Wow you're fast SpySentinel!
The fight with my computer i mentioned before was due to the notification by Combofix that i still had Norton anti virus stuff running on my computer.
Norton came with the comp. and i removed it. (or so i thought)
Thanks again,
Kuifje
Anyway here is the requested log:
ComboFix 09-05-04.A3 - prutteltje 05-05-2009 23:21.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.2047.980 [GMT 2:00]
Gestart vanuit: c:\users\prutteltje\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\prutteltje\Desktop\CFScript.txt
AV: Bitdefender Antivirus *On-access scanning disabled* (Updated)
AV: Norton Internet Security *On-access scanning enabled* (Updated)
AV: Spy Sweeper with AntiVirus *On-access scanning disabled* (Updated)
FW: Bitdefender Firewall *disabled*
FW: Norton Internet Security *enabled*
FILE ::
c:\windows\S66A3B434.tmp
c:\windows\system32\xa685927597.exe
c:\windows\system32\xa685930296.exe
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\xa685927597.exe
c:\windows\system32\xa685930296.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-04-05 to 2009-05-05 ))))))))))))))))))))))))))))))
.
2009-05-01 15:29 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-01 15:29 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-29 19:24 . 2009-04-29 19:24 -------- d-----w c:\users\prutteltje\AppData\Roaming\funkitron
2009-04-29 17:41 . 2009-04-29 17:41 -------- d-----w c:\users\prutteltje\AppData\Roaming\GOL_byHasbro
2009-04-26 17:39 . 2009-04-26 17:43 -------- d-----w c:\users\prutteltje\AppData\Roaming\Mysteryville2
2009-04-26 17:38 . 2009-04-26 18:44 -------- d-----w c:\program files\iWin.com Games
2009-04-25 16:20 . 2009-04-25 16:20 -------- d-----w c:\users\prutteltje\AppData\Local\Gamenauts
2009-04-24 20:33 . 2009-04-24 20:33 -------- d-----w c:\programdata\SpecialBit
2009-04-24 20:33 . 2009-04-24 20:33 -------- d-----w c:\users\All Users\SpecialBit
2009-04-19 19:16 . 2009-04-19 19:16 -------- d-----w c:\users\prutteltje\AppData\Roaming\Reflexivev1002
2009-04-09 05:27 . 2008-10-10 02:52 2036576 ----a-w c:\windows\system32\D3DCompiler_40.dll
2009-04-09 05:27 . 2008-10-10 02:52 452440 ----a-w c:\windows\system32\d3dx10_40.dll
2009-04-09 05:27 . 2008-10-10 02:52 4379984 ----a-w c:\windows\system32\D3DX9_40.dll
2009-04-09 05:27 . 2008-10-27 08:04 70992 ----a-w c:\windows\system32\XAPOFX1_2.dll
2009-04-09 05:27 . 2008-10-27 08:04 514384 ----a-w c:\windows\system32\XAudio2_3.dll
2009-04-09 05:27 . 2008-10-27 08:04 235856 ----a-w c:\windows\system32\xactengine3_3.dll
2009-04-09 05:27 . 2008-10-27 08:04 23376 ----a-w c:\windows\system32\X3DAudio1_5.dll
2009-04-08 20:01 . 2009-04-08 20:01 -------- d-----w c:\program files\Kalypso
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-05 21:44 . 2009-01-28 04:34 81984 ----a-w c:\windows\system32\bdod.bin
2009-05-05 21:40 . 2008-03-02 08:00 12 ----a-w c:\windows\bthservsdp.dat
2009-05-05 18:24 . 2006-11-02 16:11 676772 ----a-w c:\windows\system32\perfh013.dat
2009-05-05 18:24 . 2006-11-02 16:11 131268 ----a-w c:\windows\system32\perfc013.dat
2009-05-01 15:30 . 2009-01-25 23:58 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-31 19:02 . 2009-01-26 00:54 -------- d-----w c:\program files\Java
2009-03-17 03:38 . 2009-04-15 17:26 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 17:26 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-11 20:55 . 2009-02-22 15:18 -------- d-----w c:\program files\BigfishGames
