ComboFix 09-08-06.01 - glenn willems 07/08/2009 18:48.2.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.32.1043.18.502.179 [GMT 2:00] Gestart vanuit: c:\documents and settings\glenn willems\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\glenn willems\Bureaublad\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} FILE :: "c:\windows\system32\182E119D80.sys" . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\iWin Games\DesktopAlerts c:\documents and settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe c:\documents and settings\All Users\Application Data\iWin Games\DesktopAlerts\res\btn_all.png c:\documents and settings\All Users\Application Data\iWin Games\DesktopAlerts\res\btn_dl.png c:\documents and settings\All Users\Application Data\iWin Games\DesktopAlerts\res\btn_next.png c:\documents and settings\All Users\Application Data\iWin Games\DesktopAlerts\res\btn_prev.png c:\documents and settings\All Users\Application Data\iWin Games\DesktopAlerts\WebUpdater.exe c:\documents and settings\All Users\Menu Start\HP Image Zone .lnk c:\windows\system32\_004661_.tmp.dll c:\windows\system32\_004662_.tmp.dll c:\windows\system32\_004663_.tmp.dll c:\windows\system32\_004664_.tmp.dll c:\windows\system32\_004671_.tmp.dll c:\windows\system32\_004672_.tmp.dll c:\windows\system32\_004673_.tmp.dll c:\windows\system32\_004674_.tmp.dll c:\windows\system32\_004676_.tmp.dll c:\windows\system32\_004677_.tmp.dll c:\windows\system32\_004678_.tmp.dll c:\windows\system32\_004680_.tmp.dll c:\windows\system32\_004681_.tmp.dll c:\windows\system32\_004683_.tmp.dll c:\windows\system32\_004684_.tmp.dll c:\windows\system32\_004685_.tmp.dll c:\windows\system32\_004687_.tmp.dll c:\windows\system32\_004690_.tmp.dll c:\windows\system32\_004691_.tmp.dll c:\windows\system32\_004692_.tmp.dll c:\windows\system32\_004695_.tmp.dll c:\windows\system32\_004696_.tmp.dll c:\windows\system32\_004698_.tmp.dll c:\windows\system32\_004700_.tmp.dll c:\windows\system32\_004701_.tmp.dll c:\windows\system32\_004703_.tmp.dll c:\windows\system32\_004704_.tmp.dll c:\windows\system32\_004705_.tmp.dll c:\windows\system32\_004706_.tmp.dll c:\windows\system32\_004707_.tmp.dll c:\windows\system32\_004710_.tmp.dll c:\windows\system32\_004711_.tmp.dll c:\windows\system32\_004712_.tmp.dll c:\windows\system32\_004713_.tmp.dll c:\windows\system32\_004714_.tmp.dll c:\windows\system32\_004719_.tmp.dll c:\windows\system32\182E119D80.sys D:\AUTORUN.INF . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NWCWORKSTATION -------\Service_NWCWorkstation (((((((((((((((((((( Bestanden Gemaakt van 2009-07-07 to 2009-08-07 )))))))))))))))))))))))))))))) . 2009-07-30 17:39 . 2009-07-03 17:00 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-07-30 17:39 . 2009-07-03 17:00 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-07-19 08:12 . 2009-07-10 14:39 327688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys 2009-07-19 08:10 . 2009-07-10 14:38 337176 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglogx.dll 2009-07-19 08:10 . 2009-07-10 14:38 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll 2009-07-19 08:10 . 2009-07-10 14:38 353048 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll 2009-07-19 08:10 . 2009-07-10 14:38 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll 2009-07-19 08:06 . 2009-07-10 14:38 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe 2009-07-19 08:06 . 2009-07-10 14:38 1454360 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll 2009-07-14 21:22 . 2009-07-10 14:38 2052888 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll 2009-07-14 08:04 . 2009-07-14 08:04 -------- d-sh--w- c:\documents and settings\glenn willems\PrivacIE 2009-07-11 12:55 . 2009-07-12 07:02 -------- d-----w- c:\documents and settings\glenn willems\Application Data\Pro Cycling Manager 2008 2009-07-11 12:36 . 2009-08-07 16:45 -------- d--h--r- c:\documents and settings\glenn willems\Onlangs geopend 2009-07-11 08:27 . 2009-07-11 08:27 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-07-10 18:48 . 2009-07-10 21:53 -------- d-----w- c:\windows\l2schemas 2009-07-10 18:48 . 2009-07-10 21:54 -------- d-----w- c:\windows\system32\nl 2009-07-10 18:48 . 2009-07-10 21:54 -------- d-----w- c:\windows\system32\bits 2009-07-10 18:32 . 2009-07-10 18:32 3468904 ----a-w- c:\windows\system32\drivers\appdrv01.sys 2009-07-10 18:32 . 2009-07-10 18:32 304528 ----a-w- c:\windows\system32\appdrvrem01.exe 2009-07-10 18:23 . 2006-04-10 12:00 8192 ----a-w- c:\windows\system32\dllcache\staxmem.dll 2009-07-10 18:22 . 2006-04-10 12:00 73728 ----a-w- c:\windows\system32\dllcache\oledb32r.dll 2009-07-10 18:21 . 2006-04-10 12:00 6656 ----a-w- c:\windows\system32\dllcache\msidle.dll 2009-07-10 18:20 . 2006-04-10 12:00 82944 ----a-w- c:\windows\system32\dllcache\ws2_32.dll 2009-07-10 17:49 . 2009-07-10 17:49 -------- d-sh--w- c:\documents and settings\glenn willems\IETldCache 2009-07-10 17:41 . 2009-07-10 17:41 -------- d-----w- c:\documents and settings\glenn willems\Application Data\Comodo 2009-07-10 17:41 . 2009-07-10 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\comodo 2009-07-10 17:41 . 