ComboFix 10-03-29.04 - MustiiQue 01-04-2010 22:02:11.1.2 - x86 Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.31.1043.18.2558.1657 [GMT 2:00] Gestart vanuit: c:\users\MustiiQue\Desktop\ComboFix.exe * Aanwezig AV is actief . /wow section - STAGE 1 (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500 c:\program files\Cheat Engine\dbk32.sys c:\windows\system32\ActNAV_cltDynam.dat . (((((((((((((((((((( Bestanden Gemaakt van 2010-03-01 to 2010-04-01 )))))))))))))))))))))))))))))) . 2010-04-01 20:10 . 2010-04-01 20:11 -------- d-----w- c:\users\MustiiQue\AppData\Local\temp 2010-04-01 20:10 . 2010-04-01 20:10 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-03-28 14:39 . 2010-03-28 14:39 -------- d-----w- c:\users\MustiiQue\AppData\Roaming\SopCast 2010-03-28 14:39 . 2010-03-28 14:39 -------- d-----w- c:\program files\SopCast 2010-03-27 23:16 . 2010-03-27 23:16 -------- d-----w- c:\users\MustiiQue\AppData\Roaming\IrfanView 2010-03-27 23:16 . 2010-03-27 23:16 -------- d-----w- c:\program files\IrfanView 2010-03-26 19:52 . 2010-03-26 19:52 -------- d-----w- c:\program files\Microsoft Silverlight 2010-03-25 21:13 . 2010-03-25 21:13 240128 ----a-w- c:\users\MustiiQue\AppData\Local\royal86.sys 2010-03-24 22:38 . 2010-03-28 20:04 -------- d-----w- c:\users\MustiiQue\Incomplete 2010-03-24 11:36 . 2010-03-24 11:36 -------- d-----w- C:\_CLTUI_E894D6B5_E3CA_4561_A244_272400640573_Session1 2010-03-24 11:36 . 2010-03-24 11:36 -------- d-----w- C:\_CLTUI_E894D6B5_E3CA_4561_A244_272400640573_Session0 2010-03-22 19:10 . 2010-03-24 00:12 -------- d-----w- c:\programdata\Norton 2010-03-22 19:10 . 2010-03-24 00:13 -------- d-----w- c:\programdata\NortonInstaller 2010-03-22 18:41 . 2006-11-29 12:06 440080 ----a-w- c:\windows\system32\d3dx10.dll 2010-03-22 18:40 . 2010-03-24 00:12 -------- d-----w- c:\windows\nvtmpinst 2010-03-22 18:40 . 2007-07-06 05:15 356352 ----a-w- c:\windows\system32\nvuninst.exe 2010-03-22 18:40 . 2007-07-06 05:15 356352 ----a-w- c:\windows\system32\nvudisp.exe 2010-03-17 22:36 . 2010-02-24 09:16 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-03-15 19:02 . 2010-03-27 23:05 -------- d-----w- c:\program files\Windows Live Safety Center 2010-03-14 15:02 . 2010-03-14 15:02 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2010-03-13 15:12 . 2010-03-13 15:12 240128 ----a-w- c:\windows\system32\drivers\royal.sys 2010-03-12 17:04 . 2010-03-12 17:04 31232 ----a-w- c:\windows\system32\httpapi.dll 2010-03-12 17:04 . 2010-03-12 17:04 396800 ----a-w- c:\windows\system32\drivers\http.sys 2010-03-12 17:04 . 2010-03-12 17:04 24064 ----a-w- c:\windows\system32\nshhttp.dll 2010-03-12 16:39 . 2010-03-13 15:18 -------- d-----w- c:\programdata\NVIDIA 2010-03-12 16:36 . 2010-03-12 16:39 -------- d-----w- c:\program files\NVIDIA Corporation 2010-03-12 16:31 . 2010-01-12 04:03 68200 ----a-w- c:\windows\system32\OpenCL.dll 2010-03-12 16:31 . 2010-01-12 04:03 2243176 ----a-w- c:\windows\system32\nvcuvid.dll 2010-03-12 16:31 . 2010-01-12 04:03 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll 2010-03-12 16:31 . 2010-01-12 04:03 4061800 ----a-w- c:\windows\system32\nvcuda.dll 2010-03-12 16:31 . 2010-01-12 04:03 182888 ----a-w- c:\windows\system32\nvcod189.dll 2010-03-12 16:31 . 2010-01-12 04:03 11639400 ----a-w- c:\windows\system32\nvcompiler.dll 2010-03-12 16:31 . 