ComboFix 09-08-08.04 - Eigenaar 09/08/2009 14:33.4.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.2942.821 [GMT 2:00] Gestart vanuit: c:\users\Eigenaar\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Eigenaar\Desktop\cfscript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604} SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt FILE :: "c:\windows\Tasks\Defraggler Volume C Task.job" . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Defraggler c:\program files\Defraggler\Defraggler.exe c:\program files\Defraggler\df.exe c:\program files\Defraggler\exception.txt c:\program files\Defraggler\lang-1043.dll c:\users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4 .lnk c:\users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1 .lnk c:\windows\Tasks\Defraggler Volume C Task.job . (((((((((((((((((((( Bestanden Gemaakt van 2009-07-09 to 2009-08-09 )))))))))))))))))))))))))))))) . 2009-08-09 12:39 . 2009-08-09 12:39 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-08-08 11:26 . 2009-08-08 11:26 -------- d-----w- c:\users\Eigenaar\AppData\Local\Promosoft Corporation 2009-08-08 11:26 . 2009-08-08 11:26 -------- d-----w- c:\program files\Promosoft Corporation 2009-08-07 09:11 . 2009-08-07 09:11 -------- d-----w- c:\program files\FindyKill 2009-08-04 08:50 . 2009-08-04 08:50 -------- d-----w- c:\program files\SystemRequirementsLab 2009-07-26 14:54 . 2009-07-26 14:57 -------- d-----w- c:\windows\system32\ca-ES 2009-07-26 14:54 . 2009-07-26 14:57 -------- d-----w- c:\windows\system32\eu-ES 2009-07-26 14:54 . 2009-07-26 14:57 -------- d-----w- c:\windows\system32\vi-VN 2009-07-26 12:54 . 2009-07-26 12:54 -------- d-----w- c:\windows\system32\EventProviders 2009-07-26 06:21 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll 2009-07-26 06:19 . 2009-04-11 06:28 56320 ----a-w- c:\windows\system32\xmlfilter.dll 2009-07-26 06:18 . 2009-04-11 06:28 42496 ----a-w- c:\windows\system32\slcinst.dll 2009-07-26 06:17 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll 2009-07-23 11:18 . 2009-07-23 11:18 -------- d-----w- c:\program files\Lavalys 2009-07-23 11:09 . 2009-07-23 11:09 -------- d-----w- c:\program files\Trend Micro 2009-07-21 15:39 . 2009-07-21 15:39 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-07-21 15:38 . 2009-07-21 15:38 38208 ----a-w- c:\users\Eigenaar\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-07-15 07:39 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll 2009-07-15 07:39 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll 2009-07-15 07:39 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll 2009-07-15 07:39 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll 2009-07-15 07:39 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll 2009-07-15 07:39 . 2009-04-11 06:28 34304 ----a-w- c:\windows\system32\atmlib.dll 2009-07-15 07:04 . 2009-07-15 11:17 1 ----a-w- c:\users\Eigenaar\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-07-15 07:03 . 2009-07-15 07:03 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\OpenOffice.org 2009-07-14 13:14 . 2009-07-14 13:14 -------- d-----w- c:\program files\JRE 2009-07-14 12:59 . 2009-07-14 13:14 -------- d-----w- c:\program files\OpenOffice.org 3 2009-07-12 15:49 . 2009-07-12 15:49 -------- d-----w- c:\windows\ASUSInstAll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-09 12:09 . 2006-11-02 16:11 670070 ----a-w- c:\windows\system32\perfh013.dat 2009-08-09 12:09 . 2006-11-02 16:11 40196 ----a-w- c:\windows\system32\perfc013.dat 2009-08-09 12:04 . 2007-12-19 14:28 -------- d-----w- c:\programdata\Google Updater 2009-08-09 12:02 . 2008-01-24 11:41 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\WTablet 2009-08-06 13:25 . 2007-06-14 08:48 -------- d-----w- c:\program files\Java 2009-08-06 10:38 . 2007-12-20 09:55 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-08-02 07:35 . 2009-06-07 12:46 -------- d-----w- c:\programdata\AVG Security Toolbar 2009-07-31 10:19 . 2008-09-13 16:20 -------- d-----w- c:\program files\Microsoft Silverlight 2009-07-30 15:43 . 2007-06-14 06:47 1356 ----a-w- c:\users\Eigenaar\AppData\Local\d3d9caps.dat 2009-07-29 07:26 . 2008-12-25 16:43 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-07-29 07:26 . 2008-12-25 16:43 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-07-29 07:26 . 2008-12-25 16:43 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-07-26 16:42 . 2008-05-21 13:35 8854 ----a-r- c:\users\Eigenaar\AppData\Roaming\Microsoft\Installer\{373C3DAE-62C8-4F63-887C-769A8986ED50}\Uninstall_GameShadow_373C3DAE62C84F63887C769A8986ED50.exe 2009-07-26 16:42 . 