ComboFix 09-09-05.02 - Geert 06/09/2009 1:22.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1023.553 [GMT 2:00] Gestart vanuit: c:\documents and settings\Geert\Bureaublad\ComboFix.exe AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Geert\Application Data\inst.exe . ---- Voorgaande Run ------- . c:\documents and settings\Geert\Application Data\inst.exe . (((((((((((((((((((( Bestanden Gemaakt van 2009-08-05 to 2009-09-05 )))))))))))))))))))))))))))))) . 2009-09-05 22:51 . 2009-09-05 22:51 -------- d-----w- c:\documents and settings\Geert\Application Data\Malwarebytes 2009-09-05 22:51 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-05 22:51 . 2009-09-05 22:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-05 22:50 . 2009-09-05 22:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-05 22:50 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-05 21:40 . 2009-09-05 22:59 -------- d--h--r- c:\documents and settings\Geert\Onlangs geopend 2009-09-05 20:08 . 2009-09-05 20:08 -------- d-sh--w- c:\documents and settings\Geert\IECompatCache 2009-09-05 20:07 . 2009-09-05 20:07 -------- d-sh--w- c:\documents and settings\Geert\PrivacIE 2009-09-05 20:06 . 2009-09-05 20:06 -------- d-sh--w- c:\documents and settings\Geert\IETldCache 2009-09-05 20:02 . 2009-09-05 20:02 -------- d-----w- c:\windows\ie8updates 2009-09-05 19:58 . 2009-09-05 21:40 -------- dc-h--w- c:\windows\ie8 2009-09-05 19:56 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-09-05 19:56 . 2009-07-03 17:00 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-09-05 19:56 . 2009-07-03 17:00 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-09-05 16:23 . 2002-01-15 07:08 90112 ----a-w- c:\windows\system32\gsicon.exe 2009-09-05 16:23 . 2002-01-15 07:08 250114 ----a-w- c:\windows\system32\drivers\gwausb.sys 2009-09-05 16:23 . 2009-09-05 21:40 -------- d-----w- c:\program files\GlobespanVirata 2009-09-05 16:23 . 2002-01-15 07:08 27147 ----a-w- c:\windows\system32\drivers\gafwload.sys 2009-09-05 16:23 . 2002-01-15 07:08 25088 ----a-w- c:\windows\system32\CoInst.dll 2009-09-05 16:23 . 2002-01-15 07:08 16384 ----a-w- c:\windows\system32\dslagent.exe 2009-09-05 16:23 . 2002-01-15 07:08 24576 ------w- c:\windows\system32\delaySpawn.exe 2009-09-05 16:22 . 2002-01-15 07:08 110592 ------w- c:\windows\system32\gspnDll.dll 2009-09-05 16:22 . 2002-01-15 07:08 98304 ------w- c:\windows\system32\instDll.dll 2009-09-05 12:05 . 2009-09-05 12:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-09-05 12:04 . 2009-09-05 12:04 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-09-05 12:04 . 2009-09-05 12:04 -------- d-----w- c:\documents and settings\Geert\Application Data\SUPERAntiSpyware.com 2009-09-05 12:04 . 2009-09-05 12:04 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-08-25 15:59 . 2009-08-25 16:00 -------- d-----w- c:\program files\QuickTime 2009-08-25 15:59 . 2009-08-25 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-08-23 13:58 . 2002-02-27 15:50 197120 ----a-w- c:\windows\patchw32.dll 2009-08-23 13:58 . 2009-08-23 13:58 -------- d-----w- c:\program files\Common Files\PocketSoft 2009-08-23 13:41 . 2009-08-23 13:41 -------- d-----w- c:\documents and settings\Geert\Application Data\Atari 2009-08-23 13:38 . 2009-08-30 16:56 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll 2009-08-13 17:50 . 2001-08-17 19:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys 2009-08-13 17:50 . 2001-08-17 19:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-05 23:30 . 2009-04-13 23:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-09-05 21:40 . 