ComboFix 08-12-28.03 - Julien 2008-12-29 15:05:36.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.2037.1152 [GMT 1:00]
Gestart vanuit: c:\users\Julien\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Julien\Desktop\CFScript.txt..txt
* Nieuw herstelpunt werd aangemaakt
FILE ::
c:\windows\Internet Logs\xB8B9B.tmp
c:\windows\Internet Logs\xB99B4.tmp
c:\windows\Internet Logs\xB9B19.tmp
c:\windows\Internet Logs\xB9C72.tmp
c:\windows\Internet Logs\xBB559.tmp
c:\windows\Internet Logs\xBB8C6.tmp
c:\windows\system32\drivers\kmxzone.u2k0
c:\windows\system32\drivers\kmxzone.u2k1
c:\windows\system32\drivers\kmxzone.u2k2
c:\windows\system32\drivers\kmxzone.u2k3
c:\windows\system32\drivers\kmxzone.u2k4
c:\windows\system32\drivers\kmxzone.u2k5
c:\windows\system32\drivers\kmxzone.u2k6
c:\windows\system32\drivers\kmxzone.u2k7
c:\windows\system32\drivers\vsconfig(446).xml
c:\windows\System32\isafeif(390).dll
c:\windows\System32\isafprod(391).dll
c:\windows\System32\vetredir(411).dll
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\MFT 414
c:\mft 414\Julien\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVS8Y7MO\Ico_alpha_InternetSettings_16x16[1].png
c:\mft 414\Julien\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2MYBDVVZ\internet[1].css
C:\MFT 474
c:\mft 474\x86_microsoft-network-internet-access_31bf3856ad364e35_6.0.6001.18000_none_ba8dd3bd3e0293e1.manifest
c:\mft 474\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9.manifest
c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DIFxAPI.dll
c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DifXInstall32.exe
c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\GEARAspiWDM.inf
c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\gearaspiwdmx86.cat
c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86\GEARAspi.dll
c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86\GEARAspiWDM.sys
c:\windows\system32\drivers\kmxzone.u2k0
c:\windows\system32\drivers\kmxzone.u2k1
c:\windows\system32\drivers\kmxzone.u2k2
c:\windows\system32\drivers\kmxzone.u2k3
c:\windows\system32\drivers\kmxzone.u2k4
c:\windows\system32\drivers\kmxzone.u2k5
c:\windows\system32\drivers\kmxzone.u2k6
c:\windows\system32\drivers\kmxzone.u2k7
c:\windows\system32\drivers\vsconfig(446).xml
c:\windows\System32\isafeif(390).dll
c:\windows\System32\isafprod(391).dll
c:\windows\System32\vetredir(411).dll
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-11-28 to 2008-12-29 ))))))))))))))))))))))))))))))
.
2008-12-28 11:31 . 2008-12-28 11:31
d-------- c:\users\Julien\AppData\Roaming\Malwarebytes
2008-12-28 11:31 . 2008-12-28 11:31 d-------- c:\users\All Users\Malwarebytes
2008-12-28 11:31 . 2008-12-28 11:31 d-------- c:\programdata\Malwarebytes
2008-12-28 11:31 . 2008-12-28 11:31 d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-28 11:31 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-28 11:31 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-28 09:10 . 2008-12-29 13:48 d-------- C:\hijjack file en verschill. logs
2008-12-28 09:08 . 2008-12-28 09:08 d-------- c:\program files\Trend Micro
2008-12-26 19:06 . 2008-12-27 12:54 d-------- c:\program files\RegCure
