ComboFix 09-08-07.09 - glenn willems 08/08/2009 15:14.3.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.32.1043.18.502.185 [GMT 2:00] Gestart vanuit: c:\documents and settings\glenn willems\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\glenn willems\Bureaublad\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} FILE :: "c:\windows\System32\appdrvrem01.exe" . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\System32\appdrvrem01.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_mailKmd (((((((((((((((((((( Bestanden Gemaakt van 2009-07-08 to 2009-08-08 )))))))))))))))))))))))))))))) . 2009-08-08 08:00 . 2008-03-28 08:07 20992 ----a-w- c:\documents and settings\glenn willems\Application Data\Convivea\Bit_Che\languages\compare.exe 2009-08-08 08:00 . 2008-03-28 08:02 60928 ----a-w- c:\documents and settings\glenn willems\Application Data\Convivea\Bit_Che\scripts\update.exe 2009-08-08 08:00 . 2007-07-11 17:43 24557 ----a-w- c:\documents and settings\glenn willems\Application Data\Convivea\Bit_Che\scripts\special.exe 2009-08-08 08:00 . 2009-08-08 08:00 -------- d-----w- c:\documents and settings\glenn willems\Application Data\Convivea 2009-08-08 08:00 . 2009-04-10 16:40 118784 ----a-w- c:\documents and settings\glenn willems\Application Data\Convivea\Bit_Che\scripts\x.exe 2009-08-08 08:00 . 2003-08-19 03:06 80896 ----a-w- c:\documents and settings\glenn willems\Application Data\Convivea\Bit_Che\scripts\x.dll 2009-08-08 08:00 . 2009-08-08 08:01 -------- d-----w- c:\program files\Bit Che 2009-08-07 23:38 . 2009-08-07 23:38 -------- d-----w- c:\documents and settings\glenn willems\Application Data\dvdcss 2009-08-07 21:12 . 2009-08-07 21:12 -------- d-----w- c:\program files\DAEMON Tools Toolbar 2009-08-07 21:12 . 2009-08-07 21:12 -------- d-----w- c:\program files\DAEMON Tools Lite 2009-08-07 20:38 . 2009-08-07 23:39 -------- d-----w- c:\documents and settings\glenn willems\Application Data\vlc 2009-08-07 20:35 . 2009-08-07 20:35 -------- d-----w- c:\program files\VideoLAN 2009-08-07 17:48 . 2009-08-07 17:48 -------- d-----w- c:\documents and settings\glenn willems\Local Settings\Application Data\sabnzbd 2009-08-07 17:47 . 2009-08-07 17:47 -------- d-----w- c:\program files\SABnzbd 2009-08-07 17:45 . 2009-08-07 17:47 -------- d-----w- c:\program files\AltBinz 2009-08-07 17:36 . 2009-08-07 17:36 604416 ----a-w- c:\windows\system32\TUProgSt.exe 2009-08-07 17:36 . 2009-04-27 12:21 28928 ----a-w- c:\windows\system32\uxtuneup.dll 2009-08-07 17:36 . 2009-08-07 17:36 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe 2009-08-07 17:31 . 2009-08-07 17:31 -------- d-----w- c:\documents and settings\glenn willems\Application Data\TuneUp Software 2009-08-07 17:30 . 2009-08-07 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software 2009-08-07 17:30 . 2009-08-07 17:54 -------- d-----w- c:\program files\TuneUp Utilities 2009 2009-08-07 17:30 . 2009-08-07 17:30 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} 2009-07-30 17:39 . 2009-07-03 17:00 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-07-30 17:39 . 2009-07-03 17:00 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-07-19 08:12 . 2009-07-10 14:39 327688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys 2009-07-19 08:10 . 2009-07-10 14:38 337176 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglogx.dll 2009-07-19 08:10 . 2009-07-10 14:38 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll 2009-07-19 08:10 . 2009-07-10 14:38 353048 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll 2009-07-19 08:10 . 2009-07-10 14:38 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll 2009-07-19 08:06 . 2009-07-10 14:38 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe 2009-07-19 08:06 . 2009-07-10 14:38 1454360 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll 2009-07-14 21:22 . 2009-07-10 14:38 2052888 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll 2009-07-14 08:04 . 2009-07-14 08:04 -------- d-sh--w- c:\documents and settings\glenn willems\PrivacIE 2009-07-11 12:55 . 