2008-05-21 13:35 45056 ----a-r- c:\users\Eigenaar\AppData\Roaming\Microsoft\Installer\{373C3DAE-62C8-4F63-887C-769A8986ED50}\GameShadow.exe1_0A3DE514292C4EBA987823B82B0B2BA2.exe 2009-07-26 16:42 . 2008-05-21 13:35 45056 ----a-r- c:\users\Eigenaar\AppData\Roaming\Microsoft\Installer\{373C3DAE-62C8-4F63-887C-769A8986ED50}\GameShadow.exe_0A3DE514292C4EBA987823B82B0B2BA2.exe 2009-07-26 16:42 . 2008-05-21 13:35 45056 ----a-r- c:\users\Eigenaar\AppData\Roaming\Microsoft\Installer\{373C3DAE-62C8-4F63-887C-769A8986ED50}\ARPPRODUCTICON.exe 2009-07-26 14:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar 2009-07-26 14:58 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar 2009-07-26 14:58 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-07-26 14:58 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration 2009-07-26 14:58 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal 2009-07-26 14:58 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery 2009-07-26 14:58 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender 2009-07-26 14:53 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-07-26 13:51 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont 2009-07-25 03:23 . 2008-12-02 09:22 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-24 14:48 . 2007-06-14 07:08 319456 ----a-w- c:\windows\DIFxAPI.dll 2009-07-24 14:48 . 2007-06-14 07:08 -------- d-----w- c:\program files\Realtek 2009-07-24 14:11 . 2007-06-14 07:08 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-24 14:02 . 2007-08-05 21:36 -------- d-----w- c:\program files\Ubisoft 2009-07-24 09:34 . 2009-06-14 19:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-24 08:17 . 2009-06-27 09:18 3775176 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-07-21 21:52 . 2009-07-29 11:17 915456 ----a-w- c:\windows\system32\wininet.dll 2009-07-21 21:47 . 2009-07-29 11:17 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-07-21 21:47 . 2009-07-29 11:17 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-07-21 20:13 . 2009-07-29 11:17 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-07-15 06:35 . 2007-06-14 06:48 84280 ----a-w- c:\users\Eigenaar\AppData\Local\GDIPFONTCACHEV1.DAT 2009-07-14 12:59 . 2008-09-02 15:36 -------- d-----w- c:\program files\OpenOffice.org 2.4 2009-07-14 12:54 . 2008-09-03 07:18 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\OpenOffice.org2 2009-07-14 12:48 . 2008-09-03 07:27 1 ----a-w- c:\users\Eigenaar\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys 2009-07-13 11:36 . 2009-06-14 19:38 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-13 11:36 . 2009-06-14 19:38 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-12 15:17 . 2007-06-23 12:19 -------- d-----w- c:\program files\QuickTime 2009-07-12 15:14 . 2007-06-23 12:15 -------- d-----w- c:\program files\SSI 2009-07-02 15:35 . 2007-06-14 09:30 -------- d-----w- c:\programdata\Microsoft Help 2009-06-14 19:38 . 2009-06-14 19:38 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\Malwarebytes 2009-06-14 19:38 . 2009-06-14 19:38 -------- d-----w- c:\programdata\Malwarebytes 2009-06-14 14:08 . 2009-07-07 14:48 1004800 ----a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll 2009-05-31 13:09 . 2009-05-31 13:09 1878984 ----a-w- c:\users\Eigenaar\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe 2005-01-05 14:26 . 2005-01-05 14:26 1060864 ----a-w- c:\program files\MFC71.dll1 2005-01-05 14:26 . 2005-01-05 14:26 1060864 ----a-w- c:\program files\MFC71.dll 2008-10-05 07:49 . 2007-07-11 08:26 2516 --sha-w- c:\windows\System32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( SnapShot@2009-07-29_17.00.26 ))))))))))))))))))))))))))))))))))))))))) . + 2007-06-22 20:31 . 2009-08-09 12:03 85974 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2006-11-02 13:05 . 2009-08-09 12:03 83918 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2007-06-14 07:03 . 2009-08-09 12:03 12012 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-224416198-1195233107-3881267180-1000_UserData.bin + 2006-11-02 13:02 . 2009-08-09 12:25 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2006-11-02 13:02 . 2009-07-29 16:44 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-08-06 13:30 . 2009-08-06 13:30 61440 c:\windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\58fb3e0f-2c9f562d-n\decora-sse.dll + 2009-08-06 13:30 . 