Archief - internet disconnects

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:44:59 PM, on 12/22/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Users\Nico De Baere\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nico De Baere\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nico De Baere\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nico De Baere\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nico De Baere\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nico De Baere\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nico De Baere\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Nico De Baere\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nico De Baere\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nico De Baere\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nico De Baere\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nico De Baere\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nico De Baere\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nico De Baere\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\mspaint.exe
C:\Users\Nico De Baere\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=15161&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading site
O1 - Hosts: 255.255.255.255 www.easyanticheat.se # misleading site
O1 - Hosts: 255.255.255.255 easyanticheat.com # misleading site
O1 - Hosts: 255.255.255.255 www.easyanticheat.com # misleading site
O1 - Hosts: 255.255.255.255 easyanticheat.org # misleading site
O1 - Hosts: 255.255.255.255 www.easyanticheat.org # misleading site
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ShoppingReport2 - {258C9770-1713-4021-8D7E-1F184A2BD754} - (no file)
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Linksys Wireless Manager] "C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Google Update] "C:\Users\Nico De Baere\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {DB38E21A-0133-419d-92AD-ECDFD5244D6D} - (no file)
O9 - Extra button: ShopperReports - Compare travel rates - {EB620C54-E229-4942-87CE-E717109FC8C6} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ApacheS1 - Unknown owner - I:\UniServer\usr\local\apache2\bin\Apache.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ZoneAlarm ForceField IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: MySQLS1 - Unknown owner - I:\UniServer\usr\local\mysql\bin\mysqld-opt.exe (file missing)
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 10091 bytes

Emsisoft Emergency Kit - Version 1.0
Last update: N/A

Scan settings:

Scan type: Deep Scan
Objects: Memory, Traces, Cookies, C:\, F:\, G:\
Scan archives: On
Heuristics: Off
ADS Scan: On

Scan start:	12/26/2011 2:02:44 AM

Key: HKEY_LOCAL_MACHINE\software\Freeze.com\ 	detected: Trace.Registry.Freeze!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Freeze.com\Installer --> id 	detected: Trace.Registry.EZ Game Cheats!A2
C:\Program Files\AutoHotkey\Compiler\Ahk2Exe.exe 	detected: Trojan.SuspectCRC!IK
C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll 	detected: Malware.Win32.AMN!A2
C:\Program Files\Vistumbler\update.exe 	detected: Trojan.SuspectCRC!IK
C:\Users\Nico De Baere\AppData\Roaming\BBD9634BDA46269822AAAE23C7834C24\newreleaseversion70700.exe 	detected: Trojan.Win32.FakeAV!IK
G:\BACKUP\Game Setup\Counter-Strike\--- backup\usbmrs11.exe 	detected: Riskware.Win32.HackTool.Patcher.B!A2
G:\BACKUP\Game Setup\Counter-Strike\mouse hz\dseo13b.exe 	detected: Trojan.Win32.Tool.Driverunsign!A2
G:\BACKUP\Programma's\- Adobe\CS4Crack\Adobe Creative Suite 4 Keygen.exe 	detected: Riskware.Keygen.Adobe!IK

Scanned

Files: 	646328
Traces: 	441120
Cookies: 	2
Processes: 	49

Found

Files: 	7
Traces: 	2
Cookies: 	0
Processes: 	0
Registry keys: 	0

Scan end:	12/26/2011 6:28:52 AM
Scan time:	4:26:08

G:\BACKUP\Programma's\- Adobe\CS4Crack\Adobe Creative Suite 4 Keygen.exe	Deleted Riskware.Keygen.Adobe!IK
G:\BACKUP\Game Setup\Counter-Strike\mouse hz\dseo13b.exe	Deleted Trojan.Win32.Tool.Driverunsign!A2
G:\BACKUP\Game Setup\Counter-Strike\--- backup\usbmrs11.exe	Deleted Riskware.Win32.HackTool.Patcher.B!A2
C:\Users\Nico De Baere\AppData\Roaming\BBD9634BDA46269822AAAE23C7834C24\newreleaseversion70700.exe	Deleted Trojan.Win32.FakeAV!IK
C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll	Deleted Malware.Win32.AMN!A2
C:\Program Files\AutoHotkey\Compiler\Ahk2Exe.exe	Deleted Trojan.SuspectCRC!IK
C:\Program Files\Vistumbler\update.exe	Deleted Trojan.SuspectCRC!IK
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Freeze.com\Installer --> id	Deleted Trace.Registry.EZ Game Cheats!A2
Key: HKEY_LOCAL_MACHINE\software\Freeze.com\	Deleted Trace.Registry.Freeze!A2

