gesveld
Legacy Member
ComboFix 10-03-12.02 - gertjan 13-03-2010 0:13.7.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1043.18.3062.1800 [GMT 1:00]
Gestart vanuit: c:\users\gertjan\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\qpuztwca.dll
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-02-12 to 2010-03-12 ))))))))))))))))))))))))))))))
.
2010-03-12 23:20 . 2010-03-12 23:20 -------- d-----w- c:\users\gertjan\AppData\Local\temp
2010-03-12 23:20 . 2010-03-12 23:20 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-12 23:20 . 2010-03-12 23:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-10 15:03 . 2010-03-10 15:03 -------- d-----w- c:\users\gertjan\AppData\Roaming\Gaijin Ent
2010-03-10 15:03 . 2010-03-10 15:03 -------- d-----w- c:\users\gertjan\AppData\Roaming\Zylom
2010-03-10 15:03 . 2006-09-26 11:03 98304 ----a-w- c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
2010-03-10 15:03 . 2010-03-10 15:03 -------- d-----w- c:\programdata\Zylom
2010-03-10 15:03 . 2006-09-26 11:03 161976 ----a-w- c:\programdata\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll
2010-03-10 15:03 . 2010-03-10 15:03 -------- d-----w- c:\program files\Zylom Games
2010-03-09 09:54 . 2010-03-09 09:54 -------- d-----w- c:\program files\TagRename
2010-03-09 09:49 . 2010-03-09 09:49 -------- d-----w- c:\program files\AMR
2010-03-09 09:44 . 2010-03-09 09:47 -------- d-----w- c:\users\gertjan\AppData\Roaming\ID3-TagIT 3
2010-03-09 09:43 . 2010-03-09 09:43 -------- d-----w- c:\program files\ID3-TagIT 3
2010-03-09 09:43 . 2010-03-09 09:43 -------- d-----w- c:\programdata\ID3-TagIT 3
2010-03-08 22:40 . 2007-06-28 17:52 765952 ----a-w- c:\windows\system32\xvidcore.dll
2010-03-08 22:40 . 2007-06-28 17:54 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-03-08 22:40 . 2010-03-08 22:40 -------- d-----w- c:\program files\Xvid
2010-03-07 08:36 . 2010-03-07 08:36 -------- d-----w- c:\users\gertjan\AppData\Roaming\MessengerDiscovery 2
2010-03-07 08:35 . 2010-03-07 08:35 -------- d-----w- c:\programdata\MessengerDiscovery 2
2010-03-07 08:35 . 2010-03-07 08:35 -------- d-----w- c:\program files\MessengerDiscovery 2
2010-03-05 15:31 . 2009-12-13 09:30 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-03-05 15:31 . 2009-12-13 09:29 417792 ----a-w- c:\windows\system32\msdri.dll
2010-03-05 15:31 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-03-05 15:31 . 2009-12-08 11:40 3955288 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-03-05 15:31 . 2009-12-08 11:40 3899464 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-03-05 15:31 . 2009-12-08 11:32 292864 ----a-w- c:\windows\system32\apphelp.dll
2010-03-05 09:23 . 2010-03-05 09:23 -------- d-----w- c:\users\gertjan\AppData\Local\Gas Powered Games
2010-03-04 19:25 . 2010-03-04 19:26 -------- d-----w- c:\users\gertjan\AppData\Roaming\Belastingdienst
2010-03-04 19:23 . 2010-03-04 19:23 -------- d-----w- c:\program files\Belastingdienst
2010-03-03 15:28 . 2010-03-03 15:28 -------- d-----w- c:\users\gertjan\AppData\Local\PunkBuster
2010-03-02 15:59 . 2010-03-02 15:59 138056 ----a-w- c:\users\gertjan\AppData\Roaming\PnkBstrK.sys
2010-03-02 15:45 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-03-02 15:45 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-03-02 15:45 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-03-02 15:45 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-03-02 15:45 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-03-02 15:45 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-03-02 15:45 . 2008-10-27 09:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2010-03-02 15:45 . 2008-10-27 09:04 235856 ----a-w- c:\windows\system32\xactengine3_3.dll
2010-03-02 15:45 . 2008-10-27 09:04 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2010-03-02 15:45 . 2008-10-27 09:04 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2010-03-01 08:10 . 2010-02-02 07:45 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-28 10:40 . 2001-10-05 19:02 143360 ----a-w- c:\windows\system32\Stamin32.Dll
2010-02-28 08:33 . 2010-02-28 08:33 -------- d-----w- c:\program files\RAR Password Recovery Magic
2010-02-27 13:48 . 2010-02-27 13:52 -------- d-----w- c:\users\gertjan\AppData\Roaming\Static Windows Live Mail Backup
2010-02-27 13:47 . 2010-02-27 13:47 -------- d-----w- c:\program files\Static Windows Live Mail Backup
2010-02-27 13:38 . 2005-06-15 02:00 102400 ----a-w- c:\windows\system32\tsccvid.dll
2010-02-27 13:37 . 2010-02-27 16:06 -------- d-----w- c:\users\gertjan\AppData\Local\odbcesentd9
2010-02-25 19:26 . 2010-02-27 15:49 -------- d-----w- c:\program files\7-Zip
2010-02-25 11:52 . 2010-02-25 11:56 -------- d-----w- c:\users\gertjan\AppData\Local\Babylon
2010-02-25 11:51 . 2010-02-25 11:51 -------- d-----w- c:\program files\Babylon
2010-02-25 11:51 . 2010-03-12 23:08 -------- d-----w- c:\programdata\Babylon
2010-02-25 11:51 . 2010-02-28 08:39 -------- d-----w- c:\users\gertjan\AppData\Roaming\Babylon
2010-02-24 09:11 . 2010-02-24 09:11 -------- d-----w- c:\users\gertjan\AppData\Roaming\ValuSoft
2010-02-23 22:01 . 2010-02-25 15:09 -------- d-----w- c:\program files\Prison Tycoon 4
2010-02-22 17:43 . 2010-02-22 17:43 -------- d-----w- c:\program files\Unlocker