2007-07-06 05:15 360448 ----a-w- c:\windows\system32\nvapi.dll 2010-03-12 16:23 . 2010-03-12 16:23 552 ----a-w- c:\users\MustiiQue\AppData\Local\d3d8caps.dat 2010-03-12 01:01 . 2010-03-18 23:22 -------- d-----w- c:\users\MustiiQue\Bureaublad 2010-03-12 00:57 . 2010-03-13 03:04 1780160 ----a-w- c:\users\MustiiQue\AppData\Local\GDIPFONTCACHEV1.DAT 2010-03-12 00:56 . 2010-03-12 16:43 -------- d-----w- c:\users\MustiiQue\AppData\Local\VirtualStore 2010-03-12 00:56 . 2010-03-12 16:41 680 ----a-w- c:\users\MustiiQue\AppData\Local\d3d9caps.dat 2010-03-12 00:43 . 2010-03-12 00:43 -------- d-sh--we c:\users\Default\Sjablonen 2010-03-12 00:43 . 2010-03-12 00:43 -------- d-sh--we c:\users\Default\Netwerkprinteromgeving 2010-03-12 00:43 . 2010-03-12 00:43 -------- d-sh--we c:\users\Default\Mijn documenten 2010-03-12 00:43 . 2010-03-12 00:43 -------- d-sh--we c:\users\Default\Menu Start 2010-03-12 00:43 . 2010-03-12 00:43 -------- d-sh--we c:\users\Default\AppData\Local\Geschiedenis 2010-03-12 00:43 . 2010-03-12 00:43 -------- d-sh--we c:\programdata\Sjablonen 2010-03-12 00:43 . 2010-03-12 00:43 -------- d-sh--we c:\programdata\Menu Start 2010-03-12 00:43 . 2010-03-12 00:43 -------- d-sh--we c:\programdata\Favorieten 2010-03-12 00:43 . 2010-03-12 00:43 -------- d-sh--we c:\programdata\Documenten 2010-03-12 00:43 . 2010-03-12 00:43 -------- d-sh--we c:\programdata\Bureaublad 2010-03-12 00:42 . 2010-03-12 00:42 53472 ----a-w- c:\windows\system32\wuauclt.exe 2010-03-12 00:42 . 2010-03-12 00:42 44768 ----a-w- c:\windows\system32\wups2.dll 2010-03-12 00:42 . 2010-03-12 00:42 2421760 ----a-w- c:\windows\system32\wucltux.dll 2010-03-12 00:42 . 2010-03-12 00:42 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2010-03-12 00:41 . 2010-03-12 00:41 87552 ----a-w- c:\windows\system32\wudriver.dll 2010-03-12 00:41 . 2010-03-12 00:41 575704 ----a-w- c:\windows\system32\wuapi.dll 2010-03-12 00:41 . 2010-03-12 00:41 35552 ----a-w- c:\windows\system32\wups.dll 2010-03-12 00:41 . 2010-03-12 00:41 33792 ----a-w- c:\windows\system32\wuapp.exe 2010-03-12 00:41 . 2010-03-12 00:41 171608 ----a-w- c:\windows\system32\wuwebv.dll 2010-03-12 00:24 . 2010-03-12 00:24 22844 ----a-w- c:\windows\system32\emptyregdb.dat 2010-03-12 00:17 . 2010-03-12 00:17 -------- d-----w- c:\users\Default\Onlangs geopend 2010-03-11 23:43 . 2010-03-11 23:43 -------- d-----w- c:\windows\system32\URTTEMP 2010-03-11 23:43 . 2010-03-27 23:05 -------- d-sh--w- c:\windows\Installer 2010-03-11 23:40 . 2010-03-11 23:50 -------- d-----w- c:\program files\Analog Devices 2010-03-11 23:39 . 2010-03-22 18:40 -------- d-----w- c:\windows\system32\catroot2 2010-03-11 23:38 . 2010-03-12 00:23 -------- d-----w- c:\windows\Debug 2010-03-11 23:34 . 2010-03-12 00:28 -------- d-----w- c:\windows\Panther 2010-03-11 23:34 . 2004-10-05 14:10 23040 ----a-w- c:\windows\system32\PostProc.dll 2010-03-11 23:34 . 2004-09-23 05:55 311296 ----a-w- c:\windows\system32\Edcrypt.dll 2010-03-11 23:34 . 2001-09-19 10:47 765952 ----a-w- c:\windows\system\crlds3d.dll 2010-03-11 23:34 . 2005-03-22 09:08 260224 ----a-w- c:\windows\system32\drivers\smwdm.sys 2010-03-11 23:34 . 2004-09-17 07:02 732928 ----a-w- c:\windows\system32\drivers\senfilt.sys 2010-03-11 23:24 . 2010-03-11 23:24 -------- d-----w- C:\$WINDOWS.~Q 2010-03-11 23:20 . 2010-03-12 00:25 -------- d-----w- C:\$INPLACE.