ComboFix 09-07-27.04 - Eigenaar 30/07/2009 10:27.2.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.2942.1642 [GMT 2:00] Gestart vanuit: c:\users\Eigenaar\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Eigenaar\Desktop\cfscript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604} SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt FILE :: "c:\program files\2.BNK" "c:\program files\2.RPT" "c:\program files\AIRCRAFT.DAT" "c:\program files\AIRPICS.SHP" "c:\program files\CALENDR.PAL" "c:\program files\CAPTCAB.PAL" "c:\program files\CHART.SHP" "c:\program files\CLOSERES.RAW" "c:\program files\Common Files\2DEEP.RAW" "c:\program files\Common Files\3DAIR.CAT" "c:\program files\CONN.PAL" "c:\program files\CONN.PCX" "c:\program files\CONN.SHP" "c:\program files\GAUGES.PAL" "c:\program files\GAUGES.PCX" "c:\program files\GAUGES.SHP" "c:\program files\GLOBAL.SHP" "c:\program files\HOMEPORT.DAT" "c:\program files\JETTDEBR.RAW" "c:\program files\MANAA.RAW" "c:\program files\MENU_H.FNT" "c:\program files\MENUPIC3.SHP" "c:\program files\MISSCOMP.RAW" "c:\program files\NODGUN.RAW" "c:\program files\PATCH.BAT" "c:\program files\PILOTRES.RAW" "c:\program files\PZ.DAT" "c:\program files\RADAR.PAL" "c:\program files\RADAR.PCX" "c:\program files\RADAR.SHP" "c:\program files\RADIO.RAW" "c:\program files\RAFT.SHP" "c:\program files\README3.TXT" "c:\program files\RIGRED.RAW" "c:\program files\RMSG.DAT" "c:\program files\SBCHART.SHP" "c:\program files\SBDIGITS.FNT" "c:\program files\SBINTRO.SHP" "c:\program files\SCOPE.PAL" "c:\program files\SCOPEID.PCX" "c:\program files\SCOPTDC1.SHP" "c:\program files\SCOPTDC2.SHP" "c:\program files\SECRED.RAW" "c:\program files\SECUREAA.RAW" "c:\program files\SH.EXE" "c:\program files\SHIPICON.SHP" "c:\program files\SHIPS.DAT" "c:\program files\SMOKE.SHP" "c:\program files\SUBSPOT.RAW" "c:\program files\TDC.PAL" "c:\program files\TORPSPOT.RAW" "c:\program files\WOOD.PCX" "c:\program files\WORLD-5.WLD" "c:\windows\System32\8BC93EE5DF.sys" . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\2.BNK c:\program files\2.RPT c:\program files\AIRCRAFT.DAT c:\program files\AIRPICS.SHP c:\program files\CALENDR.PAL c:\program files\CAPTCAB.PAL c:\program files\CHART.SHP c:\program files\CLOSERES.RAW c:\program files\Common Files\2DEEP.RAW c:\program files\Common Files\3DAIR.CAT c:\program files\CONN.PAL c:\program files\CONN.PCX c:\program files\CONN.SHP c:\program files\GAUGES.PAL c:\program files\GAUGES.PCX c:\program files\GAUGES.SHP c:\program files\GLOBAL.SHP c:\program files\HOMEPORT.DAT c:\program files\JETTDEBR.RAW c:\program files\MANAA.RAW c:\program files\MENU_H.FNT c:\program files\MENUPIC3.SHP c:\program files\MISSCOMP.RAW c:\program files\NODGUN.RAW c:\program files\PATCH.BAT c:\program files\PILOTRES.RAW c:\program files\PZ.DAT c:\program files\RADAR.PAL c:\program files\RADAR.PCX c:\program files\RADAR.SHP c:\program files\RADIO.RAW c:\program files\RAFT.SHP c:\program files\README3.TXT c:\program files\RIGRED.RAW c:\program files\RMSG.DAT c:\program files\SBCHART.SHP c:\program files\SBDIGITS.FNT c:\program files\SBINTRO.SHP c:\program files\SCOPE.PAL c:\program files\SCOPEID.PCX c:\program files\SCOPTDC1.SHP c:\program files\SCOPTDC2.SHP c:\program files\SECRED.RAW c:\program files\SECUREAA.RAW c:\program files\SH.EXE c:\program files\SHIPICON.SHP c:\program files\SHIPS.DAT c:\program files\SMOKE.SHP c:\program files\SUBSPOT.RAW c:\program files\TDC.PAL c:\program files\TORPSPOT.RAW c:\program files\WOOD.PCX c:\program files\WORLD-5.WLD c:\windows\System32\8BC93EE5DF.sys . (((((((((((((((((((( Bestanden Gemaakt van 2009-06-28 to 2009-07-30 )))))))))))))))))))))))))))))) . 2009-07-26 14:54 . 2009-07-26 14:57 -------- d-----w- c:\windows\system32\ca-ES 2009-07-26 14:54 . 