2010-02-22 10:42 . 2010-02-22 10:44 -------- d-----w- c:\users\gertjan\AppData\Local\Electronic Arts
2010-02-22 03:39 . 2010-02-22 03:39 -------- d-----w- c:\windows\Sun
2010-02-21 20:08 . 2010-02-21 20:08 -------- d-----w- c:\program files\EGB3
2010-02-21 12:02 . 2010-02-20 23:30 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-20 23:31 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-20 23:31 . 2010-02-20 23:31 -------- dc----w- c:\windows\system32\DRVSTORE
2010-02-20 23:28 . 2010-02-20 23:28 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-02-20 23:28 . 2010-02-04 15:53 2954656 -c--a-w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-02-20 23:27 . 2010-02-20 23:31 -------- d-----w- c:\programdata\Lavasoft
2010-02-20 23:27 . 2010-02-20 23:28 -------- d-----w- c:\program files\Lavasoft
2010-02-20 09:43 . 2010-02-20 10:07 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2010-02-19 19:04 . 2010-02-19 19:04 -------- d-----w- c:\users\gertjan\AppData\Roaming\Malwarebytes
2010-02-19 19:03 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-19 19:03 . 2010-02-19 19:03 -------- d-----w- c:\programdata\Malwarebytes
2010-02-19 19:03 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-19 19:03 . 2010-02-19 19:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-19 18:48 . 2010-02-19 18:48 -------- d-----w- c:\windows\system32\Wat
2010-02-19 18:45 . 2010-02-19 18:45 -------- d-----w- c:\program files\Trend Micro
2010-02-18 14:53 . 2010-02-18 14:53 -------- d-----w- c:\program files\Osirius
2010-02-18 14:53 . 1998-10-01 14:22 302592 ----a-w- c:\windows\unin0413.exe
2010-02-16 19:17 . 2010-02-16 19:24 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-02-16 19:17 . 2010-02-16 19:17 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-02-11 22:34 . 2010-02-11 22:34 -------- d-----w- c:\program files\Windows Doctor
2010-02-10 23:32 . 2010-02-10 23:32 -------- d-----w- c:\programdata\SugarGames
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-12 23:14 . 2010-01-15 14:38 -------- d-----w- c:\users\gertjan\AppData\Roaming\uTorrent
2010-03-11 15:08 . 2009-07-14 08:27 691728 ----a-w- c:\windows\system32\perfh013.dat
2010-03-11 15:08 . 2009-07-14 08:27 130232 ----a-w- c:\windows\system32\perfc013.dat
2010-03-10 22:58 . 2010-01-15 14:31 -------- d-----w- c:\programdata\Microsoft Help
2010-03-10 17:57 . 2010-01-23 18:05 -------- d-----w- c:\users\gertjan\AppData\Roaming\vlc
2010-03-07 22:57 . 2010-01-18 23:40 -------- d-----w- c:\users\gertjan\AppData\Roaming\FrostWire
2010-03-07 20:20 . 2010-01-18 23:16 -------- d-----w- c:\programdata\SuperMP3Download
2010-03-03 14:32 . 2010-01-16 17:59 -------- d-----w- c:\program files\GemistDownloader
2010-03-03 14:18 . 2009-07-13 23:11 21584 ------w- c:\windows\system32\drivers\atapi.sys
2010-02-28 11:23 . 2010-01-21 12:02 -------- d-----w- c:\program files\Launch Manager
2010-02-28 08:39 . 2010-01-25 08:00 -------- d-----w- c:\program files\RAR Password Unlocker
2010-02-28 00:16 . 2010-01-15 15:03 -------- d-----w- c:\program files\QuickPar
2010-02-27 13:34 . 2010-01-15 14:09 112328 ----a-w- c:\users\gertjan\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-26 21:08 . 2010-01-15 14:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-26 21:04 . 2010-01-15 14:26 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-24 08:16 . 2010-01-15 13:32 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-19 23:21 . 2010-01-28 10:04 -------- d-----w- c:\program files\Opera
2010-02-19 18:49 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll
2010-02-19 18:49 . 2009-07-13 23:36 13824 ----a-w- c:\windows\system32\slwga.dll
2010-02-19 18:49 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll
2010-02-16 09:02 . 2010-01-18 23:28 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-14 17:55 . 2010-01-15 13:56 -------- d-----w- c:\program files\AVS4YOU
2010-02-14 17:55 . 2010-01-15 14:00 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-02-09 19:32 . 2010-02-09 19:31 -------- d-----w- c:\program files\Davilex
2010-02-09 13:12 . 2010-02-09 13:12 -------- d-----w- c:\users\gertjan\AppData\Roaming\Template
2010-02-09 13:12 . 2010-01-22 09:37 118 ----a-w- c:\users\gertjan\AppData\Roaming\wklnhst.dat
2010-02-08 17:48 . 2010-02-08 17:28 0 ----a-w- c:\windows\mfont.dat
2010-02-08 07:54 . 2010-02-08 07:54 -------- d-----w- c:\program files\My Favorite Recipes
2010-02-08 07:50 . 2010-02-08 07:50 -------- d-----w- c:\program files\Carta
2010-02-07 22:45 . 2010-02-07 22:44 -------- dc-h--w- c:\programdata\{90269C77-822B-4F2B-A5AC-208F0AE1BA2D}
2010-02-07 22:45 . 2010-02-07 22:45 -------- d-----w- c:\program files\SmokeySoft
2010-02-05 07:22 . 2010-01-15 13:23 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-04 18:55 . 2010-01-15 13:20 -------- d-----w- c:\users\gertjan\AppData\Roaming\DAEMON Tools Lite
2010-02-04 15:12 . 2009-07-13 23:40 249856 ----a-w- c:\windows\system32\uxtheme.dll
2010-02-04 15:12 . 2009-07-13 23:39 37376 ----a-w- c:\windows\system32\themeservice.dll
2010-02-04 15:12 . 2009-07-13 23:39 2755072 ----a-w- c:\windows\system32\themeui.dll
2010-02-02 23:42 . 2010-02-02 23:42 -------- d-----w- c:\program files\Plus!
