ComboFix 10-07-15.03 - ImkeStevens 16-07-2010 18:13:15.1.2 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.31.1033.18.2972.2194 [GMT 2:00] Gestart vanuit: c:\users\ImkeStevens\Desktop\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Mozilla Firefox\components\npclntax.xpt c:\users\ImkeStevens\AppData\Roaming\.# c:\users\ImkeStevens\AppData\Roaming\.#\MBX@5A4@9E28E8.### c:\users\ImkeStevens\AppData\Roaming\.#\MBX@5A4@9E2918.### c:\users\ImkeStevens\AppData\Roaming\.#\MBX@5A4@9E2948.### c:\users\ImkeStevens\AppData\Roaming\9826AE05C183D2B2585A467921DB4187 c:\users\ImkeStevens\AppData\Roaming\9826AE05C183D2B2585A467921DB4187\enemies-names.txt c:\users\ImkeStevens\AppData\Roaming\9826AE05C183D2B2585A467921DB4187\local.ini c:\windows\$NtUninstallMTF1011$ c:\windows\$NtUninstallMTF1011$\zrpt.xml c:\windows\system32\Install.cmd c:\windows\system32\shptdxx.dll c:\windows\Tasks\At1.job c:\windows\Tasks\At2.job Besmet exemplaar van c:\windows\system32\drivers\kbdclass.sys werd aangetroffen en gedesinfecteerd Hersteld exemplaar van - Kitty had a snack :p . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_mumjgqyo (((((((((((((((((((( Bestanden Gemaakt van 2010-06-16 to 2010-07-16 )))))))))))))))))))))))))))))) . 2010-07-16 16:25 . 2010-07-16 16:29 -------- d-----w- c:\users\ImkeStevens\AppData\Local\temp 2010-07-16 16:25 . 2010-07-16 16:25 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-07-16 13:09 . 2010-07-16 13:09 -------- d-----w- c:\users\ImkeStevens\AppData\Roaming\Malwarebytes 2010-07-16 13:08 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-16 13:08 . 2010-07-16 13:08 -------- d-----w- c:\programdata\Malwarebytes 2010-07-16 13:08 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-16 13:08 . 2010-07-16 13:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-15 18:33 . 2010-07-16 13:18 -------- d-----w- c:\users\ImkeStevens\AppData\Local\yahlvhxwn 2010-07-14 10:37 . 2010-07-14 10:39 -------- d-----w- c:\program files\Cake Mania - Lights, Camera, Action 2010-07-14 00:43 . 2010-07-14 00:43 40581 ----a-w- c:\windows\system32\yplap.exe 2010-07-12 15:42 . 2010-07-12 15:42 -------- d-----w- c:\programdata\Vasilek Games 2010-07-11 08:18 . 2010-07-11 08:18 -------- d-----w- c:\users\ImkeStevens\AppData\Roaming\TikisLab 2010-07-11 07:58 . 2010-07-11 07:58 -------- d-----w- c:\program files\Time Dreamer 2010-07-10 21:45 . 2010-07-10 21:45 -------- d-----w- c:\users\ImkeStevens\AppData\Roaming\ITTNord 2010-07-10 21:45 . 2010-07-10 21:45 -------- d-----w- c:\program files\Money Tree 2010-07-10 17:30 . 2010-07-10 17:30 -------- d-----w- c:\program files\Atari 2010-07-09 14:53 . 2010-07-09 14:53 -------- d-----w- c:\program files\Grimm's Hatchery 2010-07-06 12:34 . 2010-07-06 12:34 -------- d-----w- c:\program files\The Palace Builder 2010-07-03 13:33 . 2010-07-04 20:59 -------- d-----w- c:\users\ImkeStevens\AppData\Roaming\Paige Harper and the Tome of Mystery 2010-07-02 14:43 . 2010-07-02 14:43 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-07-01 16:36 . 2010-07-01 16:36 -------- d-----w- c:\users\ImkeStevens\AppData\Roaming\Gamers Digital 2010-07-01 16:36 . 2010-07-01 16:36 -------- d-----w- c:\programdata\Gamers Digital 2010-06-25 13:36 . 2010-06-25 13:36 -------- d-----w- c:\users\ImkeStevens\AppData\Roaming\A Gypsy's Tale - The Tower of Secrets 2010-06-25 13:28 . 2010-06-25 13:28 -------- d-----w- c:\program files\bfgclient 2010-06-25 13:28 . 2010-07-12 15:40 -------- d-----w- C:\BigFishGamesCache 2010-06-24 01:00 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2010-06-24 01:00 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll 2010-06-24 01:00 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll 2010-06-24 01:00 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2010-06-24 01:00 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll 2010-06-23 11:45 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2010-06-23 11:45 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2010-06-21 10:56 . 