ComboFix 10-06-16.04 - Gebruiker 17-06-2010 19:27:16.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.511.163 [GMT 2:00] Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Gebruiker\Clone DVD key.exe c:\documents and settings\Gebruiker\SetupCloneDVD.exe c:\program files\Need2Find c:\program files\Need2Find\bar\1.bin\N2FFXTBR.JAR c:\program files\Need2Find\bar\1.bin\N2NTSTBR.JAR c:\program files\Need2Find\bar\1.bin\PARTNER.DAT c:\program files\Need2Find\bar\Cache\01C37424 c:\program files\Need2Find\bar\Cache\01C3785A c:\program files\Need2Find\bar\Cache\files.ini c:\program files\Need2Find\bar\History\search c:\program files\Need2Find\bar\Settings\prevcfg.htm c:\windows\cdmxtras c:\windows\cdmxtras\uninst.exe c:\windows\Fonts\acrsec.fon c:\windows\system32\cache329 c:\windows\system32\cache329\B_137900.htm c:\windows\system32\cache329\B_145700.htm c:\windows\system32\cache329\B_145900.htm c:\windows\system32\cache329\B_239500.htm c:\windows\system32\cache329\B_247800.htm c:\windows\system32\cache329\B_247900.htm c:\windows\system32\cache329\B_248500.htm c:\windows\system32\cache329\B_264500.htm c:\windows\system32\cache329\B_300400.htm c:\windows\system32\cache329\B_329_0_1_389800.htm c:\windows\system32\cache329\B_329_0_1_389800.swf c:\windows\system32\cache329\B_329_0_4_252800.htm c:\windows\system32\cache329\B_329_0_4_252800.swf c:\windows\system32\cache329\B_329_0_4_386600.gif c:\windows\system32\cache329\B_329_0_4_388100.gif c:\windows\system32\cache329\B_329_2_1_389800.htm c:\windows\system32\cache329\B_329_2_1_389800.swf c:\windows\system32\cache329\B_329_2_4_252800.htm c:\windows\system32\cache329\B_329_2_4_252800.swf c:\windows\system32\cache329\B_329_2_4_386600.gif c:\windows\system32\cache329\B_329_2_4_388100.gif c:\windows\system32\cache329\B_329_3_1_389800.htm c:\windows\system32\cache329\B_329_3_1_389800.swf c:\windows\system32\cache329\B_329_3_4_252800.htm c:\windows\system32\cache329\B_329_3_4_252800.swf c:\windows\system32\cache329\B_329_3_4_386600.gif c:\windows\system32\cache329\B_329_3_4_388100.gif c:\windows\system32\cache329\B_329_4_0_362800.htm c:\windows\system32\cache329\B_329_4_4_389900.htm c:\windows\system32\cache329\B_329_4_4_390100.htm c:\windows\system32\cache329\B_329_4_4_390400.htm c:\windows\system32\cache329\B_329_4_4_391400.htm c:\windows\system32\cache329\B_340700.htm c:\windows\system32\cache329\t_B_137900.htm c:\windows\system32\cache329\t_B_145700.htm c:\windows\system32\cache329\t_B_145900.htm c:\windows\system32\cache329\t_B_239500.htm c:\windows\system32\cache329\t_B_247800.htm c:\windows\system32\cache329\t_B_247900.htm c:\windows\system32\cache329\t_B_248500.htm c:\windows\system32\cache329\t_B_264500.htm c:\windows\system32\cache329\t_B_300400.htm c:\windows\system32\cache329\t_B_329_4_0_362800.htm c:\windows\system32\cache329\t_B_329_4_4_389900.htm c:\windows\system32\cache329\t_B_329_4_4_390100.htm c:\windows\system32\cache329\t_B_329_4_4_390400.htm c:\windows\system32\cache329\t_B_329_4_4_391400.htm c:\windows\system32\cache329\t_B_340700.htm c:\windows\system32\msncpecrawler.exe.manifest c:\windows\system32\Thumbs.db c:\windows\system32\vbpng1.dll c:\windows\system32\win.com . (((((((((((((((((((( Bestanden Gemaakt van 2010-05-17 to 2010-06-17 )))))))))))))))))))))))))))))) . 2010-06-15 15:54 . 2010-06-15 15:54 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Malwarebytes 2010-06-15 15:53 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-15 15:53 . 2010-06-15 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-06-15 15:53 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-15 15:53 . 2010-06-15 15:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-14 11:21 . 2010-06-16 15:10 -------- d--h--r- c:\documents and settings\Gebruiker\Onlangs geopend 2010-06-14 11:07 . 2010-06-14 11:07 -------- d-----w- c:\program files\CCleaner . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-14 08:36 . 2003-04-08 12:00 89382 ----a-w- c:\windows\system32\perfc013.dat 2010-06-14 08:36 . 2003-04-08 12:00 505662 ----a-w- c:\windows\system32\perfh013.dat 2010-06-14 08:15 . 2010-04-26 12:17 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-06-11 17:44 . 2009-02-15 13:17 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Belastingdienst 2010-06-08 17:48 . 2010-02-23 14:13 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\.purple 2010-06-08 15:41 . 2010-06-08 15:41 2157 ----a-w- c:\documents and settings\Gebruiker\Application Data\.purple\certificates\x509\tls_peers\omega.contacts.msn.com 2010-06-08 15:41 . 2010-06-08 15:41 2095 ----a-w- c:\documents and settings\Gebruiker\Application Data\.purple\certificates\x509\tls_peers\login.live.com 2010-06-04 17:08 . 2009-11-11 17:54 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-04 11:11 . 2010-05-07 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX 2010-06-04 11:11 . 2010-05-11 17:33 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-06-04 09:55 . 2009-11-14 18:01 -------- d-----w- c:\program files\Common Files\DivX Shared 2010-06-04 09:55 . 2005-05-31 15:46 -------- d-----w- c:\program files\DivX 2010-06-04 09:55 . 2010-06-04 09:55 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe 2010-06-04 09:55 . 2010-06-04 09:55 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe 2010-06-04 09:54 . 2010-06-04 09:54 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe 2010-06-04 09:54 . 2010-06-04 09:54 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe 2010-06-04 09:47 . 2010-06-04 09:47 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe 2010-06-04 09:46 . 2010-06-04 09:46 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe 2010-06-04 09:45 . 2010-06-04 09:45 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe 2010-06-04 09:44 . 2010-06-04 09:44 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe 2010-06-04 09:41 . 2010-05-11 17:19 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe 2010-06-04 09:41 . 2010-05-11 17:27 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll 2010-06-04 09:40 . 2010-05-11 17:27 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe 2010-06-01 16:46 . 2010-06-01 16:46 2145 ----a-w- c:\documents and settings\Gebruiker\Application Data\.purple\certificates\x509\tls_peers\ows.messenger.msn.com 2010-05-25 08:24 . 2010-05-25 08:24 503808 ----a-w- c:\documents and settings\Gebruiker\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-60da00a6-n\msvcp71.dll 2010-05-25 08:24 . 2010-05-25 08:24 499712 ----a-w- c:\documents and settings\Gebruiker\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-60da00a6-n\jmc.dll 2010-05-25 08:24 . 2010-05-25 08:24 12800 ----a-w- c:\documents and settings\Gebruiker\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-19322cab-n\decora-d3d.dll 2010-05-25 08:24 . 2010-05-25 08:24 61440 ----a-w- c:\documents and settings\Gebruiker\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-19322cab-n\decora-sse.dll 2010-05-25 08:24 . 2010-05-25 08:24 348160 ----a-w- c:\documents and settings\Gebruiker\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-60da00a6-n\msvcr71.dll 2010-05-12 16:15 . 2009-11-14 18:06 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\DivX 2010-05-12 16:00 . 2010-05-12 15:59 -------- d-----w- c:\program files\Norton Security Scan 2010-05-12 15:59 . 2009-05-09 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2010-05-12 15:59 . 2008-12-13 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2010-05-12 15:58 . 2010-01-01 15:32 -------- d-----w- c:\program files\NortonInstaller 2010-05-11 17:25 . 2010-05-11 17:25 84040 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe 2010-05-11 17:24 . 2010-05-11 17:24 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe 2010-05-11 17:24 . 