2010-02-02 12:13 . 2010-02-02 12:13 -------- d-----w- c:\users\gertjan\AppData\Roaming\Playrix Entertainment
2010-02-01 19:28 . 2010-02-01 19:27 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-02-01 14:35 . 2010-02-01 14:35 3 ----a-w- C:\BLINDEN.SYS
2010-01-29 09:17 . 2010-01-29 09:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2010-01-28 09:50 . 2010-01-20 14:57 -------- d-----w- c:\users\gertjan\AppData\Roaming\ArcSoft
2010-01-28 09:25 . 2010-01-28 09:25 0 ----a-w- c:\windows\nsreg.dat
2010-01-28 08:03 . 2010-01-28 08:03 -------- d-----w- c:\programdata\Fighters
2010-01-28 08:02 . 2010-01-28 08:02 -------- d-----w- c:\program files\Fighters
2010-01-28 07:16 . 2010-01-28 07:16 -------- d-----w- c:\program files\Common Files\Java
2010-01-28 02:56 . 2010-01-18 23:28 -------- d-----w- c:\program files\Java
2010-01-26 22:33 . 2010-01-26 22:33 23 ----a-w- c:\windows\system32\krx220.dat
2010-01-26 22:33 . 2010-01-26 22:33 -------- d-----w- c:\users\gertjan\AppData\Roaming\Kristanix Software
2010-01-26 08:16 . 2010-01-15 15:19 -------- d-----w- c:\users\gertjan\AppData\Roaming\NewsLeecher
2010-01-23 18:04 . 2010-01-23 18:04 -------- d-----w- c:\program files\VideoLAN
2010-01-23 08:48 . 2010-01-19 18:21 -------- d-----w- c:\programdata\Messenger Plus!
2010-01-23 05:26 . 2010-01-15 15:11 -------- d-----w- c:\program files\Messenger Plus! Live
2010-01-23 02:01 . 2010-01-15 14:36 -------- d-----w- c:\program files\Microsoft Works
2010-01-22 10:31 . 2010-01-22 10:31 -------- d-----w- c:\program files\Bit Che
2010-01-22 10:31 . 2010-01-22 10:31 -------- d-----w- c:\users\gertjan\AppData\Roaming\Convivea
2010-01-22 07:34 . 2010-01-22 07:34 41296 ----a-r- c:\windows\system32\hlp95en.dll
2010-01-21 21:45 . 2010-01-15 15:12 -------- d-----w- c:\users\gertjan\AppData\Roaming\URSoft
2010-01-21 18:30 . 2010-01-21 18:30 -------- d-----w- c:\users\gertjan\AppData\Roaming\ImgBurn
2010-01-21 12:41 . 2010-01-21 12:41 -------- d-----w- c:\users\gertjan\AppData\Roaming\Intel
2010-01-21 12:41 . 2010-01-21 12:41 -------- d-----w- c:\programdata\Roaming
2010-01-21 12:40 . 2010-01-21 12:40 -------- d-----w- c:\programdata\Intel
2010-01-21 12:40 . 2010-01-21 12:40 -------- d-----w- c:\program files\Cisco
2010-01-21 12:38 . 2010-01-15 16:50 -------- d-----w- c:\program files\Intel
2010-01-21 12:37 . 2010-01-21 12:37 -------- d-----w- c:\programdata\Broadcom
2010-01-21 12:34 . 2010-01-21 12:34 -------- d-----w- c:\program files\ATI Technologies
2010-01-21 12:34 . 2010-01-21 12:34 -------- d-----w- c:\program files\ATI
2010-01-21 11:50 . 2010-01-21 11:50 -------- d-----w- c:\program files\Broadcom
2010-01-21 11:36 . 2010-01-21 11:35 -------- d-----w- c:\program files\Common Files\snp2uvc
2010-01-21 11:34 . 2010-01-21 11:34 -------- d-----w- c:\programdata\InstallShield
2010-01-21 11:34 . 2010-01-21 11:34 -------- d-----w- c:\program files\SuYin
2010-01-21 11:33 . 2010-01-21 11:33 -------- d-----w- c:\users\gertjan\AppData\Roaming\InstallShield
2010-01-21 09:45 . 2010-01-21 09:45 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-01-20 09:16 . 2010-01-15 15:48 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 00:06 . 2010-01-19 00:06 0 ----a-w- c:\users\gertjan\AppData\Roaming\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2010-01-18 23:40 . 2010-01-15 14:43 -------- d-----w- c:\program files\FrostWire
2010-01-18 23:29 . 2010-02-10 11:08 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-10 11:08 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-10 11:08 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-10 11:08 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-10 11:08 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-10 11:08 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-10 11:08 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-10 11:08 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-18 23:16 . 2010-01-18 23:16 -------- d-----w- c:\users\gertjan\AppData\Roaming\SuperMP3Download
2010-01-17 16:52 . 2010-01-17 16:52 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-01-17 07:09 . 2010-01-17 07:09 -------- d-----w- c:\program files\SuperMp3Download
2010-01-16 12:30 . 2010-01-16 12:30 -------- d-----w- c:\programdata\Sports Interactive
2010-01-16 12:29 . 2010-01-16 12:04 -------- d-----w- c:\users\gertjan\AppData\Roaming\Sports Interactive
2010-01-16 12:11 . 2010-01-16 12:08 -------- d--h--w- c:\program files\Zero G Registry
2010-01-15 19:24 . 2010-01-15 19:23 -------- d-----w- c:\users\gertjan\AppData\Roaming\CyberLink
2010-01-15 19:24 . 2010-01-15 14:26 -------- d-----w- c:\programdata\CyberLink
2010-01-15 19:15 . 2010-01-15 19:01 -------- d-----w- c:\users\gertjan\AppData\Roaming\Ahead
2010-01-15 19:01 . 2010-01-15 18:58 -------- d-----w- c:\program files\Common Files\Ahead
2010-01-15 18:58 . 2010-01-15 18:58 -------- d-----w- c:\programdata\Nero