~TR 2010-03-11 23:16 . 2010-03-11 23:34 -------- d-----w- C:\Boot 2010-03-11 22:20 . 2010-03-11 23:48 -------- d-----w- c:\programdata\Microsoft Corporation 2010-03-11 22:19 . 2010-03-11 23:58 -------- d-----w- c:\program files\Microsoft Windows Vista Upgrade Advisor 2010-03-11 19:48 . 2010-03-11 23:58 -------- d-----w- c:\program files\MagicISO 2010-03-10 15:26 . 2010-03-11 23:56 -------- d-----w- c:\program files\KONAMI 2010-03-10 15:26 . 2010-03-11 23:47 -------- d-----w- c:\programdata\KONAMI 2010-03-10 15:10 . 2010-03-10 15:10 12872 ----a-w- c:\windows\system32\bootdelete.exe 2010-03-10 11:10 . 2010-03-11 23:55 -------- d-----w- c:\program files\Game Graphic Studio 2010-03-09 19:51 . 2010-03-09 19:58 -------- d-----w- C:\annemusb 2010-03-09 19:36 . 2010-03-11 23:55 -------- d-----w- c:\program files\GetData 2010-03-08 21:13 . 2009-03-27 00:16 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys 2010-03-08 21:13 . 2010-03-11 23:55 -------- d-----w- c:\program files\CPUID 2010-03-07 19:29 . 2010-03-11 23:58 -------- d-----w- c:\program files\Microsoft Works 2010-03-07 19:28 . 2010-03-11 23:58 -------- d-----w- c:\program files\Microsoft.NET 2010-03-07 19:25 . 2010-03-11 23:58 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2010-03-07 19:24 . 2010-03-07 19:24 -------- d-----w- c:\users\MustiiQue\AppData\Local\Microsoft Help 2010-03-07 19:24 . 2010-03-11 23:48 -------- d-----w- c:\programdata\Microsoft Help 2010-03-07 19:24 . 2010-03-07 19:24 -------- d-----r- C:\MSOCache 2010-03-07 01:02 . 2010-03-11 23:55 -------- d-----w- c:\program files\Hattrick Coach Professional 2010-03-05 00:29 . 2010-03-05 00:29 -------- d-----w- C:\5bc662dceb2d9b50f5beafaf 2010-03-04 23:59 . 2009-11-03 12:07 679936 ----a-w- c:\windows\system32\D3DX81ab.dll 2010-03-04 23:59 . 2009-11-03 12:07 1970176 ----a-w- c:\windows\system32\d3dx9.dll 2010-03-04 23:59 . 2010-04-01 20:10 -------- d-----w- c:\program files\Cheat Engine 2010-03-04 23:35 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2010-03-04 23:28 . 2010-03-04 23:28 -------- d-----w- C:\BraCa Soft 2010-03-04 23:23 . 2009-11-16 15:11 544768 ----a-w- c:\windows\system\saAudit2005MT.dll 2010-03-04 10:00 . 2010-03-04 10:00 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-03-04 10:00 . 2010-03-04 10:00 22328 ----a-w- c:\users\MustiiQue\AppData\Roaming\PnkBstrK.sys 2010-03-04 09:59 . 2010-03-04 09:59 103736 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-03-04 09:59 . 2010-03-04 09:59 66872 ----a-w- c:\windows\system32\PnkBstrA.exe 2010-03-03 23:32 . 2010-03-11 23:47 -------- d-----w- c:\programdata\Blizzard 2010-03-02 21:01 . 2010-03-11 23:48 -------- d-----w- c:\programdata\Sports Interactive 2010-03-02 20:59 . 2010-03-12 00:11 -------- d-----w- c:\users\MustiiQue\AppData\Roaming\Sports Interactive 2010-03-02 20:40 . 2010-03-12 00:00 -------- d--h--w- c:\program files\Zero G Registry 2010-03-02 20:40 . 2010-03-11 23:58 -------- d-----w- c:\program files\Sports Interactive 2010-03-02 20:39 . 2010-03-02 20:39 -------- d--h--w- c:\users\MustiiQue\InstallAnywhere 2010-03-02 20:36 . 2010-03-11 23:58 -------- d-----w- c:\program files\MagicDisc . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-01 19:06 . 2006-11-02 16:18 701530 ----a-w- c:\windows\system32\perfh013.dat 2010-04-01 19:06 . 