2010-05-11 17:24 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe 2010-05-11 17:24 . 2010-05-11 17:24 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe 2010-05-11 17:24 . 2010-05-11 17:24 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe 2010-05-11 17:24 . 2010-05-11 17:24 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe 2010-05-11 17:24 . 2010-05-11 17:24 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe 2010-05-11 17:24 . 2010-05-11 17:24 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe 2010-05-11 17:23 . 2010-05-11 17:23 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe 2010-05-11 17:23 . 2010-05-11 17:23 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe 2010-05-10 17:51 . 2010-02-23 14:16 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\gtk-2.0 2010-05-04 17:21 . 2005-06-17 22:27 832512 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 17:21 . 2005-11-28 20:08 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-05-04 17:21 . 2003-04-08 12:00 17408 ------w- c:\windows\system32\corpol.dll 2010-05-02 08:10 . 2003-04-08 12:00 1851392 ----a-w- c:\windows\system32\win32k.sys 2010-04-20 05:35 . 2003-04-08 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-04-03 13:34 . 2010-04-03 13:34 503808 ----a-w- c:\documents and settings\Gebruiker\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6ce493a3-n\msvcp71.dll 2010-04-03 13:34 . 2010-04-03 13:34 499712 ----a-w- c:\documents and settings\Gebruiker\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6ce493a3-n\jmc.dll 2010-04-03 13:34 . 2010-04-03 13:34 348160 ----a-w- c:\documents and settings\Gebruiker\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6ce493a3-n\msvcr71.dll 2010-04-03 13:34 . 2010-04-03 13:34 61440 ----a-w- c:\documents and settings\Gebruiker\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-11a89efe-n\decora-sse.dll 2010-04-03 13:34 . 2010-04-03 13:34 12800 ----a-w- c:\documents and settings\Gebruiker\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-11a89efe-n\decora-d3d.dll 2010-03-31 01:58 . 2009-11-14 18:04 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys 2010-03-31 01:58 . 2009-11-14 18:04 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys 2010-03-31 01:58 . 2009-11-14 18:04 133616 ------w- c:\windows\system32\pxafs.dll 2010-03-31 01:58 . 2008-08-23 09:48 125424 ------w- c:\windows\system32\pxinsi64.exe 2010-03-31 01:58 . 2008-08-23 09:48 123888 ------w- c:\windows\system32\pxcpyi64.exe 2010-03-31 01:58 . 2005-10-26 20:12 44944 ------w- c:\windows\system32\drivers\PxHelp20.sys 2010-03-20 17:20 . 2010-03-20 17:20 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll 2010-03-20 17:20 . 2010-03-20 17:20 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll 2010-03-20 17:20 . 2010-03-20 17:20 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll 2010-03-20 17:20 . 2010-03-20 17:20 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll 2010-03-20 17:20 . 2010-03-20 17:20 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll 2010-03-20 17:20 . 2010-03-20 17:20 300616 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll 2010-03-20 17:20 . 2010-03-20 17:20 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll 2010-03-20 17:20 . 2010-03-20 17:20 329312 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll 2005-10-29 07:45 . 2005-10-29 07:45 901360 ----a-w- c:\program files\Teach2000.zip 2005-10-23 08:03 . 2005-10-23 08:03 797831 ----a-w- c:\program files\animalclock.jpeg.zip 2005-06-25 13:20 . 2005-06-25 13:20 3576770 ----a-w- c:\program files\FinalAlert 2 Yuri's Revenge.zip 2009-03-31 20:47 . 2008-12-13 18:46 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll 2005-11-05 08:34 . 2005-11-05 08:34 121344 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll 2005-05-11 11:28 . 2005-07-10 14:09 44153 ----a-w- c:\program files\mozilla firefox\components\inspector.dll 2005-04-04 00:45 . 