2008-12-26 12:03 . 2008-12-26 12:03 d-------- c:\program files\Alwil Software
2008-12-26 12:03 . 2008-11-26 18:17 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys
2008-12-26 10:23 . 2008-12-26 10:23 d-------- c:\program files\Bonjour
2008-12-21 16:59 . 2008-12-21 16:59 d-------- c:\windows\System32\runtime
2008-12-21 16:58 . 2008-12-21 16:58 d-------- c:\users\Julien\AppData\Roaming\PC Tools
2008-12-21 16:58 . 2008-12-29 08:49 d-------- c:\program files\Spyware Doctor
2008-12-21 16:58 . 2008-12-21 17:20 81,288 --a------ c:\windows\System32\drivers\iksyssec.sys
2008-12-21 16:58 . 2008-12-21 17:20 66,952 --a------ c:\windows\System32\drivers\iksysflt.sys
2008-12-21 16:58 . 2008-12-21 17:20 40,840 --a------ c:\windows\System32\drivers\ikfilesec.sys
2008-12-21 16:58 . 2008-06-02 15:19 29,576 --a------ c:\windows\System32\drivers\kcom.sys
2008-12-21 16:57 . 2008-12-26 15:00 d-------- c:\program files\Norton Security Scan
2008-12-21 16:57 . 2008-12-26 15:01 d-------- c:\program files\Common Files\Symantec Shared
2008-12-21 13:16 . 2008-12-21 13:16 603,904 --a------ c:\windows\System32\TUProgSt.exe
2008-12-21 13:16 . 2008-12-21 13:16 360,192 --a------ c:\windows\System32\TuneUpDefragService.exe
2008-12-21 13:16 . 2008-12-11 13:31 27,904 --a------ c:\windows\System32\uxtuneup.dll
2008-12-21 13:16 . 2008-12-11 13:31 17,152 --a------ c:\windows\System32\authuitu.dll
2008-12-12 11:18 . 2008-12-12 11:18 87,336 --a------ c:\windows\System32\dns-sd.exe
2008-12-12 11:11 . 2008-12-12 11:11 61,440 --a------ c:\windows\System32\dnssd.dll
2008-12-10 15:04 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-10 13:41 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-10 13:41 . 2008-10-29 07:29 2,927,104 --a------ c:\windows\explorer.exe
2008-12-10 13:41 . 2008-10-16 05:47 827,392 --a------ c:\windows\System32\wininet.dll
2008-12-10 13:41 . 2008-10-21 06:25 296,960 --a------ c:\windows\System32\gdi32.dll
2008-12-10 13:41 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-10 13:40 . 2008-06-23 02:59 2,868,736 --a------ c:\windows\System32\mf.dll
2008-12-10 13:40 . 2008-06-23 02:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2008-12-10 13:40 . 2008-06-23 02:58 94,720 --a------ c:\windows\System32\logagent.exe
2008-12-05 17:21 . 2008-12-21 13:15 d-------- c:\program files\TuneUp Utilities 2009
2008-12-05 17:19 . 2008-12-05 17:19 d--hs---- c:\users\All Users\{55A29068-F2CE-456C-9148-C869879E2357}
2008-12-05 17:19 . 2008-12-05 17:19 d--hs---- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2008-12-05 09:53 . 2008-02-23 05:38 170,496 --a------ c:\windows\System32\tcpipcfg.dll
2008-12-05 09:53 . 2008-02-23 03:41 22,528 --a------ c:\windows\System32\netiougc.exe
2008-12-05 09:52 . 2008-11-13 15:18 1,221,008 --a------ c:\windows\System32\zpeng25.dll
2008-11-29 16:22 . 2008-11-29 16:22 d-------- c:\users\Julien\AppData\Roaming\NCH Software
2008-11-29 16:21 . 2008-11-29 16:21 d-------- c:\users\All Users\NCH Swift Sound
2008-11-29 16:21 . 2008-11-29 16:21 d-------- c:\programdata\NCH Swift Sound
2008-11-29 16:20 . 2008-11-29 16:20 d-------- c:\program files\NCH Swift Sound