2006-11-02 16:18 130362 ----a-w- c:\windows\system32\perfc013.dat 2010-03-28 22:01 . 2010-02-16 06:32 -------- d-----w- c:\users\MustiiQue\AppData\Roaming\uTorrent 2010-03-28 20:05 . 2010-02-16 05:07 -------- d-----w- c:\users\MustiiQue\AppData\Roaming\LimeWire 2010-03-28 16:06 . 2010-02-18 04:52 -------- d-----w- c:\users\MustiiQue\AppData\Roaming\vlc 2010-03-22 19:00 . 2010-03-22 19:00 4096 ----a-w- c:\windows\system32\0671B.tmp 2010-03-21 12:00 . 2010-03-12 16:43 36035 ----a-w- c:\programdata\nvModes.dat 2010-03-12 01:00 . 2010-02-28 01:14 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-03-12 00:12 . 2010-02-17 00:32 -------- d-----w- c:\users\MustiiQue\AppData\Roaming\TeamViewer 2010-03-12 00:11 . 2010-02-18 16:16 -------- d-----w- c:\users\MustiiQue\AppData\Roaming\Nero 2010-03-12 00:11 . 2010-02-25 01:30 -------- d-----w- c:\users\MustiiQue\AppData\Roaming\GlobalSCAPE 2010-03-12 00:11 . 2010-02-16 06:52 -------- d-----w- c:\users\MustiiQue\AppData\Roaming\Apple Computer 2010-03-12 00:00 . 2010-02-16 00:26 -------- d-----w- c:\program files\Windows Live SkyDrive 2010-03-12 00:00 . 2010-02-16 00:25 -------- d-----w- c:\program files\Windows Live 2010-03-11 23:59 . 2010-02-18 02:40 -------- d-----w- c:\program files\VideoLAN 2010-03-11 23:59 . 2010-02-16 06:33 -------- d-----w- c:\program files\uTorrent 2010-03-11 23:59 . 2010-02-16 06:19 -------- d-----w- c:\program files\VDOWNLOADER 2010-03-11 23:59 . 2010-02-18 02:39 -------- d-----w- c:\program files\Ubisoft 2010-03-11 23:59 . 2010-02-17 00:32 -------- d-----w- c:\program files\TeamViewer 2010-03-11 23:58 . 2010-02-16 06:49 -------- d-----w- c:\program files\QuickTime 2010-03-11 23:58 . 2010-02-18 02:36 -------- d-----w- c:\program files\Nero 2010-03-11 23:58 . 2006-11-02 12:35 -------- d-----w- c:\program files\MSBuild 2010-03-11 23:58 . 2010-02-16 00:27 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2010-03-11 23:58 . 2010-02-20 17:06 -------- d-----w- c:\program files\Macromedia 2010-03-11 23:58 . 2010-02-16 00:26 -------- d-----w- c:\program files\Microsoft 2010-03-11 23:58 . 2010-02-14 21:29 -------- d-----w- c:\program files\microsoft frontpage 2010-03-11 23:56 . 2010-02-16 05:04 -------- d-----w- c:\program files\LimeWire 2010-03-11 23:56 . 2010-02-14 21:36 -------- d-----w- c:\program files\Lavalys 2010-03-11 23:55 . 2010-02-16 06:51 -------- d-----w- c:\program files\iTunes 2010-03-11 23:55 . 2010-02-16 05:04 -------- d-----w- c:\program files\Java 2010-03-11 23:55 . 2010-02-28 01:13 -------- d-----w- c:\program files\Hitman Pro 3.5 2010-03-11 23:55 . 2010-02-16 06:51 -------- d-----w- c:\program files\iPod 2010-03-11 23:55 . 2010-02-15 04:49 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-03-11 23:55 . 2010-02-25 01:30 -------- d-----w- c:\program files\GlobalSCAPE 2010-03-11 23:55 . 2010-02-15 04:48 -------- d-----w- c:\program files\ESET 2010-03-11 23:55 . 2010-02-25 01:25 -------- d-----w- c:\program files\Counter-Strike 2010-03-11 23:53 . 2010-02-16 00:20 -------- d-----w- c:\program files\Common Files\Windows Live 2010-03-11 23:53 . 2010-02-18 02:36 -------- d-----w- c:\program files\Common Files\Nero 2010-03-11 23:53 . 2010-03-02 20:06 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2010-03-11 23:53 . 2010-02-20 17:06 -------- d-----w- c:\program files\Common Files\Macromedia 2010-03-11 23:53 . 