2009-03-09 03:19 . 2009-01-26 00:55 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-03 04:46 . 2009-04-15 17:26 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 17:26 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-15 17:26 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-15 17:26 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-15 17:26 551424 ------w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-15 17:26 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 17:26 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-15 17:26 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-15 17:26 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-15 17:26 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 17:26 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 17:26 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-15 17:26 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-02-13 20:30 . 2009-02-13 20:30 94801292 ----a-w c:\windows\system32\xa94226663.exe
2009-02-13 20:30 . 2009-02-13 20:30 94801292 ----a-w c:\windows\system32\xa94224588.exe
2009-02-13 08:49 . 2009-04-15 17:26 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-13 08:49 . 2009-04-15 17:26 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-02-11 20:58 . 2009-02-11 20:58 55752346 ----a-w c:\windows\system32\xa275937423.exe
2009-02-11 20:58 . 2009-02-11 20:58 55752346 ----a-w c:\windows\system32\xa275934350.exe
2009-02-11 18:43 . 2009-02-11 18:43 97330812 ----a-w c:\windows\system32\xa267784077.exe
2009-02-11 18:43 . 2009-02-11 18:43 97330812 ----a-w c:\windows\system32\xa267781800.exe
2009-02-09 03:10 . 2009-03-11 00:10 2033152 ----a-w c:\windows\system32\win32k.sys
2008-06-18 18:14 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2007-12-12 03:44 . 2007-10-17 16:26 24 --sh--w c:\windows\S66A3B434.tmp
.
((((((((((((((((((((((((((((( SnapShot@2009-05-05_18.19.57 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-05-05 17:32 . 2009-05-05 17:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-05-05 21:41 . 2009-05-05 21:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-05-05 17:32 . 2009-05-05 17:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-05-05 21:41 . 2009-05-05 21:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-05-05 18:24 595308 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-05-05 17:38 595308 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-05-05 18:24 104742 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-05-05 17:38 104742 c:\windows\System32\perfc009.dat
+ 2009-01-13 19:12 . 2009-05-05 21:40 281424 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-01-13 19:12 . 2009-05-05 17:31 281424 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2006-11-02 10:22 . 2009-04-26 19:03 6406144 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 10:22 . 2009-05-05 21:40 6406144 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-05-05 21:20 . 2009-05-05 21:20 6406144 c:\windows\ERDNT\Hiv-backup\schema.dat
+ 2008-02-17 02:03 . 2009-05-05 18:23 185992517 c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-04-21 171448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KMCONFIG"="c:\program files\Trust\Trust R-Series Keyboard\StartAutorun.exe" [2007-03-06 212992]
"DXM6Patch_981116"="c:\windows\p_981116.exe" [1998-11-30 497376]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-01 185872]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-04 368640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
c:\users\prutteltje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2007-11-22 118784]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-1-9 528384]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-4-19 278528]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 10:41 294912 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A62367A5-2A7E-4980-A0A2-A8DE70B26CCE}"= UDP:c:\program files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{3FAF021C-7629-41B9-8399-8452F1113F3B}"= TCP:c:\program files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{8F48EE35-309A-4E56-A6AE-FA77D3FAA67F}"= UDP:c:\program