2010-06-21 10:57 -------- d-----w- c:\users\ImkeStevens\AppData\Roaming\Word Power 2010-06-19 19:07 . 2010-06-30 16:13 -------- d-----w- c:\program files\Plantasia 2010-06-19 18:36 . 2010-06-19 18:36 -------- d-----w- c:\program files\SystemRequirementsLab 2010-06-19 18:36 . 2010-06-19 18:36 -------- d-----w- c:\users\ImkeStevens\AppData\Roaming\SystemRequirementsLab . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-16 16:00 . 2009-01-12 09:54 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-07-15 19:33 . 2009-09-05 16:18 -------- d-----w- c:\program files\EasyBits For Kids 2010-07-15 19:33 . 2009-01-12 10:05 -------- d-----w- c:\program files\Google 2010-07-15 01:08 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-07-15 01:03 . 2009-01-12 09:59 -------- d-----w- c:\programdata\Microsoft Help 2010-07-12 17:55 . 2009-09-05 16:19 106304 ----a-w- c:\users\ImkeStevens\AppData\Local\GDIPFONTCACHEV1.DAT 2010-07-10 17:15 . 2010-04-30 18:16 -------- d-----w- c:\program files\LeeGTs Games 2010-07-10 17:13 . 2010-06-08 19:40 -------- d-----w- c:\program files\Uplink 2010-07-10 17:13 . 2010-01-08 19:00 -------- d-----w- c:\program files\Supple 2010-07-10 17:11 . 2009-11-07 14:28 -------- d-----w- c:\users\ImkeStevens\AppData\Roaming\Three Rings Design 2010-07-10 17:08 . 2009-01-12 10:18 -------- d-----w- c:\programdata\Norton 2010-07-10 17:08 . 2009-09-11 11:58 -------- d-----w- c:\programdata\Symantec 2010-07-10 16:59 . 2010-04-25 18:55 -------- d-----w- c:\program files\Graboid 2010-07-10 16:45 . 2010-02-09 20:08 -------- d-----w- c:\program files\eGames 2010-07-10 16:40 . 2010-03-31 07:41 -------- d-----w- c:\program files\Dreamscape 2010-07-10 16:25 . 2009-01-12 10:07 -------- d-----w- c:\program files\Common Files\Adobe 2010-07-10 15:04 . 2010-05-25 17:05 -------- d-----w- c:\programdata\DivX 2010-07-10 15:04 . 2010-05-25 17:11 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-07-10 15:04 . 2010-07-10 15:04 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe 2010-07-10 15:04 . 2010-02-01 22:20 -------- d-----w- c:\program files\DivX 2010-07-10 15:04 . 2010-07-10 15:04 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe 2010-07-10 15:03 . 2010-07-10 15:03 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe 2010-07-10 15:03 . 2010-05-25 17:10 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe 2010-07-10 15:03 . 2010-05-25 17:10 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll 2010-07-09 21:47 . 2009-01-12 10:13 -------- d-----w- c:\program files\Windows Live 2010-07-06 12:35 . 2009-09-13 12:10 -------- d-----w- c:\users\ImkeStevens\AppData\Roaming\PlayFirst 2010-07-06 12:35 . 2009-09-13 12:10 -------- d-----w- c:\programdata\PlayFirst 2010-06-29 22:27 . 2009-09-06 20:09 5972 ----a-w- c:\users\ImkeStevens\AppData\Local\d3d9caps.dat 2010-06-29 01:03 . 2009-01-12 10:00 -------- d-----w- c:\program files\Microsoft.NET 2010-06-27 18:03 . 2010-04-21 13:44 -------- d-----w- c:\program files\Vuze 2010-06-27 18:01 . 2009-09-27 13:25 -------- d-----w- c:\users\ImkeStevens\AppData\Roaming\uTorrent 2010-06-24 10:54 . 2010-06-24 10:54 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbF5B2.tmp.exe 2010-06-19 18:36 . 2010-06-19 18:36 85504 ----a-w- c:\users\ImkeStevens\AppData\Roaming\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll 2010-06-16 09:37 . 2010-04-30 14:20 -------- d-----w- c:\users\ImkeStevens\AppData\Roaming\Gamelab 2010-06-15 18:25 . 2010-06-15 18:25 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe 2010-06-15 18:25 . 2010-06-15 18:25 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe 2010-06-15 18:25 . 2010-06-15 18:25 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe 2010-06-15 18:25 . 