2010-02-16 06:19 -------- d-----w- c:\program files\Common Files\eBay 2010-03-11 23:53 . 2010-02-15 04:48 -------- d-----w- c:\program files\Common Files\InstallShield 2010-03-11 23:53 . 2010-02-16 06:48 -------- d-----w- c:\program files\Common Files\Apple 2010-03-11 23:53 . 2010-02-20 17:14 -------- d-----w- c:\program files\Common Files\Adobe 2010-03-11 23:50 . 2010-02-27 00:54 -------- d-----w- c:\program files\CCleaner 2010-03-11 23:50 . 2010-02-16 06:50 -------- d-----w- c:\program files\Bonjour 2010-03-11 23:50 . 2010-02-16 06:49 -------- d-----w- c:\program files\Apple Software Update 2010-03-11 23:48 . 2010-02-26 07:58 -------- d-----w- c:\program files\Activision 2010-03-11 23:48 . 2010-02-18 02:36 -------- d-----w- c:\programdata\Nero 2010-03-11 23:48 . 2010-02-16 06:51 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2010-03-11 23:48 . 2010-02-15 05:36 -------- d-----w- c:\programdata\NOS 2010-03-11 23:48 . 2010-02-15 04:53 -------- d-----w- c:\programdata\NVIDIA Corporation 2010-03-11 23:48 . 2010-02-15 04:40 -------- d-----w- c:\programdata\Office Genuine Advantage 2010-03-11 23:47 . 2010-02-28 01:13 -------- d-----w- c:\programdata\Hitman Pro 2010-03-11 23:47 . 2010-02-25 01:40 -------- d-----w- c:\programdata\GlobalSCAPE 2010-03-11 23:47 . 2010-02-20 17:49 -------- d-----w- c:\programdata\FLEXnet 2010-03-11 23:47 . 2010-02-16 06:49 -------- d-----w- c:\programdata\Apple Computer 2010-03-11 23:47 . 2010-02-16 06:48 -------- d-----w- c:\programdata\Apple 2010-03-11 22:59 . 2010-02-14 21:24 -------- d-sh--w- c:\programdata\DRM 2010-02-25 00:09 . 2010-02-25 00:09 1923768 ----a-w- c:\programdata\NOS\Adobe_Downloads\install_flash_player.exe 2010-02-18 16:14 . 2010-02-18 16:14 -------- d-----w- c:\users\MustiiQue\AppData\Roaming\U3 2010-02-16 22:44 . 2010-02-16 22:44 152576 ----a-w- c:\users\MustiiQue\AppData\Roaming\Sun\Java\jre1.6.0_17\lzma.dll 2010-02-16 22:44 . 2010-02-16 22:44 79488 ----a-w- c:\users\MustiiQue\AppData\Roaming\Sun\Java\jre1.6.0_17\gtapi.dll 2010-02-16 05:04 . 2010-02-16 05:04 152576 ----a-w- c:\users\MustiiQue\AppData\Roaming\Sun\Java\jre1.6.0_16\lzma.dll 2010-02-15 05:24 . 2010-02-15 05:24 0 ----a-w- c:\windows\nsreg.dat 2010-02-14 21:22 . 2010-02-14 21:21 -------- d-----w- c:\program files\Windows Media Connect 2 2010-02-04 09:01 . 2010-02-27 01:15 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll 2010-02-04 09:01 . 2010-02-27 01:15 528216 ----a-w- c:\windows\system32\XAudio2_6.dll 2010-02-04 09:01 . 2010-02-27 01:15 238936 ----a-w- c:\windows\system32\xactengine3_6.dll 2010-02-04 09:01 . 2010-02-27 01:15 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll 2010-01-18 06:30 . 2010-01-18 06:30 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-01-18 06:30 . 2010-01-18 06:30 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-01-11 21:18 . 2010-01-11 21:18 66664 ----a-w- c:\windows\system32\nvshext.dll 2010-01-11 21:18 . 2010-01-11 21:18 129640 ----a-w- c:\windows\system32\nvvsvc.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-06 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-06 8466432] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-06 81920] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^MustiiQue^Menu Start^Programma's^Opstarten^LimeWire On Startup.lnk] backup=c:\windows\pss\LimeWire On Startup.lnkStartup path=c:\users\MustiiQue\Menu Start\Programma's\Opstarten\LimeWire On Startup.lnk [HKLM\~\startupfolder\C:^Users^MustiiQue^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk] path=c:\users\MustiiQue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk backup=c:\windows\pss\MagicDisc.