files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{4451D232-3E9B-4D9A-A10B-6EFB54C3ED87}"= TCP:c:\program files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{92620155-6C12-4238-A813-7A4416B1E15D}"= UDP:c:\program files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{6EF17F1C-B45C-4474-9998-80FC1754ECE9}"= TCP:c:\program files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{86464936-6159-4A2B-B2C3-DD69C978FCA5}"= UDP:c:\program files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{CC415EFE-1025-4EA9-8BD1-7663FCDD5805}"= TCP:c:\program files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{DED866F4-1879-45BD-9E10-4C21323FCE1F}"= UDP:c:\program files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"{81719486-D2C1-4F2A-96C2-7B3950B7C23D}"= TCP:c:\program files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"{8737E236-F936-46A7-8F00-48D9E2C267FD}"= UDP:c:\program files\Acer Zone\Acer Zone TV Server\TVServer.exe:CyberLink TV Server
"{F1EF58D9-5B0C-40D5-8520-67A9F28C485D}"= TCP:c:\program files\Acer Zone\Acer Zone TV Server\TVServer.exe:CyberLink TV Server
"{08DCD9A2-876B-4A95-A870-F72F380447B8}"= UDP:c:\program files\Acer Zone\Acer Zone TV Server\Kernel\DMSTV\CLMSServer.exe:CyberLink Media Server
"{C2860DAE-9623-4FE9-982C-70B85C7EB1B8}"= TCP:c:\program files\Acer Zone\Acer Zone TV Server\Kernel\DMSTV\CLMSServer.exe:CyberLink Media Server
"{00BEEE77-BE4B-4F80-BF25-9F9B228229CB}"= UDP:c:\program files\Acer Zone\Acer Zone TV Enhance\TVEnhance.exe:CyberLink TVEnhance
"{CF484391-5857-4036-9650-9E9C8E3CE555}"= TCP:c:\program files\Acer Zone\Acer Zone TV Enhance\TVEnhance.exe:CyberLink TVEnhance
"{80B5F622-E8EC-4258-8967-A50A98C3F702}"= UDP:c:\program files\Acer Zone\Acer Zone TV Enhance\TVEService.exe:CyberLink TVEnhance Resident Program
"{A1CF151E-8B6C-4E2D-9C04-88EBDD950D1B}"= TCP:c:\program files\Acer Zone\Acer Zone TV Enhance\TVEService.exe:CyberLink TVEnhance Resident Program
"{471318BB-F1CC-4150-AB14-34F65DECF155}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{610820C0-FBF7-4673-AFE1-CB677BBBA5A3}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{ED475149-3E59-4F9C-8C66-5E0935EF8438}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{919A370E-5F34-4CBA-A440-2189C5A24C99}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"{41D98061-CB34-49D7-A373-221EB08CFCF3}"= c:\program files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{A2B91647-DB39-45A5-9F18-A50506AD7FD1}"= Disabled:UDP:c:\program files\SlySoft\AnyDVD\AnyDVD.exe:AnyDVD
"{A0039FFA-377D-452B-A040-B2D1F4C28012}"= Disabled:TCP:c:\program files\SlySoft\AnyDVD\AnyDVD.exe:AnyDVD
"TCP Query User{EB6B2409-DA82-4637-91D2-AE38B899054D}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{BF63570A-2B10-4FC8-A5F6-07FFC4C441AB}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{15F63ECF-B010-4F6E-8D54-89BF85695207}"= UDP:d:\k&l\kaneandlynch.exe:Kane & Lynch: Dead Men
"{E488E3E3-C1AA-4ECA-A102-9AC0758D3B39}"= TCP:d:\k&l\kaneandlynch.exe:Kane & Lynch: Dead Men
"{FB558341-280E-42DF-852C-4D99E63A0A26}"= UDP:c:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"{EBADF087-0022-4F1E-B5C6-424F4213BA81}"= TCP:c:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [5-7-2006 14:46 63352]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [29-2-2008 16:03 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [29-2-2008 16:03 51440]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\
000.fcl [2-11-2006 16:51 13560]
R2 athsgt;athsgt;c:\windows\System32\drivers\athsgt.sys [18-7-2007 16:36 164992]
R2 CyberLink Media TV Service;CyberLink Media TV Service;c:\program files\Acer Zone\Acer Zone TV Server\Kernel\DMSTV\CLMSServer.exe [18-4-2007 14:22 262237]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Trust\Trust R-Series Keyboard\KMWDSrv.exe [5-4-2007 10:29 208896]
