ComboFix 09-07-21.03 - user 22/07/2009 14:41.1.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.1022.331 [GMT 2:00] Gestart vanuit: c:\users\user\Downloads\ComboFix.exe AV: G DATA AntiVirus *On-access scanning enabled* (Updated) {71310606-6F3B-49F2-9A81-8315AA75FBB3} AV: Lavasoft Ad-Watch Live! Antivirus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} FW: Lavasoft Personal Firewall *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD} SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22} SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((( Bestanden Gemaakt van 2009-06-22 to 2009-07-22 )))))))))))))))))))))))))))))) . 2009-07-22 12:49 . 2009-07-22 12:49 -------- d-----w- c:\users\user\AppData\Local\temp 2009-07-21 00:30 . 2009-06-09 12:18 575488 ----a-w- c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\y0ox35lm.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll 2009-07-20 23:28 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll 2009-07-20 23:28 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll 2009-07-20 23:28 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll 2009-07-20 23:28 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll 2009-07-20 23:28 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll 2009-07-15 18:23 . 2007-03-30 14:13 344064 ----a-w- c:\windows\system32\lxdicoin.dll 2009-07-11 08:14 . 2009-07-11 08:34 -------- d-----w- c:\users\user\AppData\Roaming\UseNeXT 2009-07-11 08:14 . 2009-07-11 08:14 -------- d-----w- c:\program files\UseNeXT 2009-07-10 12:08 . 2009-07-12 19:50 -------- d-----w- c:\users\user\.housecall6.6 2009-07-10 11:40 . 2009-07-10 11:40 -------- d-----w- c:\users\user\AppData\Roaming\IObit 2009-07-10 11:40 . 2009-07-10 11:40 -------- d-----w- c:\program files\IObit 2009-07-09 16:55 . 2009-07-09 16:55 -------- d-----w- c:\program files\Sophos 2009-07-04 13:21 . 2009-07-20 23:59 117760 ----a-w- c:\users\user\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-07-04 13:20 . 2009-07-04 13:20 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2009-07-04 13:19 . 2009-07-04 13:19 65024 ----a-r- c:\users\user\AppData\Roaming\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe 2009-07-04 13:19 . 2009-07-04 13:19 18944 ----a-r- c:\users\user\AppData\Roaming\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe 2009-07-04 13:19 . 2009-07-04 13:19 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-07-04 13:19 . 2009-07-04 13:19 -------- d-----w- c:\users\user\AppData\Roaming\SUPERAntiSpyware.com 2009-07-04 13:17 . 2009-07-04 13:17 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-07-02 12:52 . 2009-07-02 12:52 -------- d-----w- c:\windows\system32\ca-ES 2009-07-02 12:52 . 2009-07-02 12:52 -------- d-----w- c:\windows\system32\eu-ES 2009-07-02 12:52 . 2009-07-02 12:52 -------- d-----w- c:\windows\system32\vi-VN 2009-07-02 12:33 . 2009-07-02 12:33 -------- d-----w- c:\windows\system32\EventProviders 2009-07-02 12:28 . 2009-04-11 06:28 375808 ----a-w- c:\windows\system32\winhttp.dll 2009-07-02 12:27 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll 2009-07-02 12:27 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll 2009-07-02 12:27 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll 2009-07-02 12:27 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll 2009-07-02 12:27 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll 2009-07-02 12:27 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll 2009-07-02 12:27 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll 2009-07-02 12:27 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll 2009-07-02 12:27 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll 2009-07-02 12:27 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe 2009-07-02 12:26 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll 2009-06-30 19:53 . 2009-06-30 19:53 -------- d-----w- c:\users\user\AppData\Roaming\TrojanHunter 2009-06-30 19:25 . 