2010-01-15 18:58 . 2010-01-15 18:58 -------- d-----w- c:\program files\Nero
2010-01-15 16:51 . 2010-01-15 16:51 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-01-15 15:47 . 2010-01-15 15:22 -------- d-----w- c:\program files\Microsoft
2010-01-15 15:46 . 2010-01-15 15:46 -------- d-----w- c:\program files\CONEXANT
2010-01-15 15:27 . 2010-01-15 15:27 -------- d-----w- c:\programdata\DVD Shrink
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
------- Sigcheck -------
[-] 2010-02-19 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-01-15 289584]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-07-04 148776]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-01-19 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-09-01 75048]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-11 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-11 150552]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-07-04 161064]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-24 1190920]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2009-07-01 3706256]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [x]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [2007-10-16 81920]
R2 rmnspirn;Microsoft Infrared HID Support;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [2007-10-16 2711552]
R3 netw5v32;Stuurprogramma voor Intel(R) Wireless WiFi Link 5000 Series-adapter 32-bits Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-19 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-02-05 691696]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-04 64288]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/01/15 15:26];c:\program files\CyberLink\PowerDVD9\000.fcl [2009-09-01 15:59 87536]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-12-18 95896]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-20 1229232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
rmnspirn
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.hyves.nl/?&pageid=V1R0TMWA9SG84GGO
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
TCP: {AA61F0C2-6F24-4C44-BD0B-C4BC2303AE86} = 208.67.222.222,208.67.220.220
.
- - - - ORPHANS VERWIJDERD - - - -
BHO-{2C0179FC-C906-4320-9A50-906663D3D994} - c:\windows\system32\qpuztwca.dll
BHO-{7AB21E8D-6B02-4C7A-907A-06FE2D68F2E9} - c:\windows\system32\ndlvdss.dll
ShellIconOverlayIdentifiers-{7AB21E8D-6B02-4C7A-907A-06FE2D68F2E9} - c:\windows\system32\ndlvdss.dll
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_USERS\S-1-5-21-4240235451-1172685772-1022493641-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D61D7EDD-DC24-94AC-30EE-6488DE37A538}*]
"habcpjhppjlghkki"=hex:6a,61,65,64,63,67,62,67,67,6a,6f,6d,62,67,6f,64,67,66,
64,61,00,fc
"iahbjlocadlpjeibkn"=hex:63,61,69,64,6b,64,00,00
"ialcjkoclpdcdnnani"=hex:6a,61,65,64,63,67,62,67,67,6a,6f,6d,62,67,6f,64,67,66,
64,61,00,fc
[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\ProgramData\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000413
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{9261A151-0AF5-4823-8CBD-EB99E80E7284}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.0.474.0"
"UniqueId"="00039FF64B6EB1FE"
"ScannerBuild"=dword:000018d5
"ScannerVersionId"=dword:00001293
"ScannerVersion"="Open window for status."
"FixId"=dword:00000005
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DcomLaunch\Security]
@DACL=(02 0000)
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,00,0f,00,01,01,00,00,00,00,00,01,00,00,\
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DPS\Security]
@DACL=(02 0000)
"Security"=hex:01,00,14,80,8c,00,00,00,98,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RpcSs\Security]
@DACL=(02 0000)
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,00,0f,00,01,01,00,00,00,00,00,01,00,00,\
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TrustedInstaller\Security]
@DACL=(02 0000)
@SACL=
"Security"=hex:01,00,14,80,90,00,00,00,a0,00,00,00,14,00,00,00,34,00,00,00,02,
00,20,00,01,00,00,00,02,c0,18,00,00,00,0c,00,01,02,00,00,00,00,00,05,20,00,\
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WdiServiceHost\Security]
@DACL=(02 0000)
"Security"=hex:01,00,14,80,b4,00,00,00,c0,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WdiSystemHost\Security]
@DACL=(02 0000)
"Security"=hex:01,00,14,80,b4,00,00,00,c0,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
.
Voltooingstijd: 2010-03-13 00:23:27
ComboFix-quarantined-files.txt 2010-03-12 23:23
ComboFix2.txt 2010-03-08 23:32
Pre-Run: 43.760.656.384 bytes beschikbaar
Post-Run: 43.931.295.744 bytes beschikbaar
- - End Of File - - A301941285B9AD668736298D371F53EC
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1043.18.3062.1800 [GMT 1:00]
Gestart vanuit: c:\users\gertjan\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\qpuztwca.dll
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-02-12 to 2010-03-12 ))))))))))))))))))))))))))))))
.