2009-07-12 07:02 -------- d-----w- c:\documents and settings\glenn willems\Application Data\Pro Cycling Manager 2008 2009-07-11 12:36 . 2009-08-08 13:03 -------- d--h--r- c:\documents and settings\glenn willems\Onlangs geopend 2009-07-11 08:27 . 2009-07-11 08:27 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-07-10 18:48 . 2009-07-10 21:53 -------- d-----w- c:\windows\l2schemas 2009-07-10 18:48 . 2009-07-10 21:54 -------- d-----w- c:\windows\system32\nl 2009-07-10 18:48 . 2009-07-10 21:54 -------- d-----w- c:\windows\system32\bits 2009-07-10 18:32 . 2009-07-10 18:32 3468904 ----a-w- c:\windows\system32\drivers\appdrv01.sys 2009-07-10 18:23 . 2006-04-10 12:00 8192 ----a-w- c:\windows\system32\dllcache\staxmem.dll 2009-07-10 18:22 . 2006-04-10 12:00 73728 ----a-w- c:\windows\system32\dllcache\oledb32r.dll 2009-07-10 18:21 . 2006-04-10 12:00 6656 ----a-w- c:\windows\system32\dllcache\msidle.dll 2009-07-10 18:20 . 2006-04-10 12:00 82944 ----a-w- c:\windows\system32\dllcache\ws2_32.dll 2009-07-10 17:49 . 2009-07-10 17:49 -------- d-sh--w- c:\documents and settings\glenn willems\IETldCache 2009-07-10 17:41 . 2009-07-10 17:41 -------- d-----w- c:\documents and settings\glenn willems\Application Data\Comodo 2009-07-10 17:41 . 2009-07-10 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\comodo 2009-07-10 17:41 . 2009-07-10 17:40 79760 ----a-w- c:\windows\system32\drivers\inspect.sys 2009-07-10 17:41 . 2009-07-10 17:40 24208 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2009-07-10 17:41 . 2009-07-10 17:40 143104 ----a-w- c:\windows\system32\guard32.dll 2009-07-10 17:41 . 2009-07-10 17:40 87056 ----a-w- c:\windows\system32\drivers\cmdguard.sys 2009-07-10 17:40 . 2009-07-10 17:40 -------- d-----w- c:\program files\COMODO 2009-07-10 17:37 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-07-10 17:36 . 2009-07-31 12:12 -------- d-----w- c:\windows\ie8updates 2009-07-10 17:35 . 2009-07-03 17:00 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-07-10 17:35 . 2009-07-03 17:00 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-07-10 17:35 . 2009-07-03 17:00 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-07-10 17:35 . 2009-07-19 16:48 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-07-10 17:31 . 2009-07-10 17:32 -------- dc-h--w- c:\windows\ie8 2009-07-10 17:31 . 2009-07-10 21:54 -------- d-----w- c:\windows\system32\nl-NL 2009-07-10 16:01 . 2009-07-10 16:32 -------- d-----w- c:\program files\Cyanide 2009-07-10 14:55 . 2009-07-10 14:55 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-07-10 14:47 . 2009-07-10 14:46 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-07-10 14:46 . 2009-08-04 14:30 -------- d--h--w- C:\$AVG8.VAULT$ 2009-07-10 14:44 . 2009-07-10 14:44 152576 ----a-w- c:\documents and settings\glenn willems\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-07-10 14:39 . 2009-07-10 14:39 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-07-10 14:39 . 2009-07-10 14:39 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-07-10 14:39 . 2009-07-19 08:08 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-07-10 14:39 . 2009-07-10 14:39 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-07-10 14:38 . 2009-08-07 16:21 -------- d-----w- c:\windows\system32\drivers\Avg 2009-07-10 14:37 . 2009-07-10 14:37 -------- d-----w- c:\program files\AVG 2009-07-10 14:37 . 2009-07-10 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-07-10 13:39 . 2009-07-10 13:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-07-10 13:31 . 2009-07-10 13:31 -------- d-----w- c:\documents and settings\glenn willems\Application Data\DAEMON Tools 2009-07-10 13:31 . 2009-07-10 13:31 -------- d-----w- c:\documents and settings\glenn willems\Application Data\DAEMON Tools Pro 2009-07-10 13:22 . 2009-07-10 13:22 -------- d-----w- c:\program files\PFPortChecker 2009-07-10 13:14 . 2009-07-10 13:14 -------- d-----w- c:\program files\uTorrent 2009-07-10 13:14 . 2009-08-07 23:36 -------- d-----w- c:\documents and settings\glenn willems\Application Data\uTorrent 2009-07-10 13:05 . 2009-07-10 13:05 -------- d-----w- c:\program files\SystemRequirementsLab 2009-07-10 13:00 . 