R2 limsgt;limsgt;c:\windows\System32\drivers\limsgt.sys [18-7-2007 16:36 12544]
R2 litsgt;litsgt;c:\windows\System32\drivers\litsgt.sys [10-11-2007 19:56 137344]
R2 tansgt;tansgt;c:\windows\System32\drivers\tansgt.sys [10-11-2007 19:55 12032]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\System32\drivers\bdfndisf.sys [2-6-2008 16:16 86792]
R3 Ph3xIB32;Philips 713x VU PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [3-4-2007 10:43 1131136]
R3 RTL85n86;Stuurprogramma voor Realtek 8180/8185 Extensible 802.11-draadloos apparaat;c:\windows\System32\drivers\RTL85n86.sys [2-11-2006 12:25 311808]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16-2-2006 16:51 4096]
S3 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\Acer Zone\Acer Zone TV Enhance\Kernel\TV\TVECapSvc.exe [18-4-2007 14:23 286812]
S3 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\Acer Zone\Acer Zone TV Enhance\Kernel\TV\TVESched.exe [18-4-2007 14:23 110682]
--- Andere Services/Drivers In Geheugen ---
*Deregistered* - sptd
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bdx REG_MULTI_SZ scan
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhoud van de 'Gedeelde Taken' map
2009-05-05 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 07:09]
2009-05-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 12:21]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.startpagina.nl
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\prutteltje\AppData\Roaming\Mozilla\Firefox\Profiles\1d6ow8v6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.startpagina.nl/
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.08
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.08);user_pref(general.useragent.extra.zencast, );user_pref(general.useragent.extra.zencast, );user_pref(general.useragent.extra.zencast, );user_pref(general.useragent.extra.zencast, );user_pref(general.useragent.extra.zencast, );user_pref(general.useragent.extra.zencast, .
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-05-05 23:44
Windows 6.0.6001 Service Pack 1 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\
000.fcl"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_USERS\S-1-5-21-3047432322-4276535874-3232029594-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:3b,07,60,4e,0d,12,14,b7,3b,bc,56,ef,3a,3d,0d,93,bc,9d,8c,e5,bc,71,fa,
a8,ac,50,d4,8a,68,ef,73,39,f2,38,bf,bf,04,62,98,55,d2,85,18,ef,f5,1a,81,52,\
"??"=hex:a0,61,76,1a,b3,c8,9b,e0,05,2e,95,a9,c8,c9,59,e4
[HKEY_USERS\S-1-5-21-3047432322-4276535874-3232029594-1000\Software\SecuROM\License information*]
"datasecu"=hex:91,63,94,3d,25,06,48,b1,7d,a1,df,86,28,20,3b,dc,be,7d,91,45,ff,
f1,3b,bc,1a,37,66,4d,2a,e0,41,32,d1,cc,2b,d5,3b,5e,0d,81,4d,ab,7f,1d,7d,67,\
"rkeysecu"=hex:35,70,a6,03,e0,9f,cc,b4,a2,16,77,cb,57,4f,02,c8
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\msiexec.exe
c:\program files\Common Files\microsoft shared\Source Engine\OSE.EXE
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\snmptrap.exe
c:\windows\System32\TuneUpDefragService.exe
c:\windows\System32\vds.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2008\vsserv.exe
c:\windows\System32\conime.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Trust\Trust R-Series Keyboard\KMCONFIG.exe
c:\acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Trust\Trust R-Series Keyboard\KMProcess.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Voltooingstijd: 2009-05-05 23:47 - machine werd herstart
ComboFix-quarantined-files.txt 2009-05-05 21:47
ComboFix2.txt 2009-05-05 18:21
Pre-Run: 30.645.301.248 bytes beschikbaar
Post-Run: 30.445.359.104 bytes beschikbaar
290 --- E O F --- 2009-04-29 01:00