ComboFix 08-12-28.03 - Julien 2008-12-29 15:05:36.2 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.2037.1152 [GMT 1:00] Gestart vanuit: c:\users\Julien\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Julien\Desktop\CFScript.txt..txt * Nieuw herstelpunt werd aangemaakt FILE :: c:\windows\Internet Logs\xB8B9B.tmp c:\windows\Internet Logs\xB99B4.tmp c:\windows\Internet Logs\xB9B19.tmp c:\windows\Internet Logs\xB9C72.tmp c:\windows\Internet Logs\xBB559.tmp c:\windows\Internet Logs\xBB8C6.tmp c:\windows\system32\drivers\kmxzone.u2k0 c:\windows\system32\drivers\kmxzone.u2k1 c:\windows\system32\drivers\kmxzone.u2k2 c:\windows\system32\drivers\kmxzone.u2k3 c:\windows\system32\drivers\kmxzone.u2k4 c:\windows\system32\drivers\kmxzone.u2k5 c:\windows\system32\drivers\kmxzone.u2k6 c:\windows\system32\drivers\kmxzone.u2k7 c:\windows\system32\drivers\vsconfig(446).xml c:\windows\System32\isafeif(390).dll c:\windows\System32\isafprod(391).dll c:\windows\System32\vetredir(411).dll . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\MFT 414 c:\mft 414\Julien\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVS8Y7MO\Ico_alpha_InternetSettings_16x16[1].png c:\mft 414\Julien\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2MYBDVVZ\internet[1].css C:\MFT 474 c:\mft 474\x86_microsoft-network-internet-access_31bf3856ad364e35_6.0.6001.18000_none_ba8dd3bd3e0293e1.manifest c:\mft 474\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9.manifest c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DIFxAPI.dll c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DifXInstall32.exe c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\GEARAspiWDM.inf c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\gearaspiwdmx86.cat c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86\GEARAspi.dll c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86\GEARAspiWDM.sys c:\windows\system32\drivers\kmxzone.u2k0 c:\windows\system32\drivers\kmxzone.u2k1 c:\windows\system32\drivers\kmxzone.u2k2 c:\windows\system32\drivers\kmxzone.u2k3 c:\windows\system32\drivers\kmxzone.u2k4 c:\windows\system32\drivers\kmxzone.u2k5 c:\windows\system32\drivers\kmxzone.u2k6 c:\windows\system32\drivers\kmxzone.u2k7 c:\windows\system32\drivers\vsconfig(446).xml c:\windows\System32\isafeif(390).dll c:\windows\System32\isafprod(391).dll c:\windows\System32\vetredir(411).dll . (((((((((((((((((((( Bestanden Gemaakt van 2008-11-28 to 2008-12-29 )))))))))))))))))))))))))))))) . 2008-12-28 11:31 . 2008-12-28 11:31 d-------- c:\users\Julien\AppData\Roaming\Malwarebytes 2008-12-28 11:31 . 2008-12-28 11:31 d-------- c:\users\All Users\Malwarebytes 2008-12-28 11:31 . 2008-12-28 11:31 d-------- c:\programdata\Malwarebytes 2008-12-28 11:31 . 2008-12-28 11:31 d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-28 11:31 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2008-12-28 11:31 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2008-12-28 09:10 . 2008-12-29 13:48 d-------- C:\hijjack file en verschill. logs 2008-12-28 09:08 . 2008-12-28 09:08 d-------- c:\program files\Trend Micro 2008-12-26 19:06 . 2008-12-27 12:54 d-------- c:\program files\RegCure 2008-12-26 12:03 . 2008-12-26 12:03 d-------- c:\program files\Alwil Software 2008-12-26 12:03 . 2008-11-26 18:17 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys 2008-12-26 10:23 . 2008-12-26 10:23 d-------- c:\program files\Bonjour 2008-12-21 16:59 . 2008-12-21 16:59 d-------- c:\windows\System32\runtime 2008-12-21 16:58 . 2008-12-21 16:58 d-------- c:\users\Julien\AppData\Roaming\PC Tools 2008-12-21 16:58 . 2008-12-29 08:49 d-------- c:\program files\Spyware Doctor 2008-12-21 16:58 . 2008-12-21 17:20 81,288 --a------ c:\windows\System32\drivers\iksyssec.sys 2008-12-21 16:58 . 2008-12-21 17:20 66,952 --a------ c:\windows\System32\drivers\iksysflt.sys 2008-12-21 16:58 . 2008-12-21 17:20 40,840 --a------ c:\windows\System32\drivers\ikfilesec.sys 2008-12-21 16:58 . 2008-06-02 15:19 29,576 --a------ c:\windows\System32\drivers\kcom.sys 2008-12-21 16:57 . 2008-12-26 15:00 d-------- c:\program files\Norton Security Scan 2008-12-21 16:57 . 2008-12-26 15:01 d-------- c:\program files\Common Files\Symantec Shared 2008-12-21 13:16 . 2008-12-21 13:16 603,904 --a------ c:\windows\System32\TUProgSt.exe 2008-12-21 13:16 . 