2009-07-26 14:57 -------- d-----w- c:\windows\system32\eu-ES 2009-07-26 14:54 . 2009-07-26 14:57 -------- d-----w- c:\windows\system32\vi-VN 2009-07-26 12:54 . 2009-07-26 12:54 -------- d-----w- c:\windows\system32\EventProviders 2009-07-26 06:21 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll 2009-07-26 06:19 . 2009-04-11 06:28 56320 ----a-w- c:\windows\system32\xmlfilter.dll 2009-07-26 06:18 . 2009-04-11 06:28 42496 ----a-w- c:\windows\system32\slcinst.dll 2009-07-26 06:17 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll 2009-07-23 11:18 . 2009-07-23 11:18 -------- d-----w- c:\program files\Lavalys 2009-07-23 11:09 . 2009-07-23 11:09 -------- d-----w- c:\program files\Trend Micro 2009-07-21 15:39 . 2009-07-21 15:39 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-07-21 15:38 . 2009-07-21 15:38 38208 ----a-w- c:\users\Eigenaar\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-07-15 07:39 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll 2009-07-15 07:39 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll 2009-07-15 07:39 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll 2009-07-15 07:39 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll 2009-07-15 07:39 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll 2009-07-15 07:39 . 2009-04-11 06:28 34304 ----a-w- c:\windows\system32\atmlib.dll 2009-07-15 07:04 . 2009-07-15 11:17 1 ----a-w- c:\users\Eigenaar\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-07-15 07:03 . 2009-07-15 07:03 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\OpenOffice.org 2009-07-14 13:14 . 2009-07-14 13:14 -------- d-----w- c:\program files\JRE 2009-07-14 12:59 . 2009-07-14 13:14 -------- d-----w- c:\program files\OpenOffice.org 3 2009-07-12 15:49 . 2009-07-12 15:49 -------- d-----w- c:\windows\ASUSInstAll 2009-07-07 14:48 . 2009-06-14 14:08 1004800 ----a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll 2009-07-05 13:13 . 2009-07-05 13:13 1391027 ----a-w- c:\users\Eigenaar\schalen.exe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-30 08:27 . 2006-11-02 16:11 670070 ----a-w- c:\windows\system32\perfh013.dat 2009-07-30 08:27 . 2006-11-02 16:11 40196 ----a-w- c:\windows\system32\perfc013.dat 2009-07-30 08:20 . 2008-01-24 11:41 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\WTablet 2009-07-29 09:24 . 2007-12-19 14:28 -------- d-----w- c:\programdata\Google Updater 2009-07-29 07:26 . 2008-12-25 16:43 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-07-29 07:26 . 2008-12-25 16:43 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-07-29 07:26 . 2008-12-25 16:43 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-07-26 16:42 . 2008-05-21 13:35 8854 ----a-r- c:\users\Eigenaar\AppData\Roaming\Microsoft\Installer\{373C3DAE-62C8-4F63-887C-769A8986ED50}\Uninstall_GameShadow_373C3DAE62C84F63887C769A8986ED50.exe 2009-07-26 16:42 . 2008-05-21 13:35 45056 ----a-r- c:\users\Eigenaar\AppData\Roaming\Microsoft\Installer\{373C3DAE-62C8-4F63-887C-769A8986ED50}\GameShadow.exe1_0A3DE514292C4EBA987823B82B0B2BA2.exe 2009-07-26 16:42 . 2008-05-21 13:35 45056 ----a-r- c:\users\Eigenaar\AppData\Roaming\Microsoft\Installer\{373C3DAE-62C8-4F63-887C-769A8986ED50}\GameShadow.exe_0A3DE514292C4EBA987823B82B0B2BA2.exe 2009-07-26 16:42 . 2008-05-21 13:35 45056 ----a-r- c:\users\Eigenaar\AppData\Roaming\Microsoft\Installer\{373C3DAE-62C8-4F63-887C-769A8986ED50}\ARPPRODUCTICON.exe 2009-07-26 14:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar 2009-07-26 14:58 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar 2009-07-26 14:58 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-07-26 14:58 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration 2009-07-26 14:58 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal 2009-07-26 14:58 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery 2009-07-26 14:58 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender 2009-07-26 14:53 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-07-26 13:51 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont 2009-07-24 14:48 . 