wow account gehackt . op aanvraag van provider ben ik hier terecht gekomen. [Archief]

bartstolk

27 July 2009, 14:14

allebei gedaan .

hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:12:00, on 27/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\NuonSoft\WallpaperCycler3\WallpaperCycler Lite.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\vghd\vghd.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.ex e
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingle Instance.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NuonSoft Wallpaper Cycler] "C:\Program Files\NuonSoft\WallpaperCycler3\WallpaperCycler Lite.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: DesktopVideoPlayer.LNK = C:\Program Files\vghd\vghd.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OpenOffice.org 3.0 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: RivaTuner.lnk = C:\Program Files\RivaTuner v2.21\RivaTunerWrapper.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 9499 bytes

combofix log.

ComboFix 09-07-26.01 - Eigenaar 27/07/2009 13:56.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.32.1043.18.3006.2047 [GMT 2:00]
Gestart vanuit: c:\users\Eigenaar\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
SP: BitDefender Antispyware *enabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
C:\AFUDOS.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-06-27 to 2009-07-27 ))))))))))))))))))))))))))))))
.
2009-07-27 12:03 . 2009-07-27 12:03 -------- d-----w- c:\users\Eigenaar\AppData\Local\temp
2009-07-27 06:19 . 2009-07-27 06:19 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\Malwarebytes
2009-07-27 06:19 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-27 06:19 . 2009-07-27 06:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-27 06:19 . 2009-07-27 06:19 -------- d-----w- c:\programdata\Malwarebytes
2009-07-27 06:19 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-26 18:31 . 2009-07-26 19:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-07-26 18:31 . 2009-07-26 18:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-26 18:05 . 2009-07-26 18:06 -------- d-----w- c:\program files\SpywareBlaster
2009-07-26 17:58 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-26 17:45 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-26 17:44 . 2009-07-26 17:44 -------- dc-h--w- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-26 17:44 . 2009-07-08 17:28 2920112 -c--a-w- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
2009-07-26 17:44 . 2009-07-26 17:45 -------- d-----w- c:\programdata\Lavasoft
2009-07-26 17:44 . 2009-07-26 17:44 -------- d-----w- c:\program files\Lavasoft
2009-07-26 17:33 . 2009-07-26 17:33 -------- d-----w- c:\program files\Trend Micro
2009-07-24 17:46 . 2009-07-24 17:46 -------- d-----w- c:\users\Eigenaar\AppData\Local\Yahoo
2009-07-24 17:45 . 2009-07-24 17:46 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\Yahoo!
2009-07-24 17:45 . 2009-07-24 17:45 -------- d-----w- c:\programdata\Yahoo! Companion
2009-07-24 17:44 . 2009-07-24 17:46 -------- d-----w- c:\programdata\Yahoo!
2009-07-24 17:44 . 2009-05-26 17:50 607472 ----a-w- c:\programdata\Yahoo!\YUpdater\yupdater.exe
2009-07-24 17:44 . 2009-07-24 17:46 -------- d-----w- c:\program files\Yahoo!
2009-07-24 15:27 . 2009-07-25 22:41 -------- d-----w- C:\World of Warcraft
2009-07-24 15:26 . 2009-07-24 15:27 -------- d-----w- c:\program files\World of Warcraft
2009-07-23 13:02 . 2009-07-23 13:02 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\Activision
2009-07-23 13:02 . 2009-07-23 13:02 -------- d-----w- c:\programdata\Activision
2009-07-23 13:02 . 2008-10-27 08:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2009-07-23 13:02 . 2008-10-27 08:04 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2009-07-23 13:02 . 2008-10-27 08:04 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2009-07-23 12:45 . 2009-07-23 12:45 -------- d-----w- c:\program files\Activision
2009-07-17 20:08 . 2009-07-17 20:08 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\DivX