2009-06-30 19:27 -------- d-----w- c:\program files\TrojanHunter 5.0 2009-06-24 17:50 . 2009-07-14 18:54 3775176 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-06-23 16:36 . 2009-06-23 16:36 -------- d-----w- c:\users\user\AppData\Local\Magentic . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-22 12:50 . 2008-12-08 17:26 -------- d-----w- c:\users\user\AppData\Roaming\DNA 2009-07-21 22:22 . 2009-05-07 10:02 -------- d-----w- c:\program files\SPAMfighter 2009-07-21 21:28 . 2009-05-06 17:09 -------- d-----w- c:\program files\SpywareBlaster 2009-07-21 00:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-07-15 18:18 . 2006-11-02 16:11 667114 ----a-w- c:\windows\system32\perfh013.dat 2009-07-15 18:18 . 2006-11-02 16:11 126648 ----a-w- c:\windows\system32\perfc013.dat 2009-07-14 18:55 . 2009-06-13 08:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-13 11:36 . 2009-06-13 08:23 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-13 11:36 . 2009-06-13 08:23 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-08 19:11 . 2009-06-17 18:45 25440 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\savapibridge.dll 2009-07-08 19:11 . 2009-06-17 18:45 1630560 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll 2009-07-08 19:11 . 2009-06-17 18:44 2353480 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe 2009-07-02 21:01 . 2008-12-08 17:26 -------- d-----w- c:\users\user\AppData\Roaming\BitTorrent 2009-07-02 12:52 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar 2009-07-02 12:52 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar 2009-07-02 12:52 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery 2009-07-02 12:52 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal 2009-07-02 12:52 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration 2009-07-02 12:52 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender 2009-07-02 12:52 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-07-02 12:41 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont 2009-06-25 17:55 . 2008-12-18 08:29 -------- d-----w- c:\program files\Mozilla Thunderbird 2009-06-20 09:30 . 2009-06-20 09:29 -------- d-----w- c:\programdata\IM 2009-06-20 09:28 . 2009-06-20 09:28 -------- d-----w- c:\programdata\IncrediMail 2009-06-16 18:34 . 2009-06-16 18:34 -------- d-----w- c:\program files\ESET 2009-06-13 08:24 . 2009-06-13 08:24 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes 2009-06-13 08:23 . 2009-06-13 08:23 -------- d-----w- c:\programdata\Malwarebytes 2009-06-13 08:13 . 2009-06-13 08:13 -------- d-----w- c:\program files\Trend Micro 2009-06-12 09:41 . 2009-06-12 09:41 -------- d-----w- c:\program files\Panda Security 2009-06-10 18:54 . 2009-05-16 09:26 -------- d-----w- c:\programdata\Microsoft Help 2009-06-10 18:52 . 2007-02-09 15:33 -------- d-----w- c:\program files\Microsoft Works 2009-06-07 13:35 . 2008-11-11 13:46 84288 ----a-w- c:\users\user\AppData\Local\GDIPFONTCACHEV1.DAT 2009-06-07 12:23 . 2009-06-07 12:23 -------- d-----w- c:\program files\Alwil Software 2009-05-30 09:48 . 2007-02-09 12:34 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-30 09:48 . 2007-02-21 12:10 -------- d-----w- c:\programdata\CyberLink 2009-05-30 09:48 . 2007-02-21 12:08 -------- d-----w- c:\program files\CyberLink 2009-05-30 09:43 . 2009-05-29 17:56 53319 ----a-w- c:\programdata\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe 2009-05-29 18:08 . 2008-11-19 20:03 -------- d-----w- c:\users\user\AppData\Roaming\CyberLink 2009-05-29 18:01 . 2009-05-29 18:01 -------- d-----w- c:\program files\Common Files\CyberLink 2009-05-29 17:55 . 2007-02-21 12:08 29480 ----a-w- c:\windows\system32\msxml3a.dll 2009-05-29 17:55 . 2007-02-21 12:08 505128 ----a-w- c:\windows\system32\msvcp71.dll 2009-05-26 15:46 . 2009-05-26 15:46 109920 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ToolBox\AutoStart Manager\SO.dll 2009-05-26 15:46 . 2009-05-26 15:46 15688 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe 2009-05-26 15:46 . 