6,1d,66,c3,b0,c8,17,d6,3f,07
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(3956)
c:\windows\System32\NLSData0013.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
d:\gebruikers\Razer\razertra.exe
d:\gebruikers\Razer\razerofa.exe
.
**************************************************************************
.
Voltooingstijd: 2009-06-23 12:39 - machine werd herstart
ComboFix-quarantined-files.txt  2009-06-23 10:39

Pre-Run: 26.447.228.928 bytes beschikbaar
Post-Run: 26.239.967.232 bytes beschikbaar

224	--- E O F ---	2009-06-17 07:03