2009-07-17 20:06 . 2009-07-17 20:06 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-07-17 20:06 . 2009-07-17 20:07 -------- d-----w- c:\program files\DivX
2009-07-17 20:06 . 2009-07-17 20:06 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-07-17 19:21 . 2009-07-17 19:50 -------- d-----w- C:\video
2009-07-15 11:21 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 11:21 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 11:21 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 11:21 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-11 16:07 . 2009-07-11 16:07 390664 ----a-w- c:\users\Eigenaar\AppData\Roaming\Real\RealPlayer\ Update\realplayer11gold.exe
2009-07-11 16:07 . 2009-07-11 16:07 390664 ------w- c:\users\Eigenaar\AppData\Roaming\Real\Update\temp \~Upg9\realplayer11gold.exe
2009-07-06 15:05 . 2009-07-06 15:07 32744 ----a-w- c:\windows\scunin.dat
2009-07-06 15:05 . 2009-07-06 15:07 967 ----a-w- c:\windows\ScUnin.pif
2009-07-06 15:05 . 2009-07-06 15:07 70656 ----a-w- c:\windows\ScUnin.exe
2009-07-06 15:05 . 2009-07-07 11:26 -------- d-----w- c:\program files\Starcraft
2009-07-02 16:07 . 2009-07-02 16:07 390664 ------w- c:\users\Eigenaar\AppData\Roaming\Real\Update\temp \~Upg8\realplayer11gold.exe
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-07-27 12:03 . 2008-02-01 13:34 81984 ----a-w- c:\windows\system32\bdod.bin
2009-07-26 18:28 . 2008-02-21 17:20 -------- d-----w- c:\program files\Steam
2009-07-25 22:54 . 2009-04-08 16:00 1 ----a-w- c:\users\Eigenaar\AppData\Roaming\OpenOffice.org\3 \user\uno_packages\cache\stamp.sys
2009-07-24 17:35 . 2008-02-01 18:02 -------- d-----w- c:\program files\id Software
2009-07-24 17:33 . 2008-02-09 20:50 -------- d-----w- c:\program files\Bethesda Softworks
2009-07-24 17:28 . 2009-02-13 18:27 11606600 ----a-w- c:\users\Eigenaar\AppData\Roaming\vghd\Data\update \updater.exe
2009-07-24 15:36 . 2008-02-02 13:10 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-07-23 13:00 . 2008-01-31 11:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-22 11:33 . 2008-03-02 09:30 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-16 22:13 . 2006-11-02 16:11 676772 ----a-w- c:\windows\system32\perfh013.dat
2009-07-16 22:13 . 2006-11-02 16:11 131268 ----a-w- c:\windows\system32\perfc013.dat
2009-07-16 06:24 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-04 08:59 . 2008-02-21 18:39 -------- d-----w- c:\program files\Common Files\Steam
2009-07-01 11:14 . 2008-11-03 16:43 7 ----a-w- c:\windows\sbacknt.bin
2009-07-01 11:14 . 2008-09-30 11:34 152904 ----a-w- c:\windows\system32\vghd.scr
2009-07-01 11:14 . 2008-02-22 13:14 -------- d-----w- c:\program files\vghd
2009-06-30 14:06 . 2008-02-21 17:25 -------- d-----w- c:\programdata\Media Center Programs
2009-06-30 14:02 . 2008-02-01 17:38 -------- d-----w- c:\program files\Ubisoft
2009-06-19 16:06 . 2009-06-19 16:06 390664 ------w- c:\users\Eigenaar\AppData\Roaming\Real\Update\temp \~Upg7\realplayer11gold.exe
2009-06-16 12:30 . 2009-06-16 12:30 10134 ----a-r- c:\users\Eigenaar\AppData\Roaming\Microsoft\Instal ler\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-16 12:30 . 2009-06-16 12:30 -------- d-----w- c:\program files\Microsoft WSE
2009-06-16 12:13 . 2008-02-23 17:16 -------- d-----w- c:\program files\Electronic Arts
2009-06-15 13:32 . 2009-06-15 13:32 -------- d-----w- c:\program files\Focus
2009-06-13 13:09 . 2009-05-17 14:18 -------- d-----w- c:\program files\Java
2009-06-12 17:35 . 2008-04-30 18:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-07 19:54 . 2009-04-13 13:51 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\IMVU
2009-06-07 19:53 . 2009-04-13 13:51 80967 ----a-w- c:\users\Eigenaar\AppData\Roaming\IMVUClient\Unins tall.exe
2009-06-07 19:52 . 2009-04-13 13:51 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\IMVUClient
2009-06-07 19:52 . 2009-06-07 19:51 15350248 ----a-w- c:\users\Eigenaar\AppData\Roaming\IMVUClient\insta ller\SetupImvu_update.exe
2009-06-05 16:34 . 2009-06-05 16:34 -------- d-----w- c:\programdata\salvation
2009-06-05 13:38 . 2008-05-09 12:25 418480 ----a-w- c:\windows\system32\wrap_oal.dll