2007-06-14 07:08 319456 ----a-w- c:\windows\DIFxAPI.dll 2009-07-24 14:48 . 2007-06-14 07:08 -------- d-----w- c:\program files\Realtek 2009-07-24 14:11 . 2007-06-14 07:08 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-24 14:02 . 2007-08-05 21:36 -------- d-----w- c:\program files\Ubisoft 2009-07-24 09:34 . 2009-06-14 19:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-24 08:17 . 2009-06-27 09:18 3775176 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-07-22 08:35 . 2008-09-13 16:20 -------- d-----w- c:\program files\Microsoft Silverlight 2009-07-21 21:52 . 2009-07-29 11:17 915456 ----a-w- c:\windows\system32\wininet.dll 2009-07-21 21:47 . 2009-07-29 11:17 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-07-21 21:47 . 2009-07-29 11:17 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-07-21 20:13 . 2009-07-29 11:17 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-07-15 06:35 . 2007-06-14 06:48 84280 ----a-w- c:\users\Eigenaar\AppData\Local\GDIPFONTCACHEV1.DAT 2009-07-14 12:59 . 2008-09-02 15:36 -------- d-----w- c:\program files\OpenOffice.org 2.4 2009-07-14 12:54 . 2008-09-03 07:18 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\OpenOffice.org2 2009-07-14 12:48 . 2008-09-03 07:27 1 ----a-w- c:\users\Eigenaar\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys 2009-07-13 11:36 . 2009-06-14 19:38 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-13 11:36 . 2009-06-14 19:38 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-12 15:17 . 2007-06-23 12:19 -------- d-----w- c:\program files\QuickTime 2009-07-12 15:14 . 2007-06-23 12:15 -------- d-----w- c:\program files\SSI 2009-07-07 14:48 . 2009-06-07 12:46 -------- d-----w- c:\programdata\AVG Security Toolbar 2009-07-02 15:35 . 2007-06-14 09:30 -------- d-----w- c:\programdata\Microsoft Help 2009-06-14 19:38 . 2009-06-14 19:38 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\Malwarebytes 2009-06-14 19:38 . 2009-06-14 19:38 -------- d-----w- c:\programdata\Malwarebytes 2009-05-31 13:09 . 2009-05-31 13:09 1878984 ----a-w- c:\users\Eigenaar\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe 2009-05-14 16:21 . 2007-06-14 06:47 1356 ----a-w- c:\users\Eigenaar\AppData\Local\d3d9caps.dat 2005-01-05 14:26 . 2005-01-05 14:26 1060864 ----a-w- c:\program files\MFC71.dll1 2005-01-05 14:26 . 2005-01-05 14:26 1060864 ----a-w- c:\program files\MFC71.dll 1996-09-04 13:58 . 2007-08-07 08:50 0 ----a-w- c:\program files\TBTTDC2.SHP 1996-08-31 13:55 . 2007-08-07 08:50 0 ----a-w- c:\program files\TDC.PCX 1996-08-30 09:35 . 2007-08-07 08:50 0 ----a-w- c:\program files\Common Files\3DSHIPS.CAT 1996-08-09 15:40 . 2007-08-07 08:50 0 ----a-w- c:\program files\ID_3.FNT 1996-08-07 09:04 . 2007-08-07 08:50 0 ----a-w- c:\program files\TBTID.SHP 1996-08-06 19:12 . 2007-08-07 08:50 0 ----a-w- c:\program files\ID-2.PCX 1996-07-26 17:39 . 2007-08-07 08:50 0 ----a-w- c:\program files\CAPCAB.PCX 1996-07-21 21:37 . 2007-08-07 08:50 0 ----a-w- c:\program files\RADIO-1.PCX 1996-07-21 20:41 . 2007-08-07 08:50 0 ----a-w- c:\program files\RADIO-2.PCX 2008-10-05 07:49 . 2007-07-11 08:26 2516 --sha-w- c:\windows\System32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( SnapShot@2009-07-29_17.00.26 ))))))))))))))))))))))))))))))))))))))))) . + 2007-06-22 20:31 . 2009-07-30 08:21 85594 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin - 2006-11-02 13:05 . 2009-07-29 15:37 83806 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2006-11-02 13:05 . 2009-07-30 08:22 83806 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2007-06-14 07:03 . 