2010-03-12 23:20 . 2010-03-12 23:20 -------- d-----w- c:\users\gertjan\AppData\Local\temp
2010-03-12 23:20 . 2010-03-12 23:20 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-12 23:20 . 2010-03-12 23:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-10 15:03 . 2010-03-10 15:03 -------- d-----w- c:\users\gertjan\AppData\Roaming\Gaijin Ent
2010-03-10 15:03 . 2010-03-10 15:03 -------- d-----w- c:\users\gertjan\AppData\Roaming\Zylom
2010-03-10 15:03 . 2006-09-26 11:03 98304 ----a-w- c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
2010-03-10 15:03 . 2010-03-10 15:03 -------- d-----w- c:\programdata\Zylom
2010-03-10 15:03 . 2006-09-26 11:03 161976 ----a-w- c:\programdata\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll
2010-03-10 15:03 . 2010-03-10 15:03 -------- d-----w- c:\program files\Zylom Games
2010-03-09 09:54 . 2010-03-09 09:54 -------- d-----w- c:\program files\TagRename
2010-03-09 09:49 . 2010-03-09 09:49 -------- d-----w- c:\program files\AMR
2010-03-09 09:44 . 2010-03-09 09:47 -------- d-----w- c:\users\gertjan\AppData\Roaming\ID3-TagIT 3
2010-03-09 09:43 . 2010-03-09 09:43 -------- d-----w- c:\program files\ID3-TagIT 3
2010-03-09 09:43 . 2010-03-09 09:43 -------- d-----w- c:\programdata\ID3-TagIT 3
2010-03-08 22:40 . 2007-06-28 17:52 765952 ----a-w- c:\windows\system32\xvidcore.dll
2010-03-08 22:40 . 2007-06-28 17:54 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-03-08 22:40 . 2010-03-08 22:40 -------- d-----w- c:\program files\Xvid
2010-03-07 08:36 . 2010-03-07 08:36 -------- d-----w- c:\users\gertjan\AppData\Roaming\MessengerDiscovery 2
2010-03-07 08:35 . 2010-03-07 08:35 -------- d-----w- c:\programdata\MessengerDiscovery 2
2010-03-07 08:35 . 2010-03-07 08:35 -------- d-----w- c:\program files\MessengerDiscovery 2
2010-03-05 15:31 . 2009-12-13 09:30 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-03-05 15:31 . 2009-12-13 09:29 417792 ----a-w- c:\windows\system32\msdri.dll
2010-03-05 15:31 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-03-05 15:31 . 2009-12-08 11:40 3955288 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-03-05 15:31 . 2009-12-08 11:40 3899464 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-03-05 15:31 . 2009-12-08 11:32 292864 ----a-w- c:\windows\system32\apphelp.dll
2010-03-05 09:23 . 2010-03-05 09:23 -------- d-----w- c:\users\gertjan\AppData\Local\Gas Powered Games
2010-03-04 19:25 . 2010-03-04 19:26 -------- d-----w- c:\users\gertjan\AppData\Roaming\Belastingdienst
2010-03-04 19:23 . 2010-03-04 19:23 -------- d-----w- c:\program files\Belastingdienst
2010-03-03 15:28 . 2010-03-03 15:28 -------- d-----w- c:\users\gertjan\AppData\Local\PunkBuster
2010-03-02 15:59 . 2010-03-02 15:59 138056 ----a-w- c:\users\gertjan\AppData\Roaming\PnkBstrK.sys
2010-03-02 15:45 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-03-02 15:45 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-03-02 15:45 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-03-02 15:45 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-03-02 15:45 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-03-02 15:45 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-03-02 15:45 . 2008-10-27 09:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2010-03-02 15:45 . 2008-10-27 09:04 235856 ----a-w- c:\windows\system32\xactengine3_3.dll
2010-03-02 15:45 . 2008-10-27 09:04 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2010-03-02 15:45 . 2008-10-27 09:04 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2010-03-01 08:10 . 2010-02-02 07:45 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-28 10:40 . 2001-10-05 19:02 143360 ----a-w- c:\windows\system32\Stamin32.Dll
2010-02-28 08:33 . 2010-02-28 08:33 -------- d-----w- c:\program files\RAR Password Recovery Magic
2010-02-27 13:48 . 2010-02-27 13:52 -------- d-----w- c:\users\gertjan\AppData\Roaming\Static Windows Live Mail Backup
2010-02-27 13:47 . 2010-02-27 13:47 -------- d-----w- c:\program files\Static Windows Live Mail Backup
2010-02-27 13:38 . 2005-06-15 02:00 102400 ----a-w- c:\windows\system32\tsccvid.dll
2010-02-27 13:37 . 2010-02-27 16:06 -------- d-----w- c:\users\gertjan\AppData\Local\odbcesentd9
2010-02-25 19:26 . 2010-02-27 15:49 -------- d-----w- c:\program files\7-Zip
2010-02-25 11:52 . 2010-02-25 11:56 -------- d-----w- c:\users\gertjan\AppData\Local\Babylon
2010-02-25 11:51 . 2010-02-25 11:51 -------- d-----w- c:\program files\Babylon
2010-02-25 11:51 . 2010-03-12 23:08 -------- d-----w- c:\programdata\Babylon
2010-02-25 11:51 . 2010-02-28 08:39 -------- d-----w- c:\users\gertjan\AppData\Roaming\Babylon
2010-02-24 09:11 . 2010-02-24 09:11 -------- d-----w- c:\users\gertjan\AppData\Roaming\ValuSoft
2010-02-23 22:01 . 2010-02-25 15:09 -------- d-----w- c:\program files\Prison Tycoon 4
2010-02-22 17:43 . 2010-02-22 17:43 -------- d-----w- c:\program files\Unlocker
2010-02-22 10:42 . 2010-02-22 10:44 -------- d-----w- c:\users\gertjan\AppData\Local\Electronic Arts
2010-02-22 03:39 . 2010-02-22 03:39 -------- d-----w- c:\windows\Sun