2009-06-05 13:38 . 2008-05-09 12:25 115432 ----a-w- c:\windows\system32\OpenAL32.dll
2009-06-02 21:09 . 2009-06-02 21:09 95584 ----a-w- c:\users\Eigenaar\AppData\Roaming\IMVUClient\IMVUu pdater.exe
2009-06-02 21:09 . 2009-06-02 21:09 49920 ----a-w- c:\users\Eigenaar\AppData\Roaming\IMVUClient\IMVUC lient.exe
2009-06-02 21:09 . 2009-06-02 21:09 18176 ----a-w- c:\users\Eigenaar\AppData\Roaming\IMVUClient\imvuq ualityagent.exe
2009-06-02 21:05 . 2009-06-02 21:05 14848 ----a-w- c:\users\Eigenaar\AppData\Roaming\IMVUClient\Memor yHook.dll
2009-06-02 21:04 . 2009-06-02 21:04 289792 ----a-w- c:\users\Eigenaar\AppData\Roaming\IMVUClient\cal3d .dll
2009-06-02 21:04 . 2009-06-02 21:04 25600 ----a-w- c:\users\Eigenaar\AppData\Roaming\IMVUClient\CallS tack.dll
2009-06-02 21:04 . 2009-06-02 21:04 187392 ----a-w- c:\users\Eigenaar\AppData\Roaming\IMVUClient\boost _python.dll
2009-06-02 21:03 . 2009-06-02 21:03 256000 ----a-w- c:\users\Eigenaar\AppData\Roaming\IMVUClient\audie re.dll
2009-06-02 12:57 . 2008-07-22 11:24 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-05-23 11:54 . 2009-05-23 11:54 390664 ----a-w- c:\users\Eigenaar\AppData\Roaming\Real\Update\temp \~Upg6\RealPlayer11.exe
2009-05-20 13:18 . 2009-05-20 13:18 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-05-20 13:18 . 2009-05-20 13:18 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-05-13 11:54 . 2009-05-13 11:54 390664 ----a-w- c:\users\Eigenaar\AppData\Roaming\Real\Update\temp \~Upg5\RealPlayer11.exe
2009-05-05 11:53 . 2009-05-05 11:53 390664 ----a-w- c:\users\Eigenaar\AppData\Roaming\Real\Update\temp \~Upg4\RealPlayer11.exe
2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-04-30 12:37 . 2009-06-13 23:02 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:37 . 2009-06-13 23:02 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-04-29 11:46 . 2009-05-15 16:19 159744 ----a-w- c:\users\Eigenaar\AppData\Roaming\Songbird2\Profil es\t699rwkp.default\extensions\windowsmedia@songbi rdnest.com\platform\WINNT_x86-msvc\components\sbWindowsMediacore.dll
2006-10-11 08:04 . 2008-04-27 21:46 61036 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2008-04-27 21:46 48742 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2008-04-27 21:46 29313 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2008-04-27 21:46 41082 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2008-04-27 21:46 166510 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 217544]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"NuonSoft Wallpaper Cycler"="c:\program files\NuonSoft\WallpaperCycler3\WallpaperCycler Lite.exe" [2007-12-15 1947704]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-10 218032]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2008-02-01 61440]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-15 368640]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-23 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
c:\users\Eigenaar\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Startup\
DesktopVideoPlayer.LNK - c:\program files\vghd\vghd.exe [2008-2-22 402768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{8265ED1A-618E-4178-8144-678B98CFF3D8}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{3C0FE107-4195-4E8C-A1DE-A7D0C0D7208F}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{3CE7CFE3-2842-4715-8DC1-1F6CE2B9B229}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{ED31EC5F-22E2-41A1-9DCA-3940336B5C5C}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{071B5241-1151-4AE0-97CC-782A233B5D66}"= UDP:c:\program files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
"{3560E23B-FF58-4EE6-82A1-8839DD9DE9CA}"= TCP:c:\program files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
"{D3CBC87C-A312-4677-AE20-C4BD34DAF1E2}"= UDP:c:\program files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM)
"{F833B3B6-2F0B-4023-8A97-25A936C1D218}"= TCP:c:\program files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM)
"TCP Query User{D6FD7490-DF2A-43F5-B23F-C4C3B914DCAF}c:\\world of warcraft\\patches\\wow-1.11.0-engb-downloader.exe"= UDP:c:\world of warcraft\patches\wow-1.11.0-engb-downloader.exe:Blizzard Downloader