2009-04-13 19:50 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-03 19:32 . 2009-05-18 20:15 -------- d-----w- c:\documents and settings\Geert\Application Data\FrostWire 2009-08-29 01:52 . 2009-04-18 16:59 -------- d-----w- c:\documents and settings\Geert\Application Data\Skype 2009-08-11 12:32 . 2009-05-18 20:14 -------- d-----w- c:\program files\FrostWire 2009-08-11 12:12 . 2009-04-14 19:18 -------- d-----w- c:\program files\Windows Live 2009-08-06 22:06 . 2009-04-16 00:07 -------- d-----w- c:\program files\Java 2009-08-06 15:41 . 2009-08-04 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-08-06 15:41 . 2009-08-04 21:46 -------- d-----w- c:\program files\NOS 2009-08-05 09:01 . 2004-08-04 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-02 16:36 . 2009-05-31 19:43 -------- d-----w- c:\documents and settings\Geert\Application Data\DivX 2009-08-01 11:58 . 2009-05-18 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink 2009-07-30 21:33 . 2009-07-30 21:33 -------- d-----w- c:\program files\Kwekker 2009-07-25 03:23 . 2009-04-16 00:08 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-17 19:04 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-11 20:13 . 2009-07-11 20:07 -------- d-----w- c:\program files\FrostWire Ultra Accelerator 2009-07-11 19:28 . 2009-05-24 13:30 128016 ----a-w- c:\windows\system32\drivers\kl1.sys 2009-07-11 19:22 . 2009-04-13 23:07 724000 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2009-07-11 19:22 . 2009-04-13 23:07 72056 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2009-07-11 19:22 . 2009-04-13 23:07 254144 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-07-11 19:22 . 2009-04-13 23:07 18661920 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-07-11 19:16 . 2009-05-31 18:57 -------- d-----w- c:\program files\DivX 2009-07-11 19:16 . 2009-05-31 18:57 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-07-11 19:15 . 2009-07-05 16:32 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-07-11 19:13 . 2009-07-11 19:03 -------- dc----w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} 2009-07-11 17:49 . 2004-08-04 12:00 69614 ----a-w- c:\windows\system32\perfc013.dat 2009-07-11 17:49 . 2004-08-04 12:00 442318 ----a-w- c:\windows\system32\perfh013.dat 2009-07-05 16:34 . 2009-07-05 16:59 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-07-05 16:34 . 2009-07-05 16:37 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-07-03 19:30 . 2009-07-03 19:30 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat 2009-07-03 17:00 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-25 08:27 . 2004-08-04 12:00 735232 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:27 . 2004-08-04 12:00 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:27 . 2004-08-04 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:27 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-25 08:27 . 2004-08-04 12:00 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:27 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-24 11:18 . 2004-08-04 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-22 20:25 . 2009-04-13 23:07 94643 ----a-w- c:\windows\system32\drivers\klick.dat 2009-06-22 20:25 . 2009-04-13 23:07 105395 ----a-w- c:\windows\system32\drivers\klin.dat 2009-06-16 14:40 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:40 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 10:45 . 2004-08-04 12:00 82432 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-15 10:45 . 2004-08-04 12:00 79872 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:16 . 2004-08-04 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 07:22 . 