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2006-11-02 09:45 8704 ----a-w- c:\windows\System32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HitmanPro35] 2010-03-07 00:14 5650240 ----a-w- c:\program files\Hitman Pro 3.5\HitmanPro35.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-09-08 20:09 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2007-07-06 05:15 8466432 ----a-w- c:\windows\System32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2007-07-06 05:15 81920 ----a-w- c:\windows\System32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2007-05-10 22:03 1626112 ----a-w- c:\windows\System32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-09-05 00:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] 2004-10-14 12:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Apple Mobile Device"=2 (0x2) "Bonjour Service"=2 (0x2) "FLEXnet Licensing Service"=3 (0x3) "idsvc"=3 (0x3) "iPod Service"=3 (0x3) "JavaQuickStarterService"=2 (0x2) "NVSvc"=2 (0x2) "WMPNetworkSvc"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-527237240-2111687655-1177238915-1004] "EnableNotificationsRef"=dword:00000001 R0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\System32\drivers\royal.sys [2010-03-13 240128] R2 .1268353702;1268353702;c:\program files\1268353702\Gebruiker1268353702L.exe [x] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936] R3 EraserUtilDrv10920;EraserUtilDrv10920;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10920.sys [x] R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-01-11 240232] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-09-29 108792] S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2009-09-29 96408] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-09-29 735960] --- Andere Services/Drivers In Geheugen --- *Deregistered* - easdrv *Deregistered* - epfw *Deregistered* - epfwtdi [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] dot3svc REG_MULTI_SZ dot3svc eapsvcs REG_MULTI_SZ eaphost WudfServiceGroup REG_MULTI_SZ WUDFSvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs lyqgivs . Inhoud van de 'Gedeelde Taken' map 2010-02-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.yahoo.com/ uInternet Settings,ProxyOverride = *.local IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\MustiiQue\AppData\Roaming\Mozilla\Firefox\Profiles\u91i1zut.default\ FF - prefs.js: browser.startup.homepage - hxxp://nl.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:nl:official FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\users\MustiiQue\AppData\Roaming\Mozilla\plugins\NPSWF32.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - ORPHANS VERWIJDERD - - - - MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-01 22:11 Windows 6.0.6000 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2010-04-01 22:14:58 ComboFix-quarantined-files.txt 2010-04-01 20:14 Pre-Run: 22.930.718.720 bytes beschikbaar Post-Run: 22.834.188.288 bytes beschikbaar - - End Of File - - A7BEF485AD090191F279CC5D052905D7