"UDP Query User{41E30908-BC95-4EB2-8E41-C6DD4752DAE6}c:\\world of warcraft\\patches\\wow-1.11.0-engb-downloader.exe"= TCP:c:\world of warcraft\patches\wow-1.11.0-engb-downloader.exe:Blizzard Downloader
"TCP Query User{A411C62A-74D8-4D16-A70A-6CFF217265D4}c:\\world of warcraft\\patches\\wow-2.1.0.6692-to-2.1.0.6729-engb-downloader.exe"= UDP:c:\world of warcraft\patches\wow-2.1.0.6692-to-2.1.0.6729-engb-downloader.exe:Blizzard Downloader
"UDP Query User{4D46379F-C528-471F-8C02-F1358AEDE69E}c:\\world of warcraft\\patches\\wow-2.1.0.6692-to-2.1.0.6729-engb-downloader.exe"= TCP:c:\world of warcraft\patches\wow-2.1.0.6692-to-2.1.0.6729-engb-downloader.exe:Blizzard Downloader
"TCP Query User{612A1043-8E03-419C-A6C4-88C01A499F22}c:\\world of warcraft\\patches\\wow-2.3.0.7561-to-2.3.2.7741-engb-downloader.exe"= UDP:c:\world of warcraft\patches\wow-2.3.0.7561-to-2.3.2.7741-engb-downloader.exe:Blizzard Downloader
"UDP Query User{AB791E9A-AD02-4A4B-B2DA-B0D869F5C347}c:\\world of warcraft\\patches\\wow-2.3.0.7561-to-2.3.2.7741-engb-downloader.exe"= TCP:c:\world of warcraft\patches\wow-2.3.0.7561-to-2.3.2.7741-engb-downloader.exe:Blizzard Downloader
"TCP Query User{B3F9668C-E031-48C6-AF87-8A9505254CD3}c:\\world of warcraft\\patches\\wow-2.2.0.7272-to-2.2.2.7318-engb-downloader.exe"= UDP:c:\world of warcraft\patches\wow-2.2.0.7272-to-2.2.2.7318-engb-downloader.exe:Blizzard Downloader
"UDP Query User{B4A3FF80-E857-4443-910C-8C3F0CB114D7}c:\\world of warcraft\\patches\\wow-2.2.0.7272-to-2.2.2.7318-engb-downloader.exe"= TCP:c:\world of warcraft\patches\wow-2.2.0.7272-to-2.2.2.7318-engb-downloader.exe:Blizzard Downloader
"TCP Query User{7D663259-EE3E-41B0-BBDB-D4D1936E9C47}c:\\world of warcraft\\patches\\wow-2.1.3.6898-to-2.2.0.7272-engb-downloader.exe"= UDP:c:\world of warcraft\patches\wow-2.1.3.6898-to-2.2.0.7272-engb-downloader.exe:Blizzard Downloader
"UDP Query User{37F94FD2-3532-47EB-9ACF-0F0C87C45308}c:\\world of warcraft\\patches\\wow-2.1.3.6898-to-2.2.0.7272-engb-downloader.exe"= TCP:c:\world of warcraft\patches\wow-2.1.3.6898-to-2.2.0.7272-engb-downloader.exe:Blizzard Downloader
"TCP Query User{D9219EFE-F952-41A1-A080-AA02174CD4CE}c:\\world of warcraft\\wow-2.3.0-engb-downloader.exe"= UDP:c:\world of warcraft\wow-2.3.0-engb-downloader.exe:Blizzard Downloader
"UDP Query User{BC260580-727D-40B8-8CA9-72A8E5AFE1DA}c:\\world of warcraft\\wow-2.3.0-engb-downloader.exe"= TCP:c:\world of warcraft\wow-2.3.0-engb-downloader.exe:Blizzard Downloader
"{84959BF4-B2C8-48F3-86C3-DA6BEB8D157F}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{2BA3AE9A-36C4-4483-A06D-20737C20EDAA}"= TCP:c:\program files\DNA\btdna.exe:DNA
"TCP Query User{F3522A3D-9839-4E1D-BC46-094183D38494}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{621BA8AF-653C-4B47-8874-61FB7704F3BD}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"TCP Query User{698E8CC3-69C3-4561-9859-CE4F43412B8B}c:\\program files\\byond\\bin\\byond.exe"= UDP:c:\program files\byond\bin\byond.exe:byond
"UDP Query User{7CA221FC-0EE2-4B85-8F37-C35AB2376559}c:\\program files\\byond\\bin\\byond.exe"= TCP:c:\program files\byond\bin\byond.exe:byond
"{FCAC1294-5A40-4A5B-9A66-9DFDA7E3BA7A}"= UDP:c:\program files\Steam\Steam.exe:Steam Client
"{494279CB-433E-4EFB-BF45-9E5E1EB1C5DC}"= TCP:c:\program files\Steam\Steam.exe:Steam Client
"TCP Query User{54D03003-15B9-4C5B-8F36-908683519C58}c:\\program files\\playonline\\squareenix\\playonlineviewer\\p ol.exe"= UDP:c:\program files\playonline\squareenix\playonlineviewer\pol.e xe:PlayOnline Viewer
"UDP Query User{8D0851EC-5CB7-44B6-9A8C-F3544317EA2B}c:\\program files\\playonline\\squareenix\\playonlineviewer\\p ol.exe"= TCP:c:\program files\playonline\squareenix\playonlineviewer\pol.e xe:PlayOnline Viewer
"TCP Query User{5EE76DF2-BCE0-43EA-947E-91C36330F6E1}c:\\world of warcraft\\backgrounddownloader.exe"= UDP:c:\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{C91A5DD6-ACA0-42A4-AF4F-7012F15CC7E3}c:\\world of warcraft\\backgrounddownloader.exe"= TCP:c:\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"{8245C792-FD9D-4DF0-A179-68D27A8B9DA1}"= UDP:c:\program files\Flagship Studios\Hellgate London\Launcher.exe:Hellgate: London