2008-12-03 23:25 120832 ----a-w- c:\documents and settings\glenn willems\Application Data\Mozilla\Firefox\Profiles\0ley9tuy.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll 2009-07-10 12:51 . 2009-07-10 12:51 -------- d-----w- c:\program files\CCleaner 2009-07-10 12:43 . 2009-07-10 12:43 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2009-07-10 12:34 . 2009-08-07 21:02 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-07-10 12:33 . 2009-08-07 21:15 -------- d-----w- c:\documents and settings\glenn willems\Application Data\DAEMON Tools Lite . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-07 17:06 . 2008-02-17 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\iWin Games 2009-08-04 22:43 . 2008-10-31 12:54 -------- d-----w- c:\documents and settings\glenn willems\Application Data\FrostWire 2009-07-11 12:52 . 2006-11-08 18:37 137048 ----a-w- c:\documents and settings\glenn willems\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-10 15:48 . 2006-04-10 12:00 84560 ----a-w- c:\windows\system32\perfc013.dat 2009-07-10 15:48 . 2006-04-10 12:00 473918 ----a-w- c:\windows\system32\perfh013.dat 2009-07-10 14:55 . 2008-08-09 18:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-10 14:45 . 2006-07-18 10:05 -------- d-----w- c:\program files\Java 2009-07-10 14:19 . 2006-12-29 10:23 -------- d-----w- c:\program files\Microsoft Games 2009-07-10 13:28 . 2008-05-07 11:15 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-07-10 13:16 . 2008-05-07 11:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-07-03 17:00 . 2006-04-10 12:00 915456 ----a-w- c:\windows\system32\wininet.dll 2009-07-03 11:40 . 2006-09-10 16:54 -------- d-----w- c:\program files\Zylom Games 2009-07-03 11:33 . 2006-09-10 16:54 -------- d-----w- c:\documents and settings\glenn willems\Application Data\Zylom 2009-06-27 14:43 . 2006-11-08 18:37 1928 ----a-w- c:\documents and settings\glenn willems\Application Data\wklnhst.dat 2009-06-27 14:41 . 2008-09-10 15:49 -------- d-----w- c:\program files\Common Files\PrintFit Shared 2009-06-17 09:27 . 2008-08-09 18:21 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-17 09:27 . 2008-08-09 18:21 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-16 14:55 . 2006-04-10 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:55 . 2006-04-10 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-03 19:25 . 2006-04-10 12:00 1295360 ----a-w- c:\windows\system32\quartz.dll 2009-05-22 15:44 . 2008-07-01 12:24 34 ----a-w- c:\documents and settings\glenn willems\jagex_runescape_preferences.dat 2008-03-26 12:47 . 2008-03-26 12:47 0 ----a-w- c:\program files\temp01 2007-08-02 15:47 . 2007-08-02 15:48 774144 ----a-w- c:\program files\RngInterstitial.dll 2007-08-24 19:52 . 2008-05-07 11:33 300400 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll 2006-07-18 10:35 . 2006-07-18 10:35 4704 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( SnapShot@2009-08-07_17.11.32 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-08 13:40 . 2009-08-08 13:40 16384 c:\windows\Temp\Perflib_Perfdata_2ac.dat + 2008-11-12 14:44 . 2008-11-12 14:44 27904 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\uxtuneupx86.dll + 2008-11-20 14:30 . 2008-11-20 14:30 11008 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\tux64thk.exe + 2008-11-20 14:30 . 2008-11-20 14:30 15104 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\TUMessages.exe + 2008-11-20 14:30 . 2008-11-20 14:30 57600 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\TUInstallHelper.exe + 2008-11-12 14:44 . 2008-11-12 14:44 27392 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\SDShelEx86.dll + 2008-11-20 14:28 . 2008-11-20 14:28 85760 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\RegWiz.exe + 2008-11-20 14:28 . 2008-11-20 14:28 16640 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\RegistryDefragHelper.exe + 2008-11-20 14:28 . 2008-11-20 14:28 38144 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\PMLauncher.exe + 2008-11-20 14:28 . 2008-11-20 14:28 42752 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\OneClickStarter.exe + 2008-11-12 14:44 . 