2009-04-13 18:44 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:16 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2007-02-01 16:02 . 2009-05-01 23:57 313344 ----a-w- c:\program files\hjsplit.exe 2004-03-11 11:27 . 2009-04-14 10:50 40960 ----a-w- c:\program files\Uninstall_CDS.exe 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Pando"="c:\program files\Pando Networks\Pando\pando.exe" [2009-04-14 4044616] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504] "Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [BU] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-04 1994480] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2004-11-04 1569280] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056] "RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768] "InCD"="c:\program files\Ahead\InCD\InCD.exe" [2004-09-07 1400944] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-24 198160] "avp"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-05-25 303376] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-05 520024] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-08-03 577536] "GSICONEXE"="GSICON.EXE" - c:\windows\system32\gsicon.exe [2002-01-15 90112] "DSLAGENTEXE"="dslagent.exe" - c:\windows\system32\dslagent.exe [2002-01-15 16384] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Catalyst System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-8-12 45056] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664] Snelstart HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Pando Networks\\Pando\\pando.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "57320:TCP"= 57320:TCP:Pando P2P TCP Listening Port "57320:UDP"= 57320:UDP:Pando P2P UDP Listening Port R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 17:29 33808] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/07/2009 18:37 64160] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [4/09/2009 14:50 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/09/2009 14:49 74480] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1029456] R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.sys [13/04/2009 21:51 16269] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 17:06 31760] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16/05/2009 20:59 19472] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/09/2009 14:50 7408] S2 gafwload;GlobespanVirata USB ADSL Loader;c:\windows\system32\drivers\gafwload.sys [5/09/2009 18:23 27147] S3 Ca100v;2Mega Camera, WDM Video Capture;c:\windows\system32\drivers\Ca100v.sys [14/04/2009 12:32 516635] S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?] S3 USBCamera;DSC Still Image Capture (CA100);c:\windows\system32\drivers\Bulk100.sys [14/04/2009 12:32 10986] --- Andere Services/Drivers In Geheugen --- *NewlyCreated* - ASNDIS5 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Inhoud van de 'Gedeelde Taken' map 2009-08-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 16:34] 2009-08-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-09-05 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 15:04] 2009-09-05 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 15:04] . - - - - ORPHANS VERWIJDERD - - - - Toolbar-Locked - (no file) . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ TCP: {4876D8F0-8C44-45EB-9054-1992A29BC318} = 193.74.208.65 194.119.228.67 FF - ProfilePath - c:\documents and settings\Geert\Application Data\Mozilla\Firefox\Profiles\fd6zkutm.default\ FF - prefs.js: browser.startup.homepage - www.google.be FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-06 01:30 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{05AF50AA-22D7-AA1D-A4F48F393CAE2202}\{78C6AA3D-BD77-7FA2-B188C82FA3887936}\{102B7915-3D5B-6524-E77B0FDDDBDD9024}*] "LSCX6OS6CUE23CADYJ1EDNAYZB1"=hex:01,00,01,00,00,00,00,00,84,f4,18,cc,15,d6,8a, 18,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{17739CC8-1062-40F7-1C3862585ABD2CDA}\{84278681-95F8-776A-6C175249145B2CFC}\{113E55B4-CE67-C34A-F065E12B6143C7DD}*] "J2A1ZR6453RPS1E6UHTZSAIJVG1"=hex:01,00,01,00,00,00,00,00,3f,70,c6,c0,1a,a8,f2, 2e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{18D6E519-4C27-E4AD-074C5D1F171B40FB}\{8D7A772B-93EE-6905-4C751BA1B544AFC9}\{7029C73E-0020-BA9C-F3FADF03D99AF0E6}*] "CITRAFWHUJWI6GYQCXHBKME4PB1"=hex:01,00,01,00,00,00,00,00,05,28,52,5d,c2,3e,02, a8,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{210BD7C7-47ED-BBE9-95D0F9FAA3BD0E97}\{C5D4C247-F1D1-D183-A63FC2DFAAC29AA3}\{B55B3474-A2E6-F6F7-4AD088E6434601A2}*] "XWSS3A62RAQPICM6YY6IFEFNLH1"=hex:01,00,01,00,00,00,00,00,ea,6e,1a,37,df,e6,41, cd,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{28E9A2DF-E65E-D85A-85759F1A85229B2E}\{8098DB1F-177D-3A31-208A24FCBB357FA9}\{15CEB269-F259-C879-5DE6F8EB9C542703}*] "J2A1ZR6453RPS1E6UHTZSAIJVG1"=hex:01,00,01,00,00,00,00,00,3f,70,c6,c0,1a,a8,f2, 2e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2E59814C-B3DE-44FB-94965C0366D98DF0}\{ABEB2D87-DFA0-F53D-992658CC296F0BC9}\{4501FB50-D3D7-43DD-41A9BB47FD107040}*] "{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,84,16,6e, 0a,38,4f,a0,2f,09,32,ab,60,47,52,4c,57,f2,1a,60,58,05,46,27,9a,ec,35,4d,a6,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{36A83BB8-F88B-C649-635463C8C05AC14F}\{B15264AB-0199-3F85-E804346070B10C97}\{1DF6944D-48A5-7AC3-364F976F1552112E}*] "QZ21DP5SK2MFT1C6W16XU35XZE1"=hex:01,00,01,00,00,00,00,00,8f,2c,86,29,07,0c,47, ba,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{42E6D7B2-B1C8-2837-2B153136718EFEB8}\{8E0BC5B0-8FBD-4DC6-72B4724501FBC409}\{8BABC9F6-A6DF-6175-8337ACE301A74A27}*] "QZ21DP5SK2MFT1C6W16XU35XZE1"=hex:01,00,01,00,00,00,00,00,8f,2c,86,29,07,0c,47, ba,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{454884EE-A952-6288-D98E4C6628C57FD8}\{4E2828CC-5D4E-CAA4-0B0E2FF0C61DD876}\{D33FFB02-83E4-6D49-8432C9C83D6B1A26}*] "XK5HY5WLYEEGV4PIL3R5ZWXPXG1"=hex:01,00,01,00,00,00,00,00,c9,52,8f,87,6c,1d,5d, 09,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4D36E769-B7A1-49B0-7FF57AC1710650DC}\{A2C50D74-0103-0472-B4B4032F319B5A49}\{CF55CBC2-03B6-AE3E-9F7994016B214C0B}*] "{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,84,16,6e, 0a,38,4f,a0,2f,09,32,ab,60,47,52,4c,57,f2,1a,60,58,05,46,27,9a,ec,35,4d,a6,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{61A3D62A-E669-8B2B-95B7C505631D6590}\{1D71893B-0DD3-8FF9-31AA9E7B284EB027}\{CF9E2073-5E5A-1B13-96346A906352FBBE}*] "CITRAFWHUJWI6GYQCXHBKME4PB1"=hex:01,00,01,00,00,00,00,00,05,28,52,5d,c2,3e,02, a8,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6394A16B-F803-48C7-678A5F5C0D5AF33B}\{084FA269-25E9-EAF9-79282C5961DBAAF7}\{1F365BB6-4338-38B7-EE9F8ECE49C04569}*] "Q26PL4FQHJUJZ3LIWTO55QWZUE1"=hex:01,00,01,00,00,00,00,00,9e,fe,4e,39,dc,da,21, d0,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7105F8B9-026E-CFD3-5D9F0001C57F1CEC}\{AACA605D-194C-A7AC-E2A3B1335A37F3B8}\{651E2FC5-8B06-4659-81C7FD9235B0E0BA}*] "LSCX6OS6CUE23CADYJ1EDNAYZB1"=hex:01,00,01,00,00,00,00,00,84,f4,18,cc,15,d6,8a, 