2009-07-10 17:40 79760 ----a-w- c:\windows\system32\drivers\inspect.sys 2009-07-10 17:41 . 2009-07-10 17:40 24208 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2009-07-10 17:41 . 2009-07-10 17:40 143104 ----a-w- c:\windows\system32\guard32.dll 2009-07-10 17:41 . 2009-07-10 17:40 87056 ----a-w- c:\windows\system32\drivers\cmdguard.sys 2009-07-10 17:40 . 2009-07-10 17:40 -------- d-----w- c:\program files\COMODO 2009-07-10 17:37 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-07-10 17:36 . 2009-07-31 12:12 -------- d-----w- c:\windows\ie8updates 2009-07-10 17:35 . 2009-07-03 17:00 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-07-10 17:35 . 2009-07-03 17:00 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-07-10 17:35 . 2009-07-03 17:00 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-07-10 17:35 . 2009-07-19 16:48 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-07-10 17:31 . 2009-07-10 17:32 -------- dc-h--w- c:\windows\ie8 2009-07-10 17:31 . 2009-07-10 21:54 -------- d-----w- c:\windows\system32\nl-NL 2009-07-10 16:01 . 2009-07-10 16:32 -------- d-----w- c:\program files\Cyanide 2009-07-10 14:55 . 2009-07-10 14:55 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-07-10 14:47 . 2009-07-10 14:46 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-07-10 14:46 . 2009-08-04 14:30 -------- d--h--w- C:\$AVG8.VAULT$ 2009-07-10 14:44 . 2009-07-10 14:44 152576 ----a-w- c:\documents and settings\glenn willems\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-07-10 14:39 . 2009-07-10 14:39 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-07-10 14:39 . 2009-07-10 14:39 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-07-10 14:39 . 2009-07-19 08:08 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-07-10 14:39 . 2009-07-10 14:39 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-07-10 14:38 . 2009-08-07 16:21 -------- d-----w- c:\windows\system32\drivers\Avg 2009-07-10 14:37 . 2009-07-10 14:37 -------- d-----w- c:\program files\AVG 2009-07-10 14:37 . 2009-07-10 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-07-10 13:39 . 2009-07-10 13:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-07-10 13:31 . 2009-07-10 13:31 -------- d-----w- c:\documents and settings\glenn willems\Application Data\DAEMON Tools 2009-07-10 13:31 . 2009-07-10 13:31 -------- d-----w- c:\documents and settings\glenn willems\Application Data\DAEMON Tools Pro 2009-07-10 13:22 . 2009-07-10 13:22 -------- d-----w- c:\program files\PFPortChecker 2009-07-10 13:14 . 2009-07-10 13:14 -------- d-----w- c:\program files\uTorrent 2009-07-10 13:14 . 2009-07-18 16:24 -------- d-----w- c:\documents and settings\glenn willems\Application Data\uTorrent 2009-07-10 13:05 . 2009-07-10 13:05 -------- d-----w- c:\program files\SystemRequirementsLab 2009-07-10 13:00 . 2008-12-03 23:25 120832 ----a-w- c:\documents and settings\glenn willems\Application Data\Mozilla\Firefox\Profiles\0ley9tuy.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll 2009-07-10 12:51 . 2009-07-10 12:51 -------- d-----w- c:\program files\CCleaner 2009-07-10 12:43 . 2009-07-10 12:43 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2009-07-10 12:43 . 2009-07-10 12:43 -------- d-----w- c:\program files\DAEMON Tools Lite 2009-07-10 12:34 . 2009-07-10 12:34 717296 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-07-10 12:33 . 2009-07-10 16:00 -------- d-----w- c:\documents and settings\glenn willems\Application Data\DAEMON Tools Lite . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-07 17:06 . 2008-02-17 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\iWin Games 2009-08-04 22:43 . 2008-10-31 12:54 -------- d-----w- c:\documents and settings\glenn willems\Application Data\FrostWire 2009-07-11 12:52 . 2006-11-08 18:37 137048 ----a-w- c:\documents and settings\glenn willems\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-10 15:48 . 2006-04-10 12:00 84560 ----a-w- c:\windows\system32\perfc013.dat 2009-07-10 15:48 . 2006-04-10 12:00 473918 ----a-w- c:\windows\system32\perfh013.dat 2009-07-10 14:55 . 2008-08-09 18:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-10 14:45 . 2006-07-18 10:05 -------- d-----w- c:\program files\Java 2009-07-10 14:19 . 2006-12-29 10:23 -------- d-----w- c:\program files\Microsoft Games 2009-07-10 13:28 . 2008-05-07 11:15 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-07-10 13:16 . 2008-05-07 11:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-07-03 17:00 . 2006-04-10 12:00 915456 ----a-w- c:\windows\system32\wininet.dll 2009-07-03 11:40 . 2006-09-10 16:54 -------- d-----w- c:\program files\Zylom Games 2009-07-03 11:33 . 2006-09-10 16:54 -------- d-----w- c:\documents and settings\glenn willems\Application Data\Zylom 2009-06-27 14:43 . 2006-11-08 18:37 1928 ----a-w- c:\documents and settings\glenn willems\Application Data\wklnhst.dat 2009-06-27 14:41 . 2008-09-10 15:49 -------- d-----w- c:\program files\Common Files\PrintFit Shared 2009-06-17 09:27 . 2008-08-09 18:21 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-17 09:27 . 2008-08-09 18:21 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-16 14:55 . 