2008-11-12 14:44 25856 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\DseShExtx86.dll + 2008-11-12 14:44 . 2008-11-12 14:44 17152 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\authuitu_x86.dll + 2009-08-08 13:36 . 2009-08-08 13:36 12288 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat + 2009-08-08 13:36 . 2009-08-08 13:36 12288 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat + 2009-08-07 17:31 . 2009-08-07 17:31 768512 c:\windows\Installer\136b53.msi + 2008-11-20 14:30 . 2008-11-20 14:30 915712 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\WinStyler.exe + 2008-11-20 14:30 . 2008-11-20 14:30 218880 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\UpdateWizard.exe + 2008-11-20 14:30 . 2008-11-20 14:30 280320 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\UninstallManager.exe + 2008-11-20 14:30 . 2008-11-20 14:30 238336 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\Undelete.exe + 2008-11-12 14:44 . 2008-11-12 14:44 887552 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\TUDefragService.dll + 2008-11-20 14:30 . 2008-11-20 14:30 341760 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\SystemInformation.exe + 2008-11-20 14:30 . 2008-11-20 14:30 129280 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\SystemControl.exe + 2008-11-20 14:30 . 2008-11-20 14:30 352000 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\StartUpManager.exe + 2008-11-20 14:30 . 2008-11-20 14:30 921344 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\SilentUpdater.exe + 2008-11-20 14:29 . 2008-11-20 14:29 173824 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\Shredder.exe + 2008-11-20 14:29 . 2008-11-20 14:29 227072 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\ShortcutCleaner.exe + 2008-11-20 14:29 . 2008-11-20 14:29 197376 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\RescueCenter.exe + 2008-11-20 14:29 . 2008-11-20 14:29 166144 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\RepairWizard.exe + 2008-11-20 14:28 . 2008-11-20 14:28 327936 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\RegistryEditor.exe + 2008-11-20 14:28 . 2008-11-20 14:28 160000 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\RegistryDefrag.exe + 2008-11-20 14:28 . 2008-11-20 14:28 504576 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\RegistryCleaner.exe + 2008-11-20 14:28 . 2008-11-20 14:28 272952 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\ProductInfo.dat + 2008-11-20 14:28 . 2008-11-20 14:28 397568 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\ProcessManager.exe + 2008-11-20 14:28 . 2008-11-20 14:28 593152 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\OneClick.exe + 2008-11-20 14:28 . 2008-11-20 14:28 155904 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\MemOptimizer.exe + 2008-11-20 14:28 . 2008-11-20 14:28 221952 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\DriveDefrag.exe + 2008-11-20 14:28 . 2008-11-20 14:28 463104 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\DiskExplorer.exe + 2008-11-20 14:28 . 2008-11-20 14:28 163584 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\DiskDoctor.exe + 2009-08-08 13:36 . 2009-08-08 13:36 196608 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat + 2009-08-08 13:36 . 2009-08-08 13:36 237568 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT + 2009-08-08 13:36 . 2009-08-08 13:36 237568 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT + 2009-04-29 16:40 . 2009-04-29 16:40 8641536 c:\windows\Installer\136c61.msp + 2008-11-20 14:30 . 2008-11-20 14:30 1182464 c:\windows\Installer\$PatchCache$\Managed\86092A55EC2FC65419848C9678E93275\8.0.1100\SpeedOptimizer.exe + 2009-08-08 13:36 . 