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-29 13:10 --------- d---a-w c:\programdata\TEMP
2008-12-29 12:51 348,370 ---ha-w c:\windows\system32\drivers\vsconfig.xml
2008-12-29 12:24 --------- d-----w c:\programdata\Google Updater
2008-12-28 14:18 --------- d-----w c:\program files\LimeWire
2008-12-28 14:01 --------- d-----w c:\users\Julien\AppData\Roaming\LimeWire
2008-12-26 17:55 771,584 ----a-w c:\windows\Internet Logs\xDB8B9B.tmp
2008-12-25 11:01 2,556,416 ----a-w c:\windows\Internet Logs\xDBB559.tmp
2008-12-21 16:00 --------- d-----w c:\program files\Google
2008-12-19 13:41 136,192 ----a-w c:\windows\Internet Logs\xDB9B19.tmp
2008-12-17 16:16 357,376 ----a-w c:\windows\Internet Logs\xDB99B4.tmp
2008-12-14 16:12 --------- d-----w c:\users\Julien\AppData\Roaming\U3
2008-12-14 15:36 5,113,473 ----a-w c:\windows\Internet Logs\tvDebug.zip
2008-12-14 15:35 663,552 ----a-w c:\windows\Internet Logs\xDBB8C6.tmp
2008-12-10 14:17 --------- d-----w c:\program files\Windows Mail
2008-12-10 14:08 --------- d-----w c:\programdata\Microsoft Help
2008-12-06 14:52 3,219,456 ----a-w c:\windows\Internet Logs\xDB9C72.tmp
2008-11-22 16:16 --------- d-----w c:\program files\iTunes
2008-11-22 16:15 --------- d-----w c:\program files\iPod
2008-11-22 16:15 --------- d-----w c:\program files\Common Files\Apple
2008-11-22 16:12 --------- d-----w c:\program files\QuickTime
2008-11-17 16:28 --------- d-----w c:\program files\Magentic
2008-11-15 16:04 --------- d-----w c:\users\Julien\AppData\Roaming\Winamp
2008-11-15 16:04 --------- d-----w c:\program files\Windows Sidebar
2008-11-15 16:03 --------- d-----w c:\programdata\CA
2008-11-15 14:40 --------- d-----w c:\program files\Common Files\Scanner
2008-11-15 14:40 --------- d-----w c:\program files\CA
2008-11-13 14:19 293,776 ----a-w c:\windows\system32\drivers\vsdatant.sys
2008-11-11 15:07 --------- d-----w c:\programdata\WinZip
2008-11-11 15:05 --------- d-----w c:\program files\WinZip(74)
2008-11-11 13:39 --------- dc-h--w c:\programdata\{5F2CE881-C7A5-4F1A-A1C0-A5BFC9A36913}
2008-11-11 13:21 --------- d-----w c:\program files\System Search Dispatcher
2008-11-11 13:21 --------- d-----w c:\program files\Network Optimizer
2008-11-11 13:19 --------- d-----w c:\program files\DoubleD
2008-11-11 11:29 --------- d-----w c:\programdata\Installations
2008-11-11 11:28 --------- d-----w c:\program files\Nokia
2008-11-11 11:28 --------- d-----w c:\program files\Common Files\PCSuite
2008-11-11 11:28 --------- d-----w c:\program files\Common Files\Nokia
2008-11-11 11:24 --------- d-----w c:\program files\PC Connectivity Solution
2008-11-09 10:27 --------- d-----w c:\program files\Common Files\Adobe
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll
2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll
2008-10-16 13:08 162,064 ----a-w c:\windows\System32\wuwebv.dll
2008-10-16 12:56 31,232 ----a-w c:\windows\System32\wuapp.exe
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-30 13:48 174 --sha-w c:\program files\desktop.ini
2008-06-08 08:48 774,144 ----a-w c:\program files\RngInterstitial.dll
2008-04-16 08:59 90 ----a-w c:\users\Julien\AppData\Roaming\wklnhst.dat
.