Deleted

Files: 	7
Traces: 	2
Cookies: 	0

ComboFix 11-12-28.03 - Nico De Baere 12/28/2011  19:38:54.2.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.3071.1831 [GMT 1:00]
Running from: c:\users\Nico De Baere\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: ZoneAlarm Extreme Security Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Extreme Security Anti-Spyware *Disabled/Updated* {52279396-A3A0-FED7-C02E-6E9598AA3098}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Nico De Baere\AppData\Roaming\EurekaLog
.
.
(((((((((((((((((((((((((   Files Created from 2011-11-28 to 2011-12-28  )))))))))))))))))))))))))))))))
.
.
2011-12-28 18:50 . 2011-12-28 18:50	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-12-28 18:29 . 2011-12-28 18:29	29904	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0F49D712-0674-4EDA-9509-76D2B891CECD}\MpKsl687d782e.sys
2011-12-28 18:29 . 2011-12-28 18:29	56200	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0F49D712-0674-4EDA-9509-76D2B891CECD}\offreg.dll
2011-12-27 15:02 . 2011-12-27 15:01	703824	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EE9496BD-73B9-4B3E-BCA7-9832B63781FB}\gapaengine.dll
2011-12-27 15:02 . 2011-11-21 10:47	6823496	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0F49D712-0674-4EDA-9509-76D2B891CECD}\mpengine.dll
2011-12-26 15:30 . 2011-11-21 10:47	6823496	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-12-26 15:28 . 2011-12-26 15:31	--------	d-----w-	c:\program files\Microsoft Security Client
2011-12-24 21:24 . 2011-12-28 18:50	--------	d-----w-	c:\users\Nico De Baere\AppData\Local\temp
2011-12-24 20:11 . 2011-12-24 20:11	--------	d-----w-	c:\users\Nico De Baere\AppData\Roaming\Malwarebytes
2011-12-24 20:11 . 2011-12-24 20:11	--------	d-----w-	c:\programdata\Malwarebytes
2011-12-24 20:11 . 2011-08-31 16:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-12-24 20:11 . 2011-12-24 20:11	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-12-21 15:01 . 2011-12-22 13:01	--------	d-----w-	c:\program files\Vistumbler
2011-12-21 14:35 . 2011-12-21 14:35	--------	d-----w-	c:\program files\Network Stumbler
2011-12-20 19:25 . 2011-12-20 19:27	--------	d-----w-	c:\users\Nico De Baere\AppData\Roaming\Mumble
2011-12-14 18:08 . 2011-12-14 18:08	--------	d-----w-	c:\program files\Seagate
2011-12-09 11:13 . 2011-12-09 11:13	--------	d-----w-	c:\program files\Apple Software Update
2011-12-01 18:35 . 2011-12-01 18:35	--------	d-----w-	C:\Multimedia Files
2011-12-01 18:35 . 2011-12-01 18:35	--------	d-----w-	c:\program files\Microsoft GIF Animator
2011-11-29 03:52 . 2011-11-29 03:58	--------	d-----w-	c:\users\Nico De Baere\AppData\Roaming\Audacity
2011-11-29 03:52 . 2011-11-29 03:52	--------	d-----w-	c:\program files\Audacity 1.3 Beta (Unicode)
2011-11-28 23:23 . 2011-11-28 23:23	--------	d-----w-	C:\World of Warcraft
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 10:47 . 2010-09-09 16:12	6823496	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-24 13:29 . 2011-10-24 13:29	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29	69632	----a-w-	c:\windows\system32\QuickTime.qts
2011-10-19 09:51 . 2011-09-09 09:20	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2010-03-16 251904]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-08 336384]
"Linksys Wireless Manager"="c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2010-03-26 1374336]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Nico De Baere^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]
path=c:\users\Nico De Baere\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
backup=c:\windows\pss\CurseClientStartup.ccip.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-09-22 17:11	640440	----a-w-	c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2011-09-07 13:53	40376	----a-w-	c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 14:58	611712	----a-w-	c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51	691656	----a-w-	c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-02-15 01:32	1230704	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-22 00:13	136176	----atw-	c:\users\Nico De Baere\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-03-09 08:02	26100520	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-21 03:18	1242448	----a-w-	c:\program files\Steam\Steam.exe
.