"{A89DDAD2-1294-47D1-B7AF-76F28BAA705D}"= TCP:c:\program files\Flagship Studios\Hellgate London\Launcher.exe:Hellgate: London
"TCP Query User{B8E5FB89-B4F7-4434-8600-3885B1A49876}c:\\program files\\id software\\enemy territory - quake wars\\etqw.exe"= UDP:c:\program files\id software\enemy territory - quake wars\etqw.exe:Enemy Territory: QUAKE Wars
"UDP Query User{F760974D-D27C-4D3F-AEFD-DB4C42483549}c:\\program files\\id software\\enemy territory - quake wars\\etqw.exe"= TCP:c:\program files\id software\enemy territory - quake wars\etqw.exe:Enemy Territory: QUAKE Wars
"TCP Query User{924455DA-9593-4B23-B524-A693FEE52B10}c:\\program files\\byond\\bin\\byond.exe"= UDP:c:\program files\byond\bin\byond.exe:byond
"UDP Query User{EB04CD46-F4BD-433D-B44D-72E808BF5530}c:\\program files\\byond\\bin\\byond.exe"= TCP:c:\program files\byond\bin\byond.exe:byond
"TCP Query User{B86AB0A4-DB0C-4D3D-A29B-5E2C56E66C5B}c:\\program files\\steam\\steamapps\\bartstolk\\source sdk base\\hl2.exe"= UDP:c:\program files\steam\steamapps\bartstolk\source sdk base\hl2.exe:hl2
"UDP Query User{3E0484FE-5CCC-40A4-B51A-19BA2E78F015}c:\\program files\\steam\\steamapps\\bartstolk\\source sdk base\\hl2.exe"= TCP:c:\program files\steam\steamapps\bartstolk\source sdk base\hl2.exe:hl2
"TCP Query User{C7720928-B984-4835-8BCE-11CFACBC7667}c:\\program files\\steam\\steamapps\\bartstolk\\source sdk base\\hl2.exe"= UDP:c:\program files\steam\steamapps\bartstolk\source sdk base\hl2.exe:hl2
"UDP Query User{B586CABD-6122-4957-B9F5-A10266447EAE}c:\\program files\\steam\\steamapps\\bartstolk\\source sdk base\\hl2.exe"= TCP:c:\program files\steam\steamapps\bartstolk\source sdk base\hl2.exe:hl2
"TCP Query User{780EEED2-4BFF-4192-A7D0-8FA05BC52358}c:\\program files\\thq\\dawn of war - soulstorm\\soulstorm.exe"= UDP:c:\program files\thq\dawn of war - soulstorm\soulstorm.exe:Soulstorm
"UDP Query User{00AA3559-36F8-4D07-9127-31553D40B4CD}c:\\program files\\thq\\dawn of war - soulstorm\\soulstorm.exe"= TCP:c:\program files\thq\dawn of war - soulstorm\soulstorm.exe:Soulstorm
"{7D0ACCA3-D411-47A8-9C6F-5EB300B82109}"= UDP:c:\program files\Eidos\Kane and Lynch Dead Men\kaneandlynch.exe:Kane & Lynch: Dead Men
"{30356D5F-B840-4287-91A1-DB0F58274BBA}"= TCP:c:\program files\Eidos\Kane and Lynch Dead Men\kaneandlynch.exe:Kane & Lynch: Dead Men
"TCP Query User{9D85F572-B3A8-4996-8780-DCD3E42B2CAB}c:\\program files\\free download manager\\fdm.exe"= UDP:c:\program files\free download manager\fdm.exe:Free Download Manager
"UDP Query User{67B21178-FA2D-49FF-B738-1DAC98117C1E}c:\\program files\\free download manager\\fdm.exe"= TCP:c:\program files\free download manager\fdm.exe:Free Download Manager
"TCP Query User{1DDE0EE8-7DB6-4C99-9106-BA3EC8D24587}c:\\program files\\ubisoft\\blue byte\\the settlers - heritage of kings\\extra1\\bin\\settlershok.exe"= UDP:c:\program files\ubisoft\blue byte\the settlers - heritage of kings\extra1\bin\settlershok.exe:THE SETTLERS - Heritage of Kings
"UDP Query User{06709EB2-27BA-4E91-98A7-8FE6EF261058}c:\\program files\\ubisoft\\blue byte\\the settlers - heritage of kings\\extra1\\bin\\settlershok.exe"= TCP:c:\program files\ubisoft\blue byte\the settlers - heritage of kings\extra1\bin\settlershok.exe:THE SETTLERS - Heritage of Kings
"{F3AA0448-D2EA-4653-A4C5-E77C38197EE2}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{92199365-B2B9-411E-BC60-5AAD32488973}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{1F6EC9C2-0A15-4269-AB36-177A675B91CB}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe :CrysisDedicatedServer_32
"{911F996A-EBA4-4966-B088-B4CB518E0729}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe :CrysisDedicatedServer_32