18,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{71AAA611-245D-D09F-882845FC5EAA24CC}\{DFD26894-68B9-4777-FDD1761F9E74CD53}\{F10C9B44-6C01-0B82-830AFBCCD029C402}*] "QZ21DP5SK2MFT1C6W16XU35XZE1"=hex:01,00,01,00,00,00,00,00,8f,2c,86,29,07,0c,47, ba,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{75C78964-9FAD-014A-8CC7FBADED2C52DF}\{536ADE09-4683-F194-E6EBF180967FA049}\{3462E639-3971-056E-531C3527F72CD4AF}*] "XK5HY5WLYEEGV4PIL3R5ZWXPXG1"=hex:01,00,01,00,00,00,00,00,c9,52,8f,87,6c,1d,5d, 09,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{793A0CD2-18B8-B505-D2705730ED7730B5}\{224F5FE7-6AB9-E5AA-092A0B3F1E7E0249}\{E87C09AA-1A97-D30E-8C0D3EFE96A56BA8}*] "J2A1ZR6453RPS1E6UHTZSAIJVG1"=hex:01,00,01,00,00,00,00,00,3f,70,c6,c0,1a,a8,f2, 2e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{84989203-5DE8-3073-8BE62EC2F2FBE831}\{944CD226-8AE2-56C7-1A2253B060F71AD3}\{34E7E91D-17F9-EA39-81692D881F65A730}*] "XWSS3A62RAQPICM6YY6IFEFNLH1"=hex:01,00,01,00,00,00,00,00,ea,6e,1a,37,df,e6,41, cd,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9C6A2914-9038-5A93-8E4E2AA93031FE8A}\{46AC4424-D398-E69C-9CDA7740FD2FECA9}\{CDFE3DAA-B6EE-697E-028EC491D3BD395C}*] "Q26PL4FQHJUJZ3LIWTO55QWZUE1"=hex:01,00,01,00,00,00,00,00,9e,fe,4e,39,dc,da,21, d0,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B3A3A58F-967E-A40A-C7DDFB524B0CDFB3}\{B28E8422-363F-1C4B-CC056478281B7FCE}\{569EFB20-10B3-C9F5-895B6A19B8852344}*] "XWSS3A62RAQPICM6YY6IFEFNLH1"=hex:01,00,01,00,00,00,00,00,ea,6e,1a,37,df,e6,41, cd,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C90A28BC-773C-126D-283406BB2257B96E}\{E82646F0-1D13-3C7B-9DA42BF4D45399EA}\{81435B8A-EA08-C688-E11E2C0E41CEF69E}*] "Q26PL4FQHJUJZ3LIWTO55QWZUE1"=hex:01,00,01,00,00,00,00,00,9e,fe,4e,39,dc,da,21, d0,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D19C1E37-C88F-6D4D-695F1151D26FA9B0}\{82ADB184-4273-F4A9-8B3869F4D9D9F30C}\{3C71EBCF-572C-11DA-DA6A44EB5C52EFBA}*] "XK5HY5WLYEEGV4PIL3R5ZWXPXG1"=hex:01,00,01,00,00,00,00,00,c9,52,8f,87,6c,1d,5d, 09,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F1AB0511-A375-41F8-28F286EA5B314AE1}\{CDE856FA-B0FC-53AE-2E76D427065C9F08}\{06F28CA4-0E64-79D3-A5453F20806788AF}*] "{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,84,16,6e, 0a,38,4f,a0,2f,09,32,ab,60,47,52,4c,57,f2,1a,60,58,05,46,27,9a,ec,35,4d,a6,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F2F43379-985D-E7AE-2F5BD6B18999A07F}\{64C9A7C2-676E-3AEC-13AF6B278F65FD89}\{7B815B3C-162E-096A-EBEBEFD33B1AE416}*] "LSCX6OS6CUE23CADYJ1EDNAYZB1"=hex:01,00,01,00,00,00,00,00,84,f4,18,cc,15,d6,8a, 18,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F9E7FB8A-7FC0-F5C6-C2C005BCC6E52A75}\{38D64012-6403-EA81-41E60280EAB79558}\{8D4E630B-001F-4733-DF87B943421629E7}*] "CITRAFWHUJWI6GYQCXHBKME4PB1"=hex:01,00,01,00,00,00,00,00,05,28,52,5d,c2,3e,02, a8,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(796) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\documents and settings\Geert\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3612) c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\program files\Microsoft Office\OFFICE11\msohev.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Ahead\InCD\InCDsrv.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\UAService7.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\wscntfy.exe c:\program files\HP\Digital Imaging\bin\hpqgalry.exe c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe . ************************************************************************** . Voltooingstijd: 2009-09-05 1:33 - machine werd herstart ComboFix-quarantined-files.txt 2009-09-05 23:33 Pre-Run: 46.326.898.688 bytes beschikbaar Post-Run: 46.334.259.200 bytes beschikbaar WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 346 --- E O F --- 2009-08-28 17:46