2009-02-04 13:22 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-05-17 18:26 . 2009-05-17 18:32 3288344 ----a-w- c:\programdata\avg8\update\backup\setup.exe 2009-05-17 18:26 . 2009-05-17 18:32 486168 ----a-w- c:\programdata\avg8\update\backup\avgrsx.exe 2009-05-17 18:26 . 2009-05-17 18:32 2051864 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll 2009-05-17 18:26 . 2009-05-17 18:32 2302232 ----a-w- c:\programdata\avg8\update\backup\avguiadv.dll 2009-05-17 18:26 . 2009-05-17 18:32 3399960 ----a-w- c:\programdata\avg8\update\backup\avgui.exe 2009-05-17 18:26 . 2009-05-17 18:32 1083672 ----a-w- c:\programdata\avg8\update\backup\avgupd.exe 2009-05-17 18:26 . 2009-05-17 18:32 177432 ----a-w- c:\programdata\avg8\update\backup\avgmail.dll 2009-05-17 18:26 . 2009-05-17 18:32 755992 ----a-w- c:\programdata\avg8\update\backup\avginet.dll 2009-05-17 18:26 . 2009-05-17 18:32 424472 ----a-w- c:\programdata\avg8\update\backup\avgwdwsc.dll 2009-05-17 18:26 . 2009-05-17 18:32 1262880 ----a-w- c:\programdata\avg8\update\backup\avgwd.dll 2009-05-09 05:50 . 2009-06-10 18:45 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-09 05:34 . 2009-06-10 18:45 71680 ----a-w- c:\windows\system32\iesetup.dll 2008-11-24 18:58 . 2008-11-24 18:58 2788800 ----a-w- c:\program files\FLV PlayerFCSetup.exe 2009-07-03 19:40 . 2008-12-18 08:14 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFre1.dll" [2009-03-28 1883672] [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] 2009-03-28 22:27 1883672 ----a-w- c:\program files\Freecorder\tbFre1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFre1.dll" [2009-03-28 1883672] [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\tbFre1.dll" [2009-03-28 1883672] [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "BitTorrent DNA"="c:\users\user\Program Files\DNA\btdna.exe" [2008-12-19 342848] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-11 39408] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "PowerDVD"="c:\program files\Home Cinema\PowerDVD\PowerDVD.exe" [2006-12-25 953952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896] "InstantOn"="c:\program files\CyberLink\PowerCinema Linux\ion_install.exe" [2007-02-13 94212] "G DATA AntiVirus Trayapplication"="c:\program files\G DATA\AntiVirus\AVKTray\AVKTray.exe" [2008-11-17 957000] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-06 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8530464] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920] "FaxCenterServer"="c:\program files\\Lexmark Fax Solutions\fm3032.exe" [2007-05-07 312240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-07 136600] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-14 185872] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-30 520024] "lavasoftMonitor"="c:\progra~1\Lavasoft\PERSON~1\op_mon.exe" [2008-04-25 1207296] "lavasoftFeedBack"="c:\program files\Lavasoft\Personal Firewall\feedback.exe" [2008-04-22 413696] "lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-07-16 434864] "lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-07-16 25264] "SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2009-03-12 326792] "THGuard"="c:\program files\TrojanHunter 5.0\THGuard.exe" [2008-10-24 1056928] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-01-18 4349952] c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Lavasoft\PERSON~1\wl_hook.