2010-06-15 18:25 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe 2010-06-15 18:25 . 2010-06-15 18:25 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe 2010-06-14 13:42 . 2010-06-14 13:42 -------- d-----w- c:\users\ImkeStevens\AppData\Roaming\SulusGames 2010-06-14 13:07 . 2010-06-14 13:07 -------- d-----w- c:\users\ImkeStevens\AppData\Roaming\Fugazo 2010-06-12 14:39 . 2010-06-12 14:39 -------- d-----w- c:\users\ImkeStevens\AppData\Roaming\UClick 2010-06-12 14:39 . 2010-06-12 14:39 -------- d-----w- c:\programdata\UClick 2010-06-12 14:06 . 2010-06-12 14:06 -------- d-----w- c:\program files\Top Chef 2010-06-12 13:39 . 2010-06-12 13:38 -------- d-----w- c:\program files\DinerTown Tycoon 2010-06-11 01:49 . 2009-11-22 21:56 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-09 14:12 . 2010-06-09 14:12 -------- d-----w- c:\users\ImkeStevens\AppData\Roaming\Hotdog Hotshot 2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\16800\AdobeARM.exe 2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\16800\AdobeExtractFiles.dll 2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\16800\ReaderUpdater.exe 2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\16800\AcrobatUpdater.exe 2010-06-08 08:58 . 2010-06-08 08:58 -------- d-----w- c:\programdata\GAMEON 2010-06-08 08:53 . 2010-06-07 07:03 -------- d-----w- c:\program files\AGON - From Lapland to Madagascar 2010-06-08 07:23 . 2010-06-08 07:23 -------- d-----w- c:\users\ImkeStevens\AppData\Roaming\Private Moon Studios 2010-06-07 06:59 . 2010-06-07 06:58 -------- d-----w- c:\program files\Puzzle Bots 2010-05-26 18:49 . 2010-05-25 17:10 -------- d-----w- c:\users\ImkeStevens\AppData\Roaming\DivX 2010-05-26 17:06 . 2010-06-10 11:37 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-05-26 14:47 . 2010-06-10 11:37 289792 ----a-w- c:\windows\system32\atmfd.dll 2010-05-25 17:09 . 2010-05-25 17:09 84040 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe 2010-05-25 17:09 . 2010-05-25 17:09 -------- d-----w- c:\program files\Common Files\PX Storage Engine 2010-05-25 17:09 . 2010-05-25 17:09 57054 ----a-w- c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe 2010-05-25 17:09 . 2010-05-25 17:09 54166 ----a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe 2010-05-25 17:09 . 2010-05-25 17:09 57532 ----a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe 2010-05-25 17:09 . 2010-05-25 17:09 56458 ----a-w- c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe 2010-05-25 17:09 . 2010-05-25 17:09 54174 ----a-w- c:\programdata\DivX\DSAACDecoder\Uninstaller.exe 2010-05-25 17:09 . 2010-05-25 17:09 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe 2010-05-25 17:09 . 2010-05-25 17:09 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe 2010-05-25 17:09 . 2010-05-25 17:09 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe 2010-05-25 17:09 . 2010-05-25 17:09 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe 2010-05-25 17:09 . 2010-02-01 22:20 -------- d-----w- c:\program files\Common Files\DivX Shared 2010-05-21 12:14 . 2009-12-06 13:24 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-04 19:15 . 2010-06-10 11:38 834048 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 18:37 . 2010-06-10 11:37 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-05-01 14:13 . 2010-06-10 11:37 2037248 ----a-w- c:\windows\system32\win32k.sys 2010-04-23 14:13 . 2010-05-26 14:22 2048 ----a-w- c:\windows\system32\tzres.dll 2009-11-19 15:34 . 