"{B65EB6E3-4B97-494F-8C49-510A8A838B71}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{ECF59A3E-8AFE-4610-B3DC-4838BA0218B2}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{F5C6A933-2FBE-4081-9BB2-6352C8460351}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{BAE899CD-3F19-496F-8E3A-56FC080A6741}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{7BBD2859-1A5B-4F70-9D9A-DF35ED3330C8}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{C5C6E6C2-CB6D-4CC7-9357-BA88833740C6}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{B2098A28-CBB3-410E-ACAD-FD078FD82F28}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{FC762DF8-99F6-45CC-A85A-24C92411595A}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{A12C9DA0-571A-4C71-8108-EEB7399AF3D0}c:\\program files\\free download manager\\fdm.exe"= UDP:c:\program files\free download manager\fdm.exe:Free Download Manager
"UDP Query User{DE9B38B4-0A3E-4EA4-BB11-9DC1A5C4CAAE}c:\\program files\\free download manager\\fdm.exe"= TCP:c:\program files\free download manager\fdm.exe:Free Download Manager
"TCP Query User{508FE5A9-6CA7-4C14-83DD-4B3525753F37}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{69E14C4A-F593-4086-AACE-6B0FF4444536}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{FBB7AF83-4A3A-4887-A874-BC913F4C8DF9}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{C149C081-2BCE-4A59-B87E-A61377005413}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{DEFC97D1-4538-40AD-B20A-6B176C16F22F}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{34FFA72E-3738-4A7F-A91D-1414BDDD988D}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{18531E94-5D7E-4D1A-9537-B9D64E42687E}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{4322BFEB-C6CC-45F8-9555-61858958935F}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{5C30F633-73B5-4BC2-8DA1-98EAE8EA8418}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{C87680B7-828B-4A2C-9C16-E303F268BE16}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{8D867EED-4577-4A87-8EFF-2405ECB3ADE9}"= UDP:c:\program files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:Star Wars(TM): Empire at War(TM)
"{5A0C9F21-8385-4472-BFE6-F3C89F6FD136}"= TCP:c:\program files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:Star Wars(TM): Empire at War(TM)
"TCP Query User{7CF25CB0-C168-4302-AF16-66C9DFB950C9}c:\\program files\\electronic arts\\crytek\\crysis\\bin32\\crysis.exe"= UDP:c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe:Crysis
"UDP Query User{7C3AABFC-A2AC-467D-94E3-008CA3623F09}c:\\program files\\electronic arts\\crytek\\crysis\\bin32\\crysis.exe"= TCP:c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe:Crysis
"{7FAE91A3-8715-46DA-9D56-AE179789B085}"= UDP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{717E77DC-2CC9-40B8-8212-43FE01D9DFAB}"= TCP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{F6C830B3-BB2D-4ADA-917A-C1485E70E73B}"= UDP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{781F0D9B-5373-4691-9B56-141F1969C8DF}"= TCP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"TCP Query User{3DC342E5-84B7-4505-983A-0459F747880F}c:\\program files\\ubisoft\\splinter cell pandora tomorrow\\pandora.exe"= UDP:c:\program files\ubisoft\splinter cell pandora tomorrow\pandora.exe:pandora
"UDP Query User{F67FCADF-2EFA-40A2-ACCD-7772EE470228}c:\\program files\\ubisoft\\splinter cell pandora tomorrow\\pandora.exe"= TCP:c:\program files\ubisoft\splinter cell pandora tomorrow\pandora.exe:pandora
"{1C1F52BA-B745-409A-B857-A111AB564EBA}"= UDP:c:\program files\Deep Silver\Sacred 2 - Fallen Angel\system\s2gs.exe:Sacred 2 Game Server
"{AA7CC404-A827-4C5B-A157-BDE37D7B32DB}"= TCP:c:\program files\Deep Silver\Sacred 2 - Fallen Angel\system\s2gs.exe:Sacred 2 Game Server
"{35B8886A-807A-42CC-86A0-11D5709E92F4}"= UDP:c:\program files\Deep Silver\Sacred 2 - Fallen Angel\system\sacred2.exe:Sacred 2
"{26817898-C199-467B-8A17-263D50C3EC92}"= TCP:c:\program files\Deep Silver\Sacred 2 - Fallen Angel\system\sacred2.exe:Sacred 2
"TCP Query User{93D9CFA9-3612-43DF-A926-26CD63A028F0}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{E673D58E-5283-4D23-ACE4-4C3E5D476A27}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{DF54358E-2E3E-4EA1-9975-DA321D2D9754}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{F7CB3EFA-592C-4D67-A13E-523E15FD152E}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{58AB6B56-1517-40AF-9F60-8A9A9B2FF8FA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D4DD2D6F-5B08-4A2A-909D-51F1C32CD90B}"= UDP:c:\program files\Atari\AITD\Alone.exe:Alone In The Dark