2008-12-21 13:16 360,192 --a------ c:\windows\System32\TuneUpDefragService.exe 2008-12-21 13:16 . 2008-12-11 13:31 27,904 --a------ c:\windows\System32\uxtuneup.dll 2008-12-21 13:16 . 2008-12-11 13:31 17,152 --a------ c:\windows\System32\authuitu.dll 2008-12-12 11:18 . 2008-12-12 11:18 87,336 --a------ c:\windows\System32\dns-sd.exe 2008-12-12 11:11 . 2008-12-12 11:11 61,440 --a------ c:\windows\System32\dnssd.dll 2008-12-10 15:04 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll 2008-12-10 13:41 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll 2008-12-10 13:41 . 2008-10-29 07:29 2,927,104 --a------ c:\windows\explorer.exe 2008-12-10 13:41 . 2008-10-16 05:47 827,392 --a------ c:\windows\System32\wininet.dll 2008-12-10 13:41 . 2008-10-21 06:25 296,960 --a------ c:\windows\System32\gdi32.dll 2008-12-10 13:41 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll 2008-12-10 13:40 . 2008-06-23 02:59 2,868,736 --a------ c:\windows\System32\mf.dll 2008-12-10 13:40 . 2008-06-23 02:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll 2008-12-10 13:40 . 2008-06-23 02:58 94,720 --a------ c:\windows\System32\logagent.exe 2008-12-05 17:21 . 2008-12-21 13:15 d-------- c:\program files\TuneUp Utilities 2009 2008-12-05 17:19 . 2008-12-05 17:19 d--hs---- c:\users\All Users\{55A29068-F2CE-456C-9148-C869879E2357} 2008-12-05 17:19 . 2008-12-05 17:19 d--hs---- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357} 2008-12-05 09:53 . 2008-02-23 05:38 170,496 --a------ c:\windows\System32\tcpipcfg.dll 2008-12-05 09:53 . 2008-02-23 03:41 22,528 --a------ c:\windows\System32\netiougc.exe 2008-12-05 09:52 . 2008-11-13 15:18 1,221,008 --a------ c:\windows\System32\zpeng25.dll 2008-11-29 16:22 . 2008-11-29 16:22 d-------- c:\users\Julien\AppData\Roaming\NCH Software 2008-11-29 16:21 . 2008-11-29 16:21 d-------- c:\users\All Users\NCH Swift Sound 2008-11-29 16:21 . 2008-11-29 16:21 d-------- c:\programdata\NCH Swift Sound 2008-11-29 16:20 . 2008-11-29 16:20 d-------- c:\program files\NCH Swift Sound . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-29 13:10 --------- d---a-w c:\programdata\TEMP 2008-12-29 12:51 348,370 ---ha-w c:\windows\system32\drivers\vsconfig.xml 2008-12-29 12:24 --------- d-----w c:\programdata\Google Updater 2008-12-28 14:18 --------- d-----w c:\program files\LimeWire 2008-12-28 14:01 --------- d-----w c:\users\Julien\AppData\Roaming\LimeWire 2008-12-26 17:55 771,584 ----a-w c:\windows\Internet Logs\xDB8B9B.tmp 2008-12-25 11:01 2,556,416 ----a-w c:\windows\Internet Logs\xDBB559.tmp 2008-12-21 16:00 --------- d-----w c:\program files\Google 2008-12-19 13:41 136,192 ----a-w c:\windows\Internet Logs\xDB9B19.tmp 2008-12-17 16:16 357,376 ----a-w c:\windows\Internet Logs\xDB99B4.tmp 2008-12-14 16:12 --------- d-----w c:\users\Julien\AppData\Roaming\U3 2008-12-14 15:36 5,113,473 ----a-w c:\windows\Internet Logs\tvDebug.zip 2008-12-14 15:35 663,552 ----a-w c:\windows\Internet Logs\xDBB8C6.tmp 2008-12-10 14:17 --------- d-----w c:\program files\Windows Mail 2008-12-10 14:08 --------- d-----w c:\programdata\Microsoft Help 2008-12-06 14:52 3,219,456 ----a-w c:\windows\Internet Logs\xDB9C72.tmp 2008-11-22 16:16 --------- d-----w c:\program files\iTunes 2008-11-22 16:15 --------- d-----w c:\program files\iPod 2008-11-22 16:15 --------- d-----w c:\program files\Common Files\Apple 2008-11-22 16:12 --------- d-----w c:\program files\QuickTime 2008-11-17 16:28 --------- d-----w c:\program files\Magentic 2008-11-15 16:04 --------- d-----w c:\users\Julien\AppData\Roaming\Winamp 2008-11-15 16:04 --------- d-----w c:\program files\Windows Sidebar 2008-11-15 16:03 --------- d-----w c:\programdata\CA 2008-11-15 14:40 --------- d-----w c:\program files\Common Files\Scanner 2008-11-15 14:40 --------- d-----w c:\program files\CA 2008-11-13 14:19 293,776 ----a-w c:\windows\system32\drivers\vsdatant.sys 2008-11-11 15:07 --------- d-----w c:\programdata\WinZip 2008-11-11 15:05 --------- d-----w c:\program files\WinZip(74) 2008-11-11 13:39 --------- dc-h--w c:\programdata\{5F2CE881-C7A5-4F1A-A1C0-A5BFC9A36913} 2008-11-11 13:21 --------- d-----w c:\program files\System Search Dispatcher 2008-11-11 13:21 --------- d-----w c:\program files\Network Optimizer 2008-11-11 13:19 --------- d-----w