2009-11-19 15:34 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-08 1038136] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-04-28 1828136] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520] "VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-10-27 2075896] "Aim"="c:\program files\AIM\aim.exe" [2010-03-08 3972440] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "RtHDVCpl"="RtHDVCpl.exe" [2008-08-04 6265376] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 894512] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-19 30192] "SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-08 1038136] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-12 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-12 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-12 145944] "PCMAgent"="c:\program files\CyberLink\PowerCinema\PCMAgent.exe" [2008-03-21 143360] "CLMLServer"="c:\program files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe" [2008-04-11 196608] "PlayMovie"="c:\program files\CyberLink\PlayMovie\PMVService.exe" [2008-03-31 172032] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-07 98304] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):5a,8d,97,b5,64,b2,ca,01 R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-19 30192] R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-06-22 3067292] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-10-11 721904] S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\CyberLink\PlayMovie\000.fcl [2008-03-31 41456] S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504] S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2008-07-29 418816] --- Andere Services/Drivers In Geheugen --- *Deregistered* - jhwvp *Deregistered* - kyithvd [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . Inhoud van de 'Gedeelde Taken' map . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ig mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&s=2&o=vb32&d=0909&m=easynote_mh36 uInternet Settings,ProxyServer = http=127.0.0.1:5643 uInternet Settings,ProxyOverride = uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html DPF: {CEBE157C-C91E-4A45-BB3C-45F8C77C012F} - hxxp://games.bigfishgames.com/en_wandering-willows/online/WanderingWillowsWeb.1.0.0.18.cab FF - ProfilePath - c:\users\ImkeStevens\AppData\Roaming\Mozilla\Firefox\Profiles\5l43t7dg.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2464976&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Playdom Customized Web Search FF - prefs.js: browser.startup.homepage - www.google.nl FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2464976&q= FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll FF - component: c:\users\ImkeStevens\AppData\Roaming\Mozilla\Firefox\Profiles\5l43t7dg.default\extensions\{9e1d7c80-43d1-11db-b0de-0800200c9a66}\components\TSHelper.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false FF - user.js: browser.sessionstore.resume_from_crash - false c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS VERWIJDERD - - - - BHO-{5600CFEE-4331-4A5B-AC45-C5A618D30B7A} - c:\windows\system32\shptdxx.dll WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) ShellIconOverlayIdentifiers-{5600CFEE-4331-4A5B-AC45-C5A618D30B7A} - c:\windows\system32\shptdxx.dll AddRemove-BFG-Cake Mania - Lights, Camera, Action - c:\program files\Cake Mania - Lights AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-16 18:27 Windows 6.0.6002 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\CyberLink\PlayMovie\000.fcl" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\jhwvp] -- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kyithvd] . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(828) c:\windows\system32\shptdxx.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\windows\system32\IoctlSvc.exe c:\windows\system32\conime.exe c:\windows\RtHDVCpl.exe c:\windows\system32\igfxsrvc.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Common Files\Nero\Lib\NMIndexingService.exe . ************************************************************************** . Voltooingstijd: 2010-07-16 18:36:29 - machine werd herstart ComboFix-quarantined-files.txt 2010-07-16 16:36 Pre-Run: 149.446.447.104 bytes free Post-Run: 156.227.317.760 bytes free - - End Of File - - 2549F9E225FEA148258CF9178C389196