2005-04-04 00:45 24848 ----a-w- c:\program files\opera\program\plugins\cgpcfg.dll 2005-04-04 00:45 . 2005-04-04 00:45 74000 ----a-w- c:\program files\opera\program\plugins\cgpcore.dll 2005-04-04 00:45 . 2003-05-02 17:06 45328 ----a-w- c:\program files\opera\program\plugins\icalogon.dll 2002-11-19 14:01 . 2004-10-07 13:16 28672 ----a-w- c:\program files\opera\program\plugins\PlugDef.dll 2005-04-04 00:45 . 2003-05-02 17:06 28944 ----a-w- c:\program files\opera\program\plugins\pscript.dll 2003-05-02 17:06 . 2003-05-02 17:06 41232 ----a-w- c:\program files\opera\program\plugins\sslasock.dll 2005-04-04 00:45 . 2003-05-02 17:06 69904 ----a-w- c:\program files\opera\program\plugins\sslsdk_b.dll 2005-04-04 00:45 . 2005-04-04 00:45 24848 ----a-w- c:\program files\opera\program\plugins\tcppserv.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NCLaunch"="c:\windows\NCLAUNCH.EXe" [2005-07-18 40960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CARPService"="carpserv.exe" [2001-12-23 4608] "SoundMan"="SOUNDMAN.EXE" [2003-06-10 55296] "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "GSICONEXE"="gsicon.exe" [2003-09-07 90112] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-03-09 77824] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2005-11-05 179712] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "nwiz"="nwiz.exe" [2006-10-22 1622016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SRUUninstall"="c:\windows\System32\msiexec.exe" [2008-04-14 78848] c:\documents and settings\Gebruiker\Menu Start\Programma's\Opstarten\ BUREAUBLADACHTERGROND-KIEZER.lnk - c:\program files\mp5_wpc\wpc.exe [2004-3-23 493568] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Red Storm Entertainment\\Ghost Recon\\GhostRecon.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "Windows Service Host"= c:\documents and settings\Gebruiker\Application Data\svhost.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0402000.00C\symds.sys [25-5-2010 21:55 328752] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0402000.00C\symefa.sys [25-5-2010 21:55 173104] R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100522.001\BHDrvx86.sys [14-6-2010 19:23 691248] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0402000.00C\cchpx86.sys [25-5-2010 21:55 501888] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0402000.00C\ironx86.sys [25-5-2010 21:55 116784] R2 N360;Norton 360;c:\program files\Norton 360\Norton 360\Engine\4.2.0.12\ccsvchst.exe [25-5-2010 21:52 126392] R2 ppsio;PrmxPPDev;c:\windows\system32\drivers\ppsio.sys [26-2-1998 12:32 109824] R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [8-6-2004 19:16 2368] R2 VWavD32;VWavD32;c:\windows\system32\drivers\VWavD32.sys [25-3-1998 8:45 27520] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27-5-2010 10:31 102448] R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100604.004\IDSXpx86.sys [9-6-2010 18:09 331640] S0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [28-11-2002 12:43 22016] S2 gupdate1ca3d34f5aa59fa;Google Updateservice (gupdate1ca3d34f5aa59fa);c:\program files\Google\Update\GoogleUpdate.exe [24-9-2009 18:34 133104] S3 cdiskdun;cdiskdun;\??\c:\docume~1\Robbin\LOCALS~1\Temp\cdiskdun.sys --> c:\docume~1\Robbin\LOCALS~1\Temp\cdiskdun.sys [?] S3 hitmanpro35;Hitman Pro 3.5 Support Driver;\??