((((((((((((((((((((((((((((( snapshot@2008-12-29_13.41.39,19 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-29 12:03:20 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-29 12:51:20 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-12-29 12:03:20 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-12-29 12:51:20 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-12-29 12:40:01 262,144 ----a-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-29 12:52:52 262,144 ----a-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-12-29 12:39:55 262,144 ----a-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-29 14:11:31 262,144 ----a-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-29 14:11:31 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-12-29 12:03:35 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-29 12:53:18 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-29 12:03:35 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-29 12:53:18 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-29 12:03:35 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-29 12:53:18 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-29 12:05:58 11,298 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1147899661-3754589122-3210750849-1000_UserData.bin
+ 2008-12-29 12:54:07 11,298 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1147899661-3754589122-3210750849-1000_UserData.bin
- 2008-12-29 12:05:58 62,182 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-29 12:54:06 62,316 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-12-29 12:05:55 62,034 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-29 12:54:05 62,050 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-18 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-26 30192]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-21 1168264]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GOEC62~1.DLL
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe"
"Magentic"=c:\progra~1\Magentic\bin\Magentic.exe /c
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E85681D6-5E7B-4AC3-8B60-21E9A8392297}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{404DE23F-2668-4B95-AEA7-81722E42C60C}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{10A63DD7-4FF3-4451-BB45-3B42A9A86CE1}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5D6C4397-BB23-4CC9-B68C-EBBBA8192F8A}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E0799AA0-982C-45CF-A3B8-89584B5E391B}"= c:\program files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{EC94966C-E206-4561-B800-68636555B0AB}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{D98698DB-389D-451A-B0B9-C7412C84A974}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{662EC954-A3A6-4694-91EA-C726350EBDE7}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{9086C6CC-0FEB-495E-938F-2BD8563594B5}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FED29BA3-BF10-42D4-BF07-95B34E74E3E5}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4BA19CF4-9AAF-4FCF-8988-025026E276EC}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{8CF16E66-F3E4-4CED-9763-C66564547B54}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{B30C5900-7264-4817-93D6-5DC763369404}"= Disabled:UDP:c:\program files\Magentic\bin\MgImp.exe:Magentic
"{1745CB37-94AA-4F69-938D-746AE58D9C70}"= Disabled:TCP:c:\program files\Magentic\bin\MgImp.exe:Magentic
"{72C8367B-25B3-462F-8048-A55F85142D9A}"= Disabled:UDP:c:\program files\Magentic\bin\Magentic.exe:Magentic
"{1D69EA50-5FE9-4661-B0C4-BD938BB0C03F}"= Disabled:TCP:c:\program files\Magentic\bin\Magentic.exe:Magentic
"{E090BB8C-F35D-426D-9693-3A7F6D95104C}"= Disabled:UDP:c:\program files\Magentic\bin\MgApp.exe:Magentic
"{51ABF7BB-521B-4E1D-A545-BB5570955C18}"= Disabled:TCP:c:\program files\Magentic\bin\MgApp.exe:Magentic
"{D155B74A-B567-431A-BDCC-4E9978E77274}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{61A8129F-D53A-4E84-817C-76BD87B68523}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{956231B7-DB02-4889-816E-63501E34A4A1}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{02A1EDAA-3A82-4F4F-8633-42C4B5E894D8}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-26 111184]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2006-11-02 16:51:58 13560]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-26 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-12-26 51792]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-21 356920]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2008-12-21 603904]
S0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\system32\drivers\royal.sys [2008-03-02 240128]
S2 gupdate1c963853d090218;Google Update Service (gupdate1c963853d090218);"c:\program files\Google\Update\GoogleUpdate.exe" /svc [2008-12-21 119280]
S3 GKUPRO2D;GKUPRO2D;c:\windows\system32\Drivers\GKUPRO2D.sys [2005-02-18 71168]
S3 GoogleDesktopManager-110408-113106;Google Desktop Manager 5.8.811.4345;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-18 30192]
S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f34e03e-44c3-11dd-9b52-0016767d0f89}]
\shell\AutoRun\command - F:\InstallTomTomHOME.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e30f3099-e9e7-11dc-92b0-0016767d0f89}]
\shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
Inhoud van de 'Gedeelde Taken' map
2008-12-26 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-06-20 08:09]
2008-12-29 c:\windows\Tasks\1-klik Onderhoud.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 15:12]
2008-12-29 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-21 16:59]
2008-12-26 c:\windows\Tasks\Norton Security Scan for Julien.job
- c:\program files\Norton Security Scan\Nss.exe [2008-12-11 17:49]
2008-12-29 c:\windows\Tasks\User_Feed_Synchronization-{7B55CDDB-F91A-4ACC-A4F0-079170E36C1F}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-29 15:11:45
Windows 6.0.6001 Service Pack 1 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2008-12-29 15:19:17
ComboFix-quarantined-files.txt 2008-12-29 14:19:02
ComboFix2.txt 2008-12-29 12:46:02
Pre-Run: 31.139.495.936 bytes beschikbaar
Post-Run: 30,783,488,000 bytes beschikbaar
321 --- E O F --- 2008-12-26 09:18:37