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):7a,f8,ab,de,18,fb,c9,01 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{8D4FCAC8-BAA0-472A-A2CD-8B62F3C377AF}"= c:\program files\Home Cinema\MakeDisc\MakeDisc.exe:MakeDisc "{7E74A995-C9B1-40EA-8643-DA9925B87BEC}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In) "{5A07A4C5-702C-4E44-8F2E-0FFE0FCD9674}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In) "{4D65E12A-F86C-4975-A67D-3EFC8661CF8E}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{3404EB4C-3525-461F-BCDA-BCD8D994AFCD}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{F6CAF24E-E467-48E5-AEBC-A45638148CE0}"= UDP:c:\windows\System32\lxdicoms.exe:Lexmark Communications System "{2226F73B-0D3E-4A91-897F-0426A08DCC8F}"= TCP:c:\windows\System32\lxdicoms.exe:Lexmark Communications System "TCP Query User{C1ABEBA8-67DE-493C-A0E8-4CAE5172BC74}c:\\program files\\lexmark 3500-4500 series\\lxdiamon.exe"= UDP:c:\program files\lexmark 3500-4500 series\lxdiamon.exe:Lexmark Device Monitor "UDP Query User{C86AB932-FFC0-4C14-BB9A-DDB7A4BE0A11}c:\\program files\\lexmark 3500-4500 series\\lxdiamon.exe"= TCP:c:\program files\lexmark 3500-4500 series\lxdiamon.exe:Lexmark Device Monitor "TCP Query User{354317F0-F519-4A1F-8CC2-0610F3317034}c:\\program files\\lexmark 3500-4500 series\\app4r.exe"= UDP:c:\program files\lexmark 3500-4500 series\app4r.exe:Lexmark Imaging Studio "UDP Query User{83983B29-D9E8-47B6-96D6-ECF202E8E6C7}c:\\program files\\lexmark 3500-4500 series\\app4r.exe"= TCP:c:\program files\lexmark 3500-4500 series\app4r.exe:Lexmark Imaging Studio "{CD958193-AB5C-417D-89E4-C54BAE8C8750}"= UDP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader "{607A7AB2-C615-48A6-80A8-B5FF3575BF7F}"= TCP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader "{34A800B4-068C-489C-BE50-8D5BBCC1B503}"= UDP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software "{EF417BE8-DD94-4AD8-AB72-D8217D5D6A29}"= TCP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software "{76FBC6EC-7A7A-47B2-B63C-B210BD397B6A}"= UDP:c:\program files\Lexmark 3500-4500 Series\lxdimon.exe:Device Monitor "{8A00AF78-FDC3-4B13-812F-E766781EEAF6}"= TCP:c:\program files\Lexmark 3500-4500 Series\lxdimon.exe:Device Monitor "{84FD3089-7927-4638-A34C-88B186C89773}"= UDP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader "{B46DD118-6E38-4A98-9B5B-CC1AD9D2D3DC}"= TCP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader "{0DA12359-27F3-4898-BCCE-57A98CEB155F}"= UDP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software "{AE1130B6-7386-4456-A021-7875611A1E05}"= TCP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software "{DAEFFC9B-0AF5-4A3A-80C5-B29C7D8731DE}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{FF9D0490-F346-4343-917D-367C937EF46E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{70D8885D-85F6-4E95-8269-C086841F0B32}"= UDP:c:\windows\System32\lxdicoms.exe:Lexmark Communications System "{5C38E036-91FD-49AA-8A09-C35CB5572755}"= TCP:c:\windows\System32\lxdicoms.exe:Lexmark Communications System "{19AE70F4-DEC0-4139-961F-AC3B13DA5965}"= UDP:c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor "{619A837B-B967-48D6-964C-48F94011837F}"= TCP:c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor "{F840F151-A927-4B72-AE3C-DE3749DFBB64}"= UDP:c:\program files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio "{A59E5440-4D3C-496B-A9B6-3E42E8D3F9AB}"= TCP:c:\program files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio "{49E1CADB-F0C3-406C-B509-B98D04FAE58C}"= UDP:c:\program files\Lexmark 3500-4500 Series\lxdimon.exe:Device Monitor "{3FB93D63-82E6-40FC-BE6E-D32B7F6DD60B}"= TCP:c:\program files\Lexmark 3500-4500 Series\lxdimon.exe:Device Monitor "{1E5913C1-3053-48CF-B4FF-5FDB34904DA2}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{E7EFC736-DC2D-4327-83FD-CCE28F3F5D1C}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{D79E9E98-5875-4347-8FF7-05EA51FBB781}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail "{CB0C741B-DE02-4454-A78A-4869470C8465}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail "{ADA5C435-11A2-4E3A-8BF5-8E5E1AED1954}"= Disabled:UDP:c:\program files\Magentic\bin\MgImp.exe:Magentic "{04DCC04C-2558-4FAF-B39B-E8A8DFE911CC}"= Disabled:TCP:c:\program files\Magentic\bin\MgImp.exe:Magentic "{9FF16FB5-6A64-4516-9431-460DD98BCEA1}"= Disabled:UDP:c:\program files\Magentic\bin\MgApp.exe:Magentic "{393DAEAC-173A-493F-A100-CA22885CC01F}"= Disabled:TCP:c:\program