c:\program files\DoubleD 2008-11-11 11:29 --------- d-----w c:\programdata\Installations 2008-11-11 11:28 --------- d-----w c:\program files\Nokia 2008-11-11 11:28 --------- d-----w c:\program files\Common Files\PCSuite 2008-11-11 11:28 --------- d-----w c:\program files\Common Files\Nokia 2008-11-11 11:24 --------- d-----w c:\program files\PC Connectivity Solution 2008-11-09 10:27 --------- d-----w c:\program files\Common Files\Adobe 2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll 2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll 2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll 2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll 2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll 2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll 2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll 2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll 2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll 2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe 2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll 2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll 2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll 2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll 2008-10-16 13:08 162,064 ----a-w c:\windows\System32\wuwebv.dll 2008-10-16 12:56 31,232 ----a-w c:\windows\System32\wuapp.exe 2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll 2008-09-30 13:48 174 --sha-w c:\program files\desktop.ini 2008-06-08 08:48 774,144 ----a-w c:\program files\RngInterstitial.dll 2008-04-16 08:59 90 ----a-w c:\users\Julien\AppData\Roaming\wklnhst.dat . ((((((((((((((((((((((((((((( snapshot@2008-12-29_13.41.39,19 ))))))))))))))))))))))))))))))))))))))))) . - 2008-12-29 12:03:20 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-12-29 12:51:20 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2008-12-29 12:03:20 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2008-12-29 12:51:20 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2008-12-29 12:40:01 262,144 ----a-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-12-29 12:52:52 262,144 ----a-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT - 2008-12-29 12:39:55 262,144 ----a-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-12-29 14:11:31 262,144 ----a-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-12-29 14:11:31 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2008-12-29 12:03:35 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-12-29 12:53:18 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-12-29 12:03:35 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-12-29 12:53:18 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-12-29 12:03:35 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-12-29 12:53:18 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-12-29 12:05:58 11,298 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1147899661-3754589122-3210750849-1000_UserData.bin + 2008-12-29 12:54:07 11,298 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1147899661-3754589122-3210750849-1000_UserData.bin - 2008-12-29 12:05:58 62,182 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-12-29 12:54:06 62,316 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-12-29 12:05:55 62,034 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-12-29 12:54:05 62,050 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-18 68856] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-26 30192] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-21 1168264] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GOEC62~1.DLL [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog "ehTray.exe"=c:\windows\ehome\ehTray.exe "Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun "swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler "TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" "Magentic"=c:\progra~1\Magentic\bin\Magentic.exe /c "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe "AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot "PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{E85681D6-5E7B-4AC3-8B60-21E9A8392297}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{404DE23F-2668-4B95-AEA7-81722E42C60C}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{10A63DD7-4FF3-4451-BB45-3B42A9A86CE1}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{5D6C4397-BB23-4CC9-B68C-EBBBA8192F8A}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{E0799AA0-982C-45CF-A3B8-89584B5E391B}"= c:\program files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD "{EC94966C-E206-4561-B800-68636555B0AB}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{D98698DB-389D-451A-B0B9-C7412C84A974}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{662EC954-A3A6-4694-91EA-C726350EBDE7}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{9086C6CC-0FEB-495E-938F-2BD8563594B5}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{FED29BA3-BF10-42D4-BF07-95B34E74E3E5}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{4BA19CF4-9AAF-4FCF-8988-025026E276EC}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{8CF16E66-F3E4-4CED-9763-C66564547B54}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{B30C5900-7264-4817-93D6-5DC763369404}"= Disabled:UDP:c:\program files\Magentic\bin\MgImp.exe:Magentic "{1745CB37-94AA-4F69-938D-746AE58D9C70}"= Disabled:TCP:c:\program files\Magentic\bin\MgImp.exe:Magentic "{72C8367B-25B3-462F-8048-A55F85142D9A}"= Disabled:UDP:c:\program files\Magentic\bin\Magentic.exe:Magentic "{1D69EA50-5FE9-4661-B0C4-BD938BB0C03F}"= Disabled:TCP:c:\program files\Magentic\bin\Magentic.exe:Magentic "{E090BB8C-F35D-426D-9693-3A7F6D95104C}"= Disabled:UDP:c:\program files\Magentic\bin\MgApp.exe:Magentic "{51ABF7BB-521B-4E1D-A545-BB5570955C18}"= Disabled:TCP:c:\program files\Magentic\bin\MgApp.exe:Magentic "{D155B74A-B567-431A-BDCC-4E9978E77274}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{61A8129F-D53A-4E84-817C-76BD87B68523}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{956231B7-DB02-4889-816E-63501E34A4A1}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{02A1EDAA-3A82-4F4F-8633-42C4B5E894D8}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-26 111184] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2006-11-02 16:51:58 13560] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-26 20560] R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-12-26 51792] R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-21 356920] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2008-12-21 603904] S0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\system32\drivers\royal.sys [2008-03-02 240128] S2 gupdate1c963853d090218;Google Update Service (gupdate1c963853d090218);"c:\program files\Google\Update\GoogleUpdate.exe" /svc [2008-12-21 119280] S3 GKUPRO2D;GKUPRO2D;c:\windows\system32\Drivers\GKUPRO2D.sys [2005-02-18 71168] S3 GoogleDesktopManager-110408-113106;Google Desktop Manager 5.8.811.4345;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-18 30192] S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] \shell\AutoRun\command - G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f34e03e-44c3-11dd-9b52-0016767d0f89}] \shell\AutoRun\command - F:\InstallTomTomHOME.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e30f3099-e9e7-11dc-92b0-0016767d0f89}] \shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}] %SystemRoot%\system32\soundschemes.exe /AddRegistration [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}] %SystemRoot%\system32\soundschemes2.exe /AddRegistration . Inhoud van de 'Gedeelde Taken' map 2008-12-26 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-06-20 08:09] 2008-12-29 c:\windows\Tasks\1-klik Onderhoud.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 15:12] 2008-12-29 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2008-12-21 16:59] 2008-12-26 c:\windows\Tasks\Norton Security Scan for Julien.job - c:\program files\Norton Security Scan\Nss.exe [2008-12-11 17:49] 2008-12-29 c:\windows\Tasks\User_Feed_Synchronization-{7B55CDDB-F91A-4ACC-A4F0-079170E36C1F}.job - c:\windows\system32\msfeedssync.exe [2008-01-19 08:33] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-29 15:11:45 Windows 6.0.6001 Service Pack 1 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-12-29 15:19:17 ComboFix-quarantined-files.txt 2008-12-29 14:19:02 ComboFix2.txt 2008-12-29 12:46:02 Pre-Run: 31.139.495.936 bytes beschikbaar Post-Run: 30,783,488,000 bytes beschikbaar 321 --- E O F --- 2008-12-26 09:18:37