2006-04-10 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:55 . 2006-04-10 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-03 19:25 . 2006-04-10 12:00 1295360 ----a-w- c:\windows\system32\quartz.dll 2009-05-22 15:44 . 2008-07-01 12:24 34 ----a-w- c:\documents and settings\glenn willems\jagex_runescape_preferences.dat 2008-03-26 12:47 . 2008-03-26 12:47 0 ----a-w- c:\program files\temp01 2007-08-02 15:47 . 2007-08-02 15:48 774144 ----a-w- c:\program files\RngInterstitial.dll 2007-08-24 19:52 . 2008-05-07 11:33 300400 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll 2006-07-18 10:35 . 2006-07-18 10:35 4704 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768] "CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480] "LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2005-03-16 204800] "Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2006-07-10 86016] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-07-14 798810] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-10 148888] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-10 1948440] "COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2009-07-10 1655552] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512] "HiYo"="c:\program files\HiYo\bin\HiYo.exe" [2009-03-19 197936] "HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2006-07-17 65536] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-07-18 180269] "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488] "SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2005-09-16 557056] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-07-06 16251904] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-04-10 15360] c:\documents and settings\glenn willems\Menu Start\Programma's\Opstarten\ Microsoft Office Snelzoeken.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-2-3 111376] Office Opstarten.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-2-3 51984] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-07-10 14:39 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\guard32.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ 'autocheck autochk *' [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk backup=c:\windows\pss\Adobe Reader Snelle start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Snelstart HP Image Zone.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Snelstart HP Image Zone.lnk backup=c:\windows\pss\Snelstart HP Image Zone.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\Program Files\\NetMeeting\\Conf.exe"= "c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"= "c:\\Program Files\\InterVideo\\MediaOne Gallery\\mediaone.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"= "c:\\Program Files\\Cyanide\\Pro Cycling Manager - Season 2008\\PCM.exe"= "c:\\Program Files\\Cyanide\\Pro Cycling Manager - Season 2008\\Autorun\\Exe\\Autorun.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [10/07/2009 20:32 3468904] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/07/2009 16:39 335752] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/07/2009 16:39 108552] R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [10/07/2009 19:41 87056] R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10/07/2009 19:41 24208] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/07/2009 16:38 298776] R2 eID CRL Service;eID CRL Service;c:\windows\system32\beidservicecrl.exe [19/02/2007 15:16 225280] R2 eID Privacy Service;eID Privacy Service;c:\windows\system32\beidservicepcsc.exe [19/02/2007 15:16 331776] S1 mailKmd;mailKmd; [x] S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?] S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [24/03/2006 19:14 33536] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Inhoud van de 'Gedeelde Taken' map 2009-08-06 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57] . - - - - ORPHANS VERWIJDERD - - - - Notify-dimsntfy - (no file) . ------- Bijkomende Scan ------- . uStart Page = hxxp://mystart.hiyo.com/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Search FF - ProfilePath - c:\documents and settings\glenn willems\Application Data\Mozilla\Firefox\Profiles\0ley9tuy.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.be FF - prefs.js: keyword.URL - hxxp://mystart.hiyo.com/?loc=ff_address&search= FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-07 19:11 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwClose scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(2116) c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe c:\windows\system32\scardsvr.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\COMODO\Firewall\cmdagent.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\HPZipm12.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe c:\windows\ehome\ehmsas.exe . ************************************************************************** . Voltooingstijd: 2009-08-07 19:22 - machine werd herstart ComboFix-quarantined-files.txt 2009-08-07 17:22 ComboFix2.txt 2009-07-10 15:58 Pre-Run: 7.887.110.144 bytes beschikbaar Post-Run: 7.917.903.872 bytes beschikbaar 330 --- E O F --- 2009-08-07 14:12