2009-08-08 13:36 4907008 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768] "CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480] "LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2005-03-16 204800] "Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2006-07-10 86016] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-07-14 798810] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-10 148888] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-10 1948440] "COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2009-07-10 1655552] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512] "HiYo"="c:\program files\HiYo\bin\HiYo.exe" [2009-03-19 197936] "HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2006-07-17 65536] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-07-18 180269] "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488] "SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2005-09-16 557056] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-07-06 16251904] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-04-10 15360] c:\documents and settings\glenn willems\Menu Start\Programma's\Opstarten\ Microsoft Office Snelzoeken.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-2-3 111376] Office Opstarten.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-2-3 51984] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-07-10 14:39 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\guard32.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ 'autocheck autochk *' [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk backup=c:\windows\pss\Adobe Reader Snelle start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Snelstart HP Image Zone.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Snelstart HP Image Zone.lnk backup=c:\windows\pss\Snelstart HP Image Zone.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\Program Files\\NetMeeting\\Conf.exe"= "c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"= "c:\\Program Files\\InterVideo\\MediaOne Gallery\\mediaone.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"= "c:\\Program Files\\Cyanide\\Pro Cycling Manager - Season 2008\\PCM.exe"= "c:\\Program Files\\Cyanide\\Pro Cycling Manager - Season 2008\\Autorun\\Exe\\Autorun.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [10/07/2009 20:32 3468904] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/07/2009 16:39 335752] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/07/2009 16:39 108552] R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [10/07/2009 19:41 87056] R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10/07/2009 19:41 24208] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/07/2009 16:38 298776] R2 eID CRL Service;eID CRL Service;c:\windows\system32\beidservicecrl.exe [19/02/2007 15:16 225280] R2 eID Privacy Service;eID Privacy Service;c:\windows\system32\beidservicepcsc.exe [19/02/2007 15:16 331776] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [7/08/2009 19:36 604416] S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [24/03/2006 19:14 33536] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Inhoud van de 'Gedeelde Taken' map 2009-08-08 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37] 2009-08-06 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://mystart.hiyo.com/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Search FF - ProfilePath - c:\documents and settings\glenn willems\Application Data\Mozilla\Firefox\Profiles\0ley9tuy.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.be FF - prefs.js: keyword.URL - hxxp://mystart.hiyo.com/?loc=ff_address&search= FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-08 15:42 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(4072) c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe c:\windows\system32\scardsvr.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\COMODO\Firewall\cmdagent.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\HPZipm12.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe c:\windows\ehome\ehmsas.exe . ************************************************************************** . Voltooingstijd: 2009-08-08 16:03 - machine werd herstart ComboFix-quarantined-files.txt 2009-08-08 14:03 ComboFix2.txt 2009-08-07 17:22 ComboFix3.txt 2009-07-10 15:58 Pre-Run: 5.877.088.256 bytes beschikbaar Post-Run: 5.907.615.744 bytes beschikbaar 354 --- E O F --- 2009-08-08 07:26