"{07A3E18F-3636-4A9D-9899-A38F5063EC5A}"= TCP:c:\program files\Atari\AITD\Alone.exe:Alone In The Dark
"{09B984C9-CB34-4FBD-BD5A-FE280318749A}"= Disabled:UDP:c:\program files\Empire Interactive\Strangelite\Starship Troopers\STGame.exe:Starship Troopers
"{2422CCAE-2839-4ED5-ADCC-854389A0E254}"= Disabled:TCP:c:\program files\Empire Interactive\Strangelite\Starship Troopers\STGame.exe:Starship Troopers
"TCP Query User{4EBB4FC8-E1A3-42E0-A63A-6C3785A182B2}c:\\users\\eigenaar\\appdata\\local\\ temp\\blizzard launcher temporary - 4a3c5c08\\launcher.exe"= UDP:c:\users\eigenaar\appdata\local\temp\blizzard launcher temporary - 4a3c5c08\launcher.exe:launcher.exe
"UDP Query User{CDEF59E3-BCEA-47A3-9792-76F3A4943E3F}c:\\users\\eigenaar\\appdata\\local\\ temp\\blizzard launcher temporary - 4a3c5c08\\launcher.exe"= TCP:c:\users\eigenaar\appdata\local\temp\blizzard launcher temporary - 4a3c5c08\launcher.exe:launcher.exe
"{3C4046A4-A8AA-492C-8E35-833729F1DF52}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{AD6C5F37-035C-4FAD-8D6B-E8C8BCEE2F32}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{DB52E7BE-8072-4C9B-80DF-E14F0F3D6161}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{3AE5FB7B-3883-4BF5-B52A-90B1410572BB}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{D7FB75FB-668E-44C0-8B3C-5D62BAFB28C8}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{FC5BF516-5D11-4B1B-A7C1-44805D25611C}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"TCP Query User{B81C98CC-02E9-4F65-907D-5378CC3F63A0}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{347432F7-5B6F-4F2F-936D-3D00F6236902}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{8C427784-444C-41CA-81CD-816AA9AAB70C}c:\\program files\\deep silver\\sacred 2 - fallen angel\\system\\s2gs.exe"= UDP:c:\program files\deep silver\sacred 2 - fallen angel\system\s2gs.exe:Sacred 2 - Game Server
"UDP Query User{6A9A792F-582A-41A1-A434-216AFB912AE9}c:\\program files\\deep silver\\sacred 2 - fallen angel\\system\\s2gs.exe"= TCP:c:\program files\deep silver\sacred 2 - fallen angel\system\s2gs.exe:Sacred 2 - Game Server
"{3F6E1898-DC16-443E-83EF-3BE83AF261C6}"= UDP:c:\program files\Steam\SteamApps\bartstolk\sin episodes emergence\SinEpisodes.exe:SiN Episodes: Emergence
"{415B9E8B-20E8-4F07-8712-C2E15169454C}"= TCP:c:\program files\Steam\SteamApps\bartstolk\sin episodes emergence\SinEpisodes.exe:SiN Episodes: Emergence
"TCP Query User{B359AFAD-AF75-474C-B323-68542AF70268}c:\\users\\eigenaar\\appdata\\local\\ temp\\blizzard launcher temporary - 224b6a18\\launcher.exe"= UDP:c:\users\eigenaar\appdata\local\temp\blizzard launcher temporary - 224b6a18\launcher.exe:launcher.exe
"UDP Query User{DEE37263-6222-451F-A7E5-EBDA892ADACF}c:\\users\\eigenaar\\appdata\\local\\ temp\\blizzard launcher temporary - 224b6a18\\launcher.exe"= TCP:c:\users\eigenaar\appdata\local\temp\blizzard launcher temporary - 224b6a18\launcher.exe:launcher.exe
"TCP Query User{D1212166-50C0-48B4-B42B-3077B3FE87FA}c:\\program files\\bethesda softworks\\fallout 3\\fallout3.exe"= UDP:c:\program files\bethesda softworks\fallout 3\fallout3.exe:Fallout3
"UDP Query User{39668C12-DDBA-4F4C-B760-2CBF3AA5D5F7}c:\\program files\\bethesda softworks\\fallout 3\\fallout3.exe"= TCP:c:\program files\bethesda softworks\fallout 3\fallout3.exe:Fallout3
"TCP Query User{20551957-AB6C-4214-A94E-937375A661DD}c:\\users\\eigenaar\\appdata\\local\\ microsoft\\windows\\temporary internet files\\content.ie5\\sjtyoyne\\diablo3-wizardtrailer_en-us-downloader[1].exe"= UDP:c:\users\eigenaar\appdata\local\microsoft\wind ows\temporary internet files\content.ie5\sjtyoyne\diablo3-wizardtrailer_en-us-downloader[1].exe:diablo3-wizardtrailer_en-us-downloader[1].exe