2010-02-21 20:08 . 2010-02-21 20:08 -------- d-----w- c:\program files\EGB3
2010-02-21 12:02 . 2010-02-20 23:30 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-20 23:31 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-20 23:31 . 2010-02-20 23:31 -------- dc----w- c:\windows\system32\DRVSTORE
2010-02-20 23:28 . 2010-02-20 23:28 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-02-20 23:28 . 2010-02-04 15:53 2954656 -c--a-w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-02-20 23:27 . 2010-02-20 23:31 -------- d-----w- c:\programdata\Lavasoft
2010-02-20 23:27 . 2010-02-20 23:28 -------- d-----w- c:\program files\Lavasoft
2010-02-20 09:43 . 2010-02-20 10:07 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2010-02-19 19:04 . 2010-02-19 19:04 -------- d-----w- c:\users\gertjan\AppData\Roaming\Malwarebytes
2010-02-19 19:03 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-19 19:03 . 2010-02-19 19:03 -------- d-----w- c:\programdata\Malwarebytes
2010-02-19 19:03 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-19 19:03 . 2010-02-19 19:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-19 18:48 . 2010-02-19 18:48 -------- d-----w- c:\windows\system32\Wat
2010-02-19 18:45 . 2010-02-19 18:45 -------- d-----w- c:\program files\Trend Micro
2010-02-18 14:53 . 2010-02-18 14:53 -------- d-----w- c:\program files\Osirius
2010-02-18 14:53 . 1998-10-01 14:22 302592 ----a-w- c:\windows\unin0413.exe
2010-02-16 19:17 . 2010-02-16 19:24 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-02-16 19:17 . 2010-02-16 19:17 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-02-11 22:34 . 2010-02-11 22:34 -------- d-----w- c:\program files\Windows Doctor
2010-02-10 23:32 . 2010-02-10 23:32 -------- d-----w- c:\programdata\SugarGames
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-12 23:14 . 2010-01-15 14:38 -------- d-----w- c:\users\gertjan\AppData\Roaming\uTorrent
2010-03-11 15:08 . 2009-07-14 08:27 691728 ----a-w- c:\windows\system32\perfh013.dat
2010-03-11 15:08 . 2009-07-14 08:27 130232 ----a-w- c:\windows\system32\perfc013.dat
2010-03-10 22:58 . 2010-01-15 14:31 -------- d-----w- c:\programdata\Microsoft Help
2010-03-10 17:57 . 2010-01-23 18:05 -------- d-----w- c:\users\gertjan\AppData\Roaming\vlc
2010-03-07 22:57 . 2010-01-18 23:40 -------- d-----w- c:\users\gertjan\AppData\Roaming\FrostWire
2010-03-07 20:20 . 2010-01-18 23:16 -------- d-----w- c:\programdata\SuperMP3Download
2010-03-03 14:32 . 2010-01-16 17:59 -------- d-----w- c:\program files\GemistDownloader
2010-03-03 14:18 . 2009-07-13 23:11 21584 ------w- c:\windows\system32\drivers\atapi.sys
2010-02-28 11:23 . 2010-01-21 12:02 -------- d-----w- c:\program files\Launch Manager
2010-02-28 08:39 . 2010-01-25 08:00 -------- d-----w- c:\program files\RAR Password Unlocker
2010-02-28 00:16 . 2010-01-15 15:03 -------- d-----w- c:\program files\QuickPar
2010-02-27 13:34 . 2010-01-15 14:09 112328 ----a-w- c:\users\gertjan\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-26 21:08 . 2010-01-15 14:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-26 21:04 . 2010-01-15 14:26 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-24 08:16 . 2010-01-15 13:32 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-19 23:21 . 2010-01-28 10:04 -------- d-----w- c:\program files\Opera
2010-02-19 18:49 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll
2010-02-19 18:49 . 2009-07-13 23:36 13824 ----a-w- c:\windows\system32\slwga.dll
2010-02-19 18:49 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll
2010-02-16 09:02 . 2010-01-18 23:28 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-14 17:55 . 2010-01-15 13:56 -------- d-----w- c:\program files\AVS4YOU
2010-02-14 17:55 . 2010-01-15 14:00 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-02-09 19:32 . 2010-02-09 19:31 -------- d-----w- c:\program files\Davilex
2010-02-09 13:12 . 2010-02-09 13:12 -------- d-----w- c:\users\gertjan\AppData\Roaming\Template
2010-02-09 13:12 . 2010-01-22 09:37 118 ----a-w- c:\users\gertjan\AppData\Roaming\wklnhst.dat
2010-02-08 17:48 . 2010-02-08 17:28 0 ----a-w- c:\windows\mfont.dat
2010-02-08 07:54 . 2010-02-08 07:54 -------- d-----w- c:\program files\My Favorite Recipes
2010-02-08 07:50 . 2010-02-08 07:50 -------- d-----w- c:\program files\Carta
2010-02-07 22:45 . 2010-02-07 22:44 -------- dc-h--w- c:\programdata\{90269C77-822B-4F2B-A5AC-208F0AE1BA2D}
2010-02-07 22:45 . 2010-02-07 22:45 -------- d-----w- c:\program files\SmokeySoft
2010-02-05 07:22 . 2010-01-15 13:23 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-04 18:55 . 2010-01-15 13:20 -------- d-----w- c:\users\gertjan\AppData\Roaming\DAEMON Tools Lite
2010-02-04 15:12 . 2009-07-13 23:40 249856 ----a-w- c:\windows\system32\uxtheme.dll
2010-02-04 15:12 . 2009-07-13 23:39 37376 ----a-w- c:\windows\system32\themeservice.dll
2010-02-04 15:12 . 2009-07-13 23:39 2755072 ----a-w- c:\windows\system32\themeui.dll
2010-02-02 23:42 . 2010-02-02 23:42 -------- d-----w- c:\program files\Plus!