2009-08-06 13:30 12800 c:\windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\58fb3e0f-2c9f562d-n\decora-d3d.dll + 2006-11-02 13:02 . 2009-08-09 12:25 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2006-11-02 13:02 . 2009-07-29 16:44 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2006-11-02 13:02 . 2009-07-29 16:44 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2006-11-02 13:02 . 2009-08-09 12:25 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2007-08-11 08:16 . 2009-07-29 14:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2007-08-11 08:16 . 2009-08-09 07:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2007-08-11 08:16 . 2009-08-09 07:22 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2007-08-11 08:16 . 2009-07-29 14:05 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2007-08-11 08:16 . 2009-08-09 07:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2007-08-11 08:16 . 2009-07-29 14:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2006-11-02 10:25 . 2009-08-02 09:49 51200 c:\windows\inf\infpub.dat - 2006-11-02 10:25 . 2009-07-28 08:50 51200 c:\windows\inf\infpub.dat + 2007-06-14 12:02 . 2009-08-03 17:36 7250 c:\windows\System32\WDI\ERCQueuedResolutions.dat + 2009-08-09 12:01 . 2009-08-09 12:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2009-07-29 15:35 . 2009-07-29 15:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2009-07-29 15:35 . 2009-07-29 15:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-08-09 12:01 . 2009-08-09 12:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2006-11-02 10:33 . 2009-07-29 15:53 589884 c:\windows\System32\perfh009.dat + 2006-11-02 10:33 . 2009-08-09 12:09 589884 c:\windows\System32\perfh009.dat - 2006-11-02 10:33 . 2009-07-29 15:53 101896 c:\windows\System32\perfc009.dat + 2006-11-02 10:33 . 2009-08-09 12:09 101896 c:\windows\System32\perfc009.dat + 2009-08-06 13:25 . 2009-07-25 03:23 149280 c:\windows\System32\javaws.exe + 2009-08-06 13:25 . 2009-07-25 03:23 145184 c:\windows\System32\javaw.exe + 2009-08-06 13:25 . 2009-07-25 03:23 145184 c:\windows\System32\java.exe - 2009-07-02 15:50 . 2009-07-27 15:52 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-07-02 15:50 . 2009-08-07 12:35 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-08-06 13:30 . 2009-08-06 13:30 348160 c:\windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\58fb3e0f-2c9f562d-n\msvcr71.dll + 2009-08-06 13:30 . 2009-08-06 13:30 503808 c:\windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\58fb3e0f-2c9f562d-n\msvcp71.dll + 2009-08-06 13:30 . 2009-08-06 13:30 499712 c:\windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\58fb3e0f-2c9f562d-n\jmc.dll - 2006-11-02 10:25 . 2009-07-28 08:50 143360 c:\windows\inf\infstrng.dat + 2006-11-02 10:25 . 2009-08-02 09:49 143360 c:\windows\inf\infstrng.dat + 2008-12-08 14:11 . 2008-12-08 14:11 267568 c:\windows\Downloaded Program Files\sysreqlab_srl.dll + 2009-07-31 07:59 . 2009-07-31 07:59 15705600 c:\windows\Installer\f570b.msp . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-19 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832] "eBayToolbar"="c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2009-01-21 632048] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-06 29744] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-29 2000152] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-09 4390912] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-6-13 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GO333C~1\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys] @="FSFilter System Recovery" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):06,69,99,a3,02,0e,ca,01 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{82FE20DE-385F-46DD-9B45-74989CD1E1BD}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{784B3320-100B-4964-9E5A-04D350E9FBFA}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{DF7784CB-9122-4815-9FDC-BF62CD306130}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{0D999842-F67E-4DA3-8028-87393EC5BB30}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{590005BD-D57E-4CD8-A4E3-E054BAE5CFB0}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "TCP Query User{A2E94754-08A4-4435-AE1D-D386DB6F9C9C}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{BE4F774D-0468-4944-AC65-1FC4A9F27282}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{B0BD5451-EF1E-4F7A-A679-B5E46FE1D84B}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{F5341A94-7A7F-4ED7-BD64-41FE1B15A183}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox "{8EFC620D-3BBE-45B1-9B88-DE84B9B42186}"= UDP:c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe:Spy Sweeper "{8D126528-029C-4568-86D5-CF6DD571F218}"= TCP:c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe:Spy Sweeper "{8B749FBD-AF06-49C7-9010-A74BB817A3F9}"= UDP:c:\windows\System32\wercon.exe:Probleemrapporten en oplossingen "{C849E98C-FEF8-4483-98E4-3F791668827D}"= TCP:c:\windows\System32\wercon.exe:Probleemrapporten en oplossingen "{6E323290-90DD-473E-A853-40A3B1603AF5}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{5B3E38D1-8CE6-4DCB-914D-A1AAF71F53F5}c:\\windows\\system32\\ftp.exe"= UDP:c:\windows\system32\ftp.exe:FTP-bestandsoverdrachtprogramma "UDP Query User{07387096-7A5B-49FB-8987-3A0C9648E967}c:\\windows\\system32\\ftp.exe"= TCP:c:\windows\system32\ftp.exe:FTP-bestandsoverdrachtprogramma "TCP Query User{AF96F142-489E-4DE2-8920-A660847E6C08}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{803DC786-1139-4EBB-901A-F6B8F52CBB53}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{9AD351DA-557E-494F-92BE-5ED7367C27D9}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{F2BD1DFD-B541-4079-80C3-176CE831F2E6}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer "UDP Query User{01CEADC7-1314-4171-928E-542B3FABCE29}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer "{8D5E3AA2-2969-4A0C-B1A8-E9CA7EC2D6B4}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "{0AA63103-6183-4EB9-A709-191676E3E44A}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe "TCP Query User{57169AB2-18A6-42FB-8D84-899B3FB3C9E6}c:\\users\\eigenaar\\appdata\\local\\google\\chrome\\application\\chrome.exe"= UDP:c:\users\eigenaar\appdata\local\google\chrome\application\chrome.exe:chrome.exe "UDP Query User{0358E9A9-982F-438B-92D8-31D6F71DDEC7}c:\\users\\eigenaar\\appdata\\local\\google\\chrome\\application\\chrome.exe"= TCP:c:\users\eigenaar\appdata\local\google\chrome\application\chrome.exe:chrome.exe "TCP Query User{569B956A-08AF-4F35-AF6B-86380921D71D}c:\\program files\\real\\realplayer\\recordingmanager.exe"= UDP:c:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager "UDP Query User{088D7B5E-B2AD-454D-B3B1-71A95A842599}c:\\program files\\real\\realplayer\\recordingmanager.exe"= TCP:c:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [25/12/2008 18:43 335240] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [3/01/2009 16:01 108552] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [25/12/2008 18:42 297752] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\System32\drivers\LMIRfsDriver.sys [18/02/2008 18:52 46112] S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [6/07/2008 13:37 29744] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static] msiexec /fums {3A4E5ABE-E56F-CF60-9F13-8AB5B29C8960} /qb . Inhoud van de 'Gedeelde Taken' map 2009-08-09 c:\windows\Tasks\Controleren op updates voor Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20] 2009-08-08 c:\windows\Tasks\Free Registry Fix.job - c:\program files\Promosoft Corporation\Free Registry Fix\regfix.exe [2008-06-12 06:46] 2009-08-09 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-07 09:07] 2009-07-30 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] 2009-08-09 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] . - - - - ORPHANS VERWIJDERD - - - - SafeBoot-dmboot.sys SafeBoot-dmio.sys SafeBoot-dmload.sys SafeBoot-dmadmin SafeBoot-dmserver SafeBoot-SRService . ------- Bijkomende Scan ------- . mStart Page = hxxp://www.msn.com mWindow Title = Telenet Internet uSearchURL,(Default) = hxxp://g.msn.be/0SENLBE/SAOS01?FORM=TOOLBR IE: Zoeken op eBay - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} - hxxp://install.anark.com/client/version4/windows-ie/en/AMClient.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-09 14:40 Windows 6.0.6002 Service Pack 2 NTFS scannen van verborgen processen ... c:\windows\System32\Ati2evxx.exe [242932] 0xC5D92D90 c:\windows\System32\Ati2evxx.exe [11656] 0x84A2CD90 c:\windows\System32\Ati2evxx.exe [36760] 0x858C4238 c:\windows\System32\Ati2evxx.exe [48796] 0x85CB9968 c:\windows\System32\Ati2evxx.exe [48768] 0x85BFD020 c:\windows\System32\Ati2evxx.exe [46228] 0x85BDBB00 scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2009-08-09 14:42 ComboFix-quarantined-files.txt 2009-08-09 12:42 ComboFix2.txt 2009-07-30 14:38 ComboFix3.txt 2009-07-30 08:34 ComboFix4.txt 2009-07-29 17:07 Pre-Run: 180.288.884.736 bytes beschikbaar Post-Run: 180.306.542.592 bytes beschikbaar 289 --- E O F --- 2009-08-07 10:48