2009-07-30 08:22 11198 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-224416198-1195233107-3881267180-1000_UserData.bin - 2006-11-02 13:02 . 2009-07-29 16:44 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2006-11-02 13:02 . 2009-07-30 08:23 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2006-11-02 13:02 . 2009-07-29 16:44 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2006-11-02 13:02 . 2009-07-30 08:23 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2006-11-02 13:02 . 2009-07-30 08:23 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2006-11-02 13:02 . 2009-07-29 16:44 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2007-06-14 12:02 . 2009-07-30 07:45 7250 c:\windows\System32\WDI\ERCQueuedResolutions.dat - 2009-07-29 15:35 . 2009-07-29 15:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2009-07-30 08:19 . 2009-07-30 08:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2009-07-29 15:35 . 2009-07-29 15:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-07-30 08:19 . 2009-07-30 08:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2006-11-02 10:33 . 2009-07-30 08:27 589884 c:\windows\System32\perfh009.dat - 2006-11-02 10:33 . 2009-07-29 15:53 589884 c:\windows\System32\perfh009.dat + 2006-11-02 10:33 . 2009-07-30 08:27 101896 c:\windows\System32\perfc009.dat - 2006-11-02 10:33 . 2009-07-29 15:53 101896 c:\windows\System32\perfc009.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-07-24 07:56 1062144 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-19 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832] "eBayToolbar"="c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2009-01-21 632048] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-06 29744] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-29 2000152] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-09 4390912] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-6-13 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GO333C~1\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):06,69,99,a3,02,0e,ca,01 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{82FE20DE-385F-46DD-9B45-74989CD1E1BD}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{784B3320-100B-4964-9E5A-04D350E9FBFA}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{DF7784CB-9122-4815-9FDC-BF62CD306130}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{0D999842-F67E-4DA3-8028-87393EC5BB30}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{590005BD-D57E-4CD8-A4E3-E054BAE5CFB0}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "TCP Query User{A2E94754-08A4-4435-AE1D-D386DB6F9C9C}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{BE4F774D-0468-4944-AC65-1FC4A9F27282}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{B0BD5451-EF1E-4F7A-A679-B5E46FE1D84B}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{F5341A94-7A7F-4ED7-BD64-41FE1B15A183}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox "{8EFC620D-3BBE-45B1-9B88-DE84B9B42186}"= UDP:c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe:Spy Sweeper "{8D126528-029C-4568-86D5-CF6DD571F218}"= TCP:c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe:Spy Sweeper "{8B749FBD-AF06-49C7-9010-A74BB817A3F9}"= UDP:c:\windows\System32\wercon.exe:Probleemrapporten en oplossingen "{C849E98C-FEF8-4483-98E4-3F791668827D}"= TCP:c:\windows\System32\wercon.exe:Probleemrapporten en oplossingen "{6E323290-90DD-473E-A853-40A3B1603AF5}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{5B3E38D1-8CE6-4DCB-914D-A1AAF71F53F5}c:\\windows\\system32\\ftp.exe"= UDP:c:\windows\system32\ftp.exe:FTP-bestandsoverdrachtprogramma "UDP Query User{07387096-7A5B-49FB-8987-3A0C9648E967}c:\\windows\\system32\\ftp.exe"= TCP:c:\windows\system32\ftp.exe:FTP-bestandsoverdrachtprogramma "TCP Query