files\Magentic\bin\MgApp.exe:Magentic "{CDB3580D-37B3-4658-BD75-06FCD639033A}"= Disabled:UDP:c:\program files\Magentic\bin\Magentic.exe:Magentic "{A7E391A2-A479-4174-80F3-7FF4D3E3F2C7}"= Disabled:TCP:c:\program files\Magentic\bin\Magentic.exe:Magentic "{01827506-0704-41F0-A3B6-9DFCBC45A44C}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail "{4CA35D2D-0247-4E53-816D-AD3B1B673A48}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail "{D810115F-1962-469E-B70B-85B652608780}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail "{E7A08528-1F50-4F43-AD31-490F4E442989}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [21/04/2009 18:25 64160] R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [12/06/2009 11:44 28544] R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\System32\drivers\xfilt.sys [9/02/2007 14:34 17920] R1 afw;Lavasoft Firewall Driver;c:\windows\System32\drivers\afw.sys [4/02/2009 13:43 215104] R1 gdwfpcd;G DATA WFP CD;c:\windows\System32\drivers\gdwfpcd32.sys [18/11/2008 21:36 40392] R1 GRD;G DATA Rootkit Detector Driver;c:\windows\System32\drivers\GRD.sys [18/11/2008 21:57 29128] R1 SandBox;SandBox;c:\windows\System32\drivers\SandBox.sys [4/02/2009 13:43 449184] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/06/2009 11:01 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/06/2009 11:01 72944] R2 acssrv;Lavasoft Client Security Service;c:\progra~1\Lavasoft\PERSON~1\acs.exe [4/02/2009 13:43 1171456] R2 AVKProxy;G DATA AntiVirus Proxy;c:\program files\Common Files\G DATA\AVKProxy\AVKProxy.exe [19/09/2008 15:46 1016392] R2 AVKService;G DATA Schedule;c:\program files\G DATA\AntiVirus\AVK\AVKService.exe [19/09/2008 15:46 386120] R2 AVKWCtl;AntiVirus-bewaker;c:\program files\G DATA\AntiVirus\AVK\AVKWCtl.exe [14/08/2008 9:55 1185496] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1029456] R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [7/02/2009 22:10 1153368] R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [12/03/2009 10:44 184968] R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\System32\drivers\3xHybrid.sys [9/02/2007 14:11 1136600] R3 GDMnIcpt;GDMnIcpt;c:\windows\System32\drivers\MiniIcpt.sys [18/11/2008 21:36 48712] R3 HookCentre;HookCentre;c:\windows\System32\drivers\HookCentre.sys [18/11/2008 21:36 32200] R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr73.sys [11/05/2007 17:40 329728] R3 X10Hid;X10 Hid Device;c:\windows\System32\drivers\x10hid.sys [9/02/2007 17:03 13976] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/06/2009 11:01 7408] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Inhoud van de 'Gedeelde Taken' map 2009-07-21 c:\windows\Tasks\Ad-Aware Update (Daily).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 17:29] 2009-07-12 c:\windows\Tasks\SmartDefrag.job - c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-07-10 07:22] 2009-07-22 c:\windows\Tasks\User_Feed_Synchronization-{A393461C-0354-48DF-90DA-A46CE59AF92C}.job - c:\windows\system32\msfeedssync.exe [2009-05-02 11:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://mystart.incredimail.com/ IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: {A01EBE1D-E2E6-4BCA-8B91-05417244BFCE} = 195.238.2.21 195.238.2.22 FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\y0ox35lm.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.aldi.be FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search= FF - component: c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\y0ox35lm.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\users\user\Program Files\DNA\plugins\npbtdna.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-22 14:49 Windows 6.0.6002 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2009-07-22 14:53 ComboFix-quarantined-files.txt 2009-07-22 12:53 Pre-Run: 203.979.444.224 bytes beschikbaar Post-Run: 204.192.423.936 bytes beschikbaar Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5 339 --- E O F --- 2009-07-21 21:34