R1 MpKsl044ca5c3;MpKsl044ca5c3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ED2EBF75-9072-447D-B3D7-DB5CD65D87BA}\MpKsl044ca5c3.sys [x]
R1 MpKsl069f09a6;MpKsl069f09a6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ED2EBF75-9072-447D-B3D7-DB5CD65D87BA}\MpKsl069f09a6.sys [x]
R1 MpKsl070da20a;MpKsl070da20a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D7B585A6-0FEF-4517-820A-B2A9FB9BC17E}\MpKsl070da20a.sys [x]
R1 MpKsl0b01329a;MpKsl0b01329a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9FB01A7D-EA82-428C-8153-F8E685EB8E99}\MpKsl0b01329a.sys [x]
R1 MpKsl13e9f4b7;MpKsl13e9f4b7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE6D497C-97D2-46EF-82A4-1E79D355C07B}\MpKsl13e9f4b7.sys [x]
R1 MpKsl16639ced;MpKsl16639ced;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D7B585A6-0FEF-4517-820A-B2A9FB9BC17E}\MpKsl16639ced.sys [x]
R1 MpKsl1ae23269;MpKsl1ae23269;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FF7815CF-6D2E-4594-A5AF-8DF51C030F53}\MpKsl1ae23269.sys [x]
R1 MpKsl1ee8b784;MpKsl1ee8b784;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D7B585A6-0FEF-4517-820A-B2A9FB9BC17E}\MpKsl1ee8b784.sys [x]
R1 MpKsl242982cc;MpKsl242982cc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9FB01A7D-EA82-428C-8153-F8E685EB8E99}\MpKsl242982cc.sys [x]
R1 MpKsl2ec1fc00;MpKsl2ec1fc00;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D7B585A6-0FEF-4517-820A-B2A9FB9BC17E}\MpKsl2ec1fc00.sys [x]
R1 MpKsl307686c4;MpKsl307686c4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{38517241-FD5D-457B-B240-D097AB3B4983}\MpKsl307686c4.sys [x]
R1 MpKsl348c8b0f;MpKsl348c8b0f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{70BF4344-CD07-4AD7-A2D8-7B7D93F6BDB9}\MpKsl348c8b0f.sys [x]
R1 MpKsl39fd42e7;MpKsl39fd42e7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D7B585A6-0FEF-4517-820A-B2A9FB9BC17E}\MpKsl39fd42e7.sys [x]
R1 MpKsl48becf85;MpKsl48becf85;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FF7815CF-6D2E-4594-A5AF-8DF51C030F53}\MpKsl48becf85.sys [x]
R1 MpKsl5368a9d1;MpKsl5368a9d1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B5F4F175-E2E8-4057-8839-18866A77FBB1}\MpKsl5368a9d1.sys [x]
R1 MpKsl5dcedf86;MpKsl5dcedf86;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1A55D67B-573D-4F7F-90DD-B56DED18F6F0}\MpKsl5dcedf86.sys [x]
R1 MpKsl7c4bad78;MpKsl7c4bad78;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{38C0CD60-4F29-4302-A0E4-600BDC33AFC2}\MpKsl7c4bad78.sys [x]
R1 MpKsl89ad0b5f;MpKsl89ad0b5f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D7B585A6-0FEF-4517-820A-B2A9FB9BC17E}\MpKsl89ad0b5f.sys [x]
R1 MpKsl8a4de832;MpKsl8a4de832;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1A55D67B-573D-4F7F-90DD-B56DED18F6F0}\MpKsl8a4de832.sys [x]
R1 MpKsl8a5c407b;MpKsl8a5c407b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D7B585A6-0FEF-4517-820A-B2A9FB9BC17E}\MpKsl8a5c407b.sys [x]
R1 MpKsl8c45e9e0;MpKsl8c45e9e0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5C13D41B-22D6-4A32-8620-56325F386D41}\MpKsl8c45e9e0.sys [x]
R1 MpKsl99d1894a;MpKsl99d1894a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ED2EBF75-9072-447D-B3D7-DB5CD65D87BA}\MpKsl99d1894a.sys [x]
R1 MpKsl9e8d9c49;MpKsl9e8d9c49;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C3BCD9E4-6B9D-42FC-8A12-B5145C6ACAAC}\MpKsl9e8d9c49.sys [x]
R1 MpKsla9304857;MpKsla9304857;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D7B585A6-0FEF-4517-820A-B2A9FB9BC17E}\MpKsla9304857.sys [x]
R1 MpKslb115bc09;MpKslb115bc09;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{38C0CD60-4F29-4302-A0E4-600BDC33AFC2}\MpKslb115bc09.sys [x]
R1 MpKslc01189cd;MpKslc01189cd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{38C0CD60-4F29-4302-A0E4-600BDC33AFC2}\MpKslc01189cd.sys [x]
R1 MpKslc1a4e7dd;MpKslc1a4e7dd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{38C0CD60-4F29-4302-A0E4-600BDC33AFC2}\MpKslc1a4e7dd.sys [x]
R1 MpKslc676270a;MpKslc676270a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FF7815CF-6D2E-4594-A5AF-8DF51C030F53}\MpKslc676270a.sys [x]
R1 MpKslc69d3e06;MpKslc69d3e06;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D7B585A6-0FEF-4517-820A-B2A9FB9BC17E}\MpKslc69d3e06.sys [x]
R1 MpKsld92bc760;MpKsld92bc760;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D7B585A6-0FEF-4517-820A-B2A9FB9BC17E}\MpKsld92bc760.sys [x]