2010-02-02 12:13 . 2010-02-02 12:13 -------- d-----w- c:\users\gertjan\AppData\Roaming\Playrix Entertainment
2010-02-01 19:28 . 2010-02-01 19:27 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-02-01 14:35 . 2010-02-01 14:35 3 ----a-w- C:\BLINDEN.SYS
2010-01-29 09:17 . 2010-01-29 09:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2010-01-28 09:50 . 2010-01-20 14:57 -------- d-----w- c:\users\gertjan\AppData\Roaming\ArcSoft
2010-01-28 09:25 . 2010-01-28 09:25 0 ----a-w- c:\windows\nsreg.dat
2010-01-28 08:03 . 2010-01-28 08:03 -------- d-----w- c:\programdata\Fighters
2010-01-28 08:02 . 2010-01-28 08:02 -------- d-----w- c:\program files\Fighters
2010-01-28 07:16 . 2010-01-28 07:16 -------- d-----w- c:\program files\Common Files\Java
2010-01-28 02:56 . 2010-01-18 23:28 -------- d-----w- c:\program files\Java
2010-01-26 22:33 . 2010-01-26 22:33 23 ----a-w- c:\windows\system32\krx220.dat
2010-01-26 22:33 . 2010-01-26 22:33 -------- d-----w- c:\users\gertjan\AppData\Roaming\Kristanix Software
2010-01-26 08:16 . 2010-01-15 15:19 -------- d-----w- c:\users\gertjan\AppData\Roaming\NewsLeecher
2010-01-23 18:04 . 2010-01-23 18:04 -------- d-----w- c:\program files\VideoLAN
2010-01-23 08:48 . 2010-01-19 18:21 -------- d-----w- c:\programdata\Messenger Plus!
2010-01-23 05:26 . 2010-01-15 15:11 -------- d-----w- c:\program files\Messenger Plus! Live
2010-01-23 02:01 . 2010-01-15 14:36 -------- d-----w- c:\program files\Microsoft Works
2010-01-22 10:31 . 2010-01-22 10:31 -------- d-----w- c:\program files\Bit Che
2010-01-22 10:31 . 2010-01-22 10:31 -------- d-----w- c:\users\gertjan\AppData\Roaming\Convivea
2010-01-22 07:34 . 2010-01-22 07:34 41296 ----a-r- c:\windows\system32\hlp95en.dll
2010-01-21 21:45 . 2010-01-15 15:12 -------- d-----w- c:\users\gertjan\AppData\Roaming\URSoft
2010-01-21 18:30 . 2010-01-21 18:30 -------- d-----w- c:\users\gertjan\AppData\Roaming\ImgBurn
2010-01-21 12:41 . 2010-01-21 12:41 -------- d-----w- c:\users\gertjan\AppData\Roaming\Intel
2010-01-21 12:41 . 2010-01-21 12:41 -------- d-----w- c:\programdata\Roaming
2010-01-21 12:40 . 2010-01-21 12:40 -------- d-----w- c:\programdata\Intel
2010-01-21 12:40 . 2010-01-21 12:40 -------- d-----w- c:\program files\Cisco
2010-01-21 12:38 . 2010-01-15 16:50 -------- d-----w- c:\program files\Intel
2010-01-21 12:37 . 2010-01-21 12:37 -------- d-----w- c:\programdata\Broadcom
2010-01-21 12:34 . 2010-01-21 12:34 -------- d-----w- c:\program files\ATI Technologies
2010-01-21 12:34 . 2010-01-21 12:34 -------- d-----w- c:\program files\ATI
2010-01-21 11:50 . 2010-01-21 11:50 -------- d-----w- c:\program files\Broadcom
2010-01-21 11:36 . 2010-01-21 11:35 -------- d-----w- c:\program files\Common Files\snp2uvc
2010-01-21 11:34 . 2010-01-21 11:34 -------- d-----w- c:\programdata\InstallShield
2010-01-21 11:34 . 2010-01-21 11:34 -------- d-----w- c:\program files\SuYin
2010-01-21 11:33 . 2010-01-21 11:33 -------- d-----w- c:\users\gertjan\AppData\Roaming\InstallShield
2010-01-21 09:45 . 2010-01-21 09:45 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-01-20 09:16 . 2010-01-15 15:48 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 00:06 . 2010-01-19 00:06 0 ----a-w- c:\users\gertjan\AppData\Roaming\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2010-01-18 23:40 . 2010-01-15 14:43 -------- d-----w- c:\program files\FrostWire
2010-01-18 23:29 . 2010-02-10 11:08 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-10 11:08 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-10 11:08 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-10 11:08 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-10 11:08 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-10 11:08 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-10 11:08 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-10 11:08 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-18 23:16 . 2010-01-18 23:16 -------- d-----w- c:\users\gertjan\AppData\Roaming\SuperMP3Download
2010-01-17 16:52 . 2010-01-17 16:52 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-01-17 07:09 . 2010-01-17 07:09 -------- d-----w- c:\program files\SuperMp3Download
2010-01-16 12:30 . 2010-01-16 12:30 -------- d-----w- c:\programdata\Sports Interactive
2010-01-16 12:29 . 2010-01-16 12:04 -------- d-----w- c:\users\gertjan\AppData\Roaming\Sports Interactive
2010-01-16 12:11 . 2010-01-16 12:08 -------- d--h--w- c:\program files\Zero G Registry
2010-01-15 19:24 . 2010-01-15 19:23 -------- d-----w- c:\users\gertjan\AppData\Roaming\CyberLink
2010-01-15 19:24 . 2010-01-15 14:26 -------- d-----w- c:\programdata\CyberLink
2010-01-15 19:15 . 2010-01-15 19:01 -------- d-----w- c:\users\gertjan\AppData\Roaming\Ahead
2010-01-15 19:01 . 2010-01-15 18:58 -------- d-----w- c:\program files\Common Files\Ahead