\c:\windows\system32\drivers\hitmanpro35.sys --> c:\windows\system32\drivers\hitmanpro35.sys [?] . Inhoud van de 'Gedeelde Taken' map 2010-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-24 16:34] 2010-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-24 16:34] 2010-06-16 c:\windows\Tasks\Norton Security Scan for Gebruiker.job - c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-12 16:00] 2010-06-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-4017617957-3432708116-3625330513-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09] 2010-06-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-4017617957-3432708116-3625330513-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://nl.ask.com?o=14978&l=dis uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/ uInternet Connection Wizard,ShellNext = iexplore IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: Backward &Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cac&hed Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Si&milar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html Trusted Zone: neopets.com\www DPF: RaptisoftGameLoader - hxxp://www.miniclip.com/hamsterball/raptisoftgameloader.cab DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} - hxxps://gto.postbank.nl/GTO/PBGNX.cab FF - ProfilePath - c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\syektg2l.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - FF - prefs.js: keyword.URL - FF - prefs.js: network.proxy.type - 4 FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll FF - component: c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\syektg2l.default\extensions\{9e1d7c80-43d1-11db-b0de-0800200c9a66}\components\TSHelper.dll FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npgooglevlc.dll FF - plugin: c:\program files\Opera\Program\Plugins\np32dsw.dll FF - plugin: c:\program files\Opera\Program\Plugins\npdrmv2.dll FF - plugin: c:\program files\Opera\Program\Plugins\npican.dll FF - plugin: c:\program files\Opera\Program\Plugins\NPJava11.dll FF - plugin: c:\program files\Opera\Program\Plugins\NPJava12.dll FF - plugin: c:\program files\Opera\Program\Plugins\NPJava13.dll FF - plugin: c:\program files\Opera\Program\Plugins\NPJava14.dll FF - plugin: c:\program files\Opera\Program\Plugins\NPJava32.dll FF - plugin: c:\program files\Opera\Program\Plugins\NPJPI142_01.dll FF - plugin: c:\program files\Opera\Program\Plugins\NPOJI610.dll FF - plugin: c:\program files\Opera\Program\Plugins\nppl3260.dll FF - plugin: c:\program files\Opera\Program\Plugins\nprjplug.dll FF - plugin: c:\program files\Opera\Program\Plugins\nprpjplug.dll FF - plugin: c:\program files\Opera\Program\Plugins\npwthost.dll FF - plugin: c:\spellen\real\realplayer\Netscape6\nppl3260.dll FF - plugin: c:\spellen\real\realplayer\Netscape6\nprjplug.dll FF - plugin: c:\spellen\real\realplayer\Netscape6\nprpjplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - ORPHANS VERWIJDERD - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKLM-Run-Cmaudio - cmicnfg.cpl HKU-Default-Run-Symantec Network Driver Update Warning - c:\progra~1\Symantec\LIVEUP~1\SNDWarn.EXE AddRemove-3D Tuin Design - c:\tlcdomus\3DLand2\UnSetup.EXE \INSTALL.LOG ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-17 19:39 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton 360\Norton 360\Engine\4.2.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Norton 360\Engine\4.2.0.12\diMaster.dll\" /prefetch:1" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-4017617957-3432708116-3625330513-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Electronic Arts\C*o*m*m*a*n*d* *&* *C*o*n*q*u*e*r* *3* *T*i*b*e*r*i*u*m* *W*a*r*s*"!\Ondersteuning] "Order"=hex:08,00,00,00,02,00,00,00,9a,02,00,00,01,00,00,00,04,00,00,00,9e,00, 00,00,00,00,00,00,90,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,7e,00,32,\ [HKEY_USERS\S-1-5-21-4017617957-3432708116-3625330513-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:ee,77,3d,a3,1d,87,0f,54,e7,5f,56,f4,d5,99,f5,21,b1,dd,56,9f,9a,93,6c, eb,23,e3,d4,bc,36,cc,0e,3b,86,73,79,a0,5d,6d,6b,f7,69,af,3c,b2,b9,6c,da,8b,\ "??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d . Voltooingstijd: 2010-06-17 19:50:00 ComboFix-quarantined-files.txt 2010-06-17 17:49 Pre-Run: 61.349.482.496 bytes beschikbaar Post-Run: 61.392.007.168 bytes beschikbaar WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn - - End Of File - - CABD46ACA2CA32708330950E209D98B9