User{AF96F142-489E-4DE2-8920-A660847E6C08}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{803DC786-1139-4EBB-901A-F6B8F52CBB53}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{9AD351DA-557E-494F-92BE-5ED7367C27D9}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{F2BD1DFD-B541-4079-80C3-176CE831F2E6}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer "UDP Query User{01CEADC7-1314-4171-928E-542B3FABCE29}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer "{8D5E3AA2-2969-4A0C-B1A8-E9CA7EC2D6B4}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "{0AA63103-6183-4EB9-A709-191676E3E44A}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe "TCP Query User{57169AB2-18A6-42FB-8D84-899B3FB3C9E6}c:\\users\\eigenaar\\appdata\\local\\google\\chrome\\application\\chrome.exe"= UDP:c:\users\eigenaar\appdata\local\google\chrome\application\chrome.exe:chrome.exe "UDP Query User{0358E9A9-982F-438B-92D8-31D6F71DDEC7}c:\\users\\eigenaar\\appdata\\local\\google\\chrome\\application\\chrome.exe"= TCP:c:\users\eigenaar\appdata\local\google\chrome\application\chrome.exe:chrome.exe "TCP Query User{569B956A-08AF-4F35-AF6B-86380921D71D}c:\\program files\\real\\realplayer\\recordingmanager.exe"= UDP:c:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager "UDP Query User{088D7B5E-B2AD-454D-B3B1-71A95A842599}c:\\program files\\real\\realplayer\\recordingmanager.exe"= TCP:c:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [25/12/2008 18:43 335240] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [3/01/2009 16:01 108552] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [25/12/2008 18:42 297752] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\System32\drivers\LMIRfsDriver.sys [18/02/2008 18:52 46112] S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [6/07/2008 13:37 29744] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static] msiexec /fums {3A4E5ABE-E56F-CF60-9F13-8AB5B29C8960} /qb . Inhoud van de 'Gedeelde Taken' map 2009-07-30 c:\windows\Tasks\Controleren op updates voor Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20] 2009-07-29 c:\windows\Tasks\Defraggler Volume C Task.job - c:\program files\Defraggler\df.exe [2009-01-09 14:21] 2009-07-30 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-07 09:07] 2009-06-04 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] 2009-07-30 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] 2009-07-29 c:\windows\Tasks\User_Feed_Synchronization-{92BCF97C-768A-4838-9078-40D7357858F5}.job - c:\windows\system32\msfeedssync.exe [2009-07-29 20:13] . . ------- Bijkomende Scan ------- . mStart Page = hxxp://www.msn.com mWindow Title = Telenet Internet uSearchURL,(Default) = hxxp://g.msn.be/0SENLBE/SAOS01?FORM=TOOLBR IE: Zoeken op eBay - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} - hxxp://install.anark.com/client/version4/windows-ie/en/AMClient.cab . ************************************************************************** driver loading error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-30 10:32 Windows 6.0.6002 Service Pack 2 NTFS scannen van verborgen processen ... c:\windows\System32\Ati2evxx.exe [118248] 0x89AE7848 ? [45852] c:\windows\System32\Ati2evxx.exe [31244] 0x84F7B340 c:\windows\System32\Ati2evxx.exe [52824] 0x860B9848 scannen van verborgen autostart items ... scannen van verborgen bestanden ... c:\users\Eigenaar\AppData\Local\Temp\catchme.dll 53248 bytes executable c:\windows\TEMP\TMP000000320C9323279F5BE5F3 524288 bytes Scan succesvol afgerond verborgen bestanden: 2 ************************************************************************** . Voltooingstijd: 2009-07-30 10:34 ComboFix-quarantined-files.txt 2009-07-30 08:34 ComboFix2.txt 2009-07-29 17:07 Pre-Run: 205.678.526.464 bytes beschikbaar Post-Run: 205.651.312.640 bytes beschikbaar 373 --- E O F --- 2009-07-29 11:31