2010-01-15 18:58 . 2010-01-15 18:58 -------- d-----w- c:\programdata\Nero
2010-01-15 18:58 . 2010-01-15 18:58 -------- d-----w- c:\program files\Nero
2010-01-15 16:51 . 2010-01-15 16:51 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-01-15 15:47 . 2010-01-15 15:22 -------- d-----w- c:\program files\Microsoft
2010-01-15 15:46 . 2010-01-15 15:46 -------- d-----w- c:\program files\CONEXANT
2010-01-15 15:27 . 2010-01-15 15:27 -------- d-----w- c:\programdata\DVD Shrink
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
------- Sigcheck -------
[-] 2010-02-19 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-01-15 289584]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-07-04 148776]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-01-19 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-09-01 75048]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-11 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-11 150552]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-07-04 161064]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-24 1190920]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2009-07-01 3706256]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [x]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [2007-10-16 81920]
R2 rmnspirn;Microsoft Infrared HID Support;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [2007-10-16 2711552]
R3 netw5v32;Stuurprogramma voor Intel(R) Wireless WiFi Link 5000 Series-adapter 32-bits Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-19 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-02-05 691696]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-04 64288]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/01/15 15:26];c:\program files\CyberLink\PowerDVD9\000.fcl [2009-09-01 15:59 87536]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-12-18 95896]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-20 1229232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
rmnspirn
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.hyves.nl/?&pageid=V1R0TMWA9SG84GGO
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
TCP: {AA61F0C2-6F24-4C44-BD0B-C4BC2303AE86} = 208.67.222.222,208.67.220.220
.
- - - - ORPHANS VERWIJDERD - - - -
BHO-{2C0179FC-C906-4320-9A50-906663D3D994} - c:\windows\system32\qpuztwca.dll
BHO-{7AB21E8D-6B02-4C7A-907A-06FE2D68F2E9} - c:\windows\system32\ndlvdss.dll
ShellIconOverlayIdentifiers-{7AB21E8D-6B02-4C7A-907A-06FE2D68F2E9} - c:\windows\system32\ndlvdss.dll
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_USERS\S-1-5-21-4240235451-1172685772-1022493641-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D61D7EDD-DC24-94AC-30EE-6488DE37A538}*]
"habcpjhppjlghkki"=hex:6a,61,65,64,63,67,62,67,67,6a,6f,6d,62,67,6f,64,67,66,
64,61,00,fc
"iahbjlocadlpjeibkn"=hex:63,61,69,64,6b,64,00,00
"ialcjkoclpdcdnnani"=hex:6a,61,65,64,63,67,62,67,67,6a,6f,6d,62,67,6f,64,67,66,
64,61,00,fc
[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\ProgramData\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000413
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{9261A151-0AF5-4823-8CBD-EB99E80E7284}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.0.474.0"
"UniqueId"="00039FF64B6EB1FE"
"ScannerBuild"=dword:000018d5
"ScannerVersionId"=dword:00001293
"ScannerVersion"="Open window for status."
"FixId"=dword:00000005
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DcomLaunch\Security]
@DACL=(02 0000)
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,00,0f,00,01,01,00,00,00,00,00,01,00,00,\
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DPS\Security]
@DACL=(02 0000)
"Security"=hex:01,00,14,80,8c,00,00,00,98,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RpcSs\Security]
@DACL=(02 0000)
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,00,0f,00,01,01,00,00,00,00,00,01,00,00,\
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TrustedInstaller\Security]
@DACL=(02 0000)
@SACL=
"Security"=hex:01,00,14,80,90,00,00,00,a0,00,00,00,14,00,00,00,34,00,00,00,02,
00,20,00,01,00,00,00,02,c0,18,00,00,00,0c,00,01,02,00,00,00,00,00,05,20,00,\
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WdiServiceHost\Security]
@DACL=(02 0000)
"Security"=hex:01,00,14,80,b4,00,00,00,c0,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WdiSystemHost\Security]
@DACL=(02 0000)
"Security"=hex:01,00,14,80,b4,00,00,00,c0,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
.
Voltooingstijd: 2010-03-13 00:23:27
ComboFix-quarantined-files.txt 2010-03-12 23:23
ComboFix2.txt 2010-03-08 23:32
Pre-Run: 43.760.656.384 bytes beschikbaar
Post-Run: 43.931.295.744 bytes beschikbaar
- - End Of File - - A301941285B9AD668736298D371F53EC