R1 MpKslf3af07b8;MpKslf3af07b8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D7B585A6-0FEF-4517-820A-B2A9FB9BC17E}\MpKslf3af07b8.sys [x]
R1 MpKslfece2274;MpKslfece2274;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D7B585A6-0FEF-4517-820A-B2A9FB9BC17E}\MpKslfece2274.sys [x]
R2 ApacheS1;ApacheS1;i:\uniserver\usr\local\apache2\bin\Apache.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-12 136176]
R2 MySQLS1;MySQLS1;i:\uniserver\usr\local\mysql\bin\mysqld-opt.exe [x]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-12 136176]
R3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [2010-08-27 35568]
R3 netr73;Belkin Wireless 54G USB Network Adapter Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2010-09-08 464384]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-04-21 111280]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-08 48128]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-06 1343400]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-22 721904]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-03-29 114984]
S1 MpKsl687d782e;MpKsl687d782e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0F49D712-0674-4EDA-9509-76D2B891CECD}\MpKsl687d782e.sys [2011-12-28 29904]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-04-21 162544]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-04-21 44784]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-07 176128]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-03-29 134024]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-03-29 810120]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-03-29 96896]
S2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-08-27 26352]
S2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-08-27 493032]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-07 7723008]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-07 239616]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [2009-07-13 47104]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2009-12-16 10752]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
S3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2010-03-25 841504]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-04-21 122224]
S3 vHidDev;Razer Gaming Device;c:\windows\system32\DRIVERS\vHidDev.sys [2009-12-22 5760]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL687D782E
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-12 11:55]
.
2011-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-12 11:55]
.
2011-12-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1251164778-2435937666-1213880133-1000Core.job
- c:\users\Nico De Baere\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-22 00:13]
.
2011-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1251164778-2435937666-1213880133-1000UA.job
- c:\users\Nico De Baere\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-22 00:13]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.130.130.5 195.130.131.5
FF - ProfilePath - c:\users\Nico De Baere\AppData\Roaming\Mozilla\Firefox\Profiles\796ublb1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://eu.ask.com?o=15161&l=dis
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=15158&locale=nl_EU&apn_uid=5DC94C40-41D2-484A-81D2-2C104B158A4E&apn_ptnrs=UG&apn_sauid=8EE31F7B-8574-4182-BA54-D965D93B74CA&apn_dtid=YYYYYYYYBE&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQLS1]
"ImagePath"="i:\uniserver\usr\local\mysql\bin\mysqld-opt.exe --defaults-file=I:/UniServer/usr/local/mysql/my.ini MySQLS1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1251164778-2435937666-1213880133-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:50,e3,52,8f,43,cb,1d,44,2c,e0,50,89,84,15,4d,5c,82,21,be,be,fc,6d,c9,
   13,91,54,be,a6,aa,31,37,0c,71,cf,63,78,a1,03,68,27,ab,8d,4c,86,cd,ad,19,b1,\
"??"=hex:ae,42,09,9c,df,12,b5,87,8d,fc,5e,97,82,f0,46,d0
.
[HKEY_USERS\S-1-5-21-1251164778-2435937666-1213880133-1000\Software\SecuROM\License information*]
"datasecu"=hex:09,e3,1d,d6,d8,b6,16,a5,50,a7,06,92,02,8f,9f,1d,c8,8c,b3,a3,4e,
   70,64,e7,c3,db,16,dd,a9,21,49,3e,3a,b2,0b,ac,e0,ee,98,3f,70,02,c2,2a,71,8a,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-28  19:59:31
ComboFix-quarantined-files.txt  2011-12-28 18:59
ComboFix2.txt  2011-12-24 21:30
.
Pre-Run: 14,528,561,152 bytes free
Post-Run: 15,440,814,080 bytes free
.
- - End Of File - - 62172700D1582D5B7B6EC9FE61D9190F