"UDP Query User{5DF72F5D-054E-4D5D-94A2-DEFAA88B5686}c:\\users\\eigenaar\\appdata\\local\\ microsoft\\windows\\temporary internet files\\content.ie5\\sjtyoyne\\diablo3-wizardtrailer_en-us-downloader[1].exe"= TCP:c:\users\eigenaar\appdata\local\microsoft\wind ows\temporary internet files\content.ie5\sjtyoyne\diablo3-wizardtrailer_en-us-downloader[1].exe:diablo3-wizardtrailer_en-us-downloader[1].exe
"{16FD5143-23F1-4D31-AEEB-C4E54F81796B}"= UDP:c:\program files\Ubisoft\Tom Clancy's EndWar\Binaries\EndWar.exe:Tom Clancy's EndWar
"{580D9190-FEEE-4C5B-87F3-BEFC6559E99E}"= TCP:c:\program files\Ubisoft\Tom Clancy's EndWar\Binaries\EndWar.exe:Tom Clancy's EndWar
"{B3CE0AF4-B116-460A-AA62-6F1C19017FC7}"= UDP:c:\program files\Ubisoft\Tom Clancy's EndWar\Tom Clancy's EndWar Launcher.exe:Tom Clancy's EndWar Launcher
"{C39F35A9-3AA7-4627-87A9-6001F7FDDBAB}"= TCP:c:\program files\Ubisoft\Tom Clancy's EndWar\Tom Clancy's EndWar Launcher.exe:Tom Clancy's EndWar Launcher
"TCP Query User{C552698C-0C07-4DDD-A885-4795D5DF9CFC}c:\\program files\\ccp\\eve\\bin\\exefile.exe"= UDP:c:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile
"UDP Query User{72A8D192-329E-43DF-8CD7-5B8FF2673F6A}c:\\program files\\ccp\\eve\\bin\\exefile.exe"= TCP:c:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile
"TCP Query User{02B33F76-753F-47A0-9BCE-F511FA670D67}c:\\malfador machinations\\space empires iv\\se4.exe"= UDP:c:\malfador machinations\space empires iv\se4.exe:Space Empires IV
"UDP Query User{15D6199E-946C-4700-AD3C-7059FF295296}c:\\malfador machinations\\space empires iv\\se4.exe"= TCP:c:\malfador machinations\space empires iv\se4.exe:Space Empires IV
"TCP Query User{AED64472-C893-426E-9BA0-73070E0816F5}c:\\malfador machinations\\space empires iv\\se4.exe"= UDP:c:\malfador machinations\space empires iv\se4.exe:Space Empires IV
"UDP Query User{2EB5D02E-0E0F-41DD-899D-7388DE73D6EE}c:\\malfador machinations\\space empires iv\\se4.exe"= TCP:c:\malfador machinations\space empires iv\se4.exe:Space Empires IV
"TCP Query User{2115A6C2-F985-401E-A79E-4E58CA575943}c:\\program files\\kazaa lite k++\\kazaalite.kpp"= UDP:c:\program files\kazaa lite k++\kazaalite.kpp:KazaaLite.kpp
"UDP Query User{5096A7A1-F32B-47D7-B68B-159A4DDD5B9F}c:\\program files\\kazaa lite k++\\kazaalite.kpp"= TCP:c:\program files\kazaa lite k++\kazaalite.kpp:KazaaLite.kpp
"TCP Query User{8CF2FE6A-4686-40B0-AB29-AAF3F5279241}c:\\program files\\activision\\ef2\\ef2.exe"= UDP:c:\program files\activision\ef2\ef2.exe:Elite Force II
"UDP Query User{60394641-2C73-4D85-9737-BF67A29EBDAC}c:\\program files\\activision\\ef2\\ef2.exe"= TCP:c:\program files\activision\ef2\ef2.exe:Elite Force II
"{C5FC3C78-26C8-4FAE-8981-924FDC086C46}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{92D5823B-05E3-42A0-A118-2D9979C035E4}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe:Blizzard Downloader
"{1E6D02DA-3FE6-4B5C-967D-963C7A381F1C}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe:Blizzard Downloader
"{71DE99BB-6AE9-4AD5-B2D9-CE5CB6106387}"= UDP:3724:Blizzard Downloader: 3724
"TCP Query User{9B894C38-1E0C-4C34-8A49-B6E92E1793B5}c:\\world of warcraft\\launcher.exe"= UDP:c:\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{B5341EC8-A550-4121-A11E-C8FE57C610CC}c:\\world of warcraft\\launcher.exe"= TCP:c:\world of warcraft\launcher.exe:Blizzard Launcher
"TCP Query User{EE66031F-A735-43CD-ADB2-AFF39A3DFB89}c:\\users\\eigenaar\\desktop\\star trek\\supremacyclient.exe"= UDP:c:\users\eigenaar\desktop\star trek\supremacyclient.exe:supremacyclient.exe
"UDP Query User{4FCFA99E-F2D4-4CF2-B57A-FE37F23797C5}c:\\users\\eigenaar\\desktop\\star trek\\supremacyclient.exe"= TCP:c:\users\eigenaar\desktop\star trek\supremacyclient.exe:supremacyclient.exe
"TCP Query User{031E2F69-6B72-4D6F-A73C-9C54E209F227}c:\\program files\\electronic arts\\dead space\\dead space.exe"= UDP:c:\program files\electronic arts\dead space\dead space.exe:Dead Space ™
"UDP Query User{37D9F258-251B-45F1-9AD9-47244CDA1F2C}c:\\program files\\electronic arts\\dead space\\dead space.exe"= TCP:c:\program files\electronic arts\dead space\dead space.exe:Dead Space ™
"TCP Query User{5A21DF61-DFE2-47CA-8BC0-E6081B81F61B}c:\\halflife\\hl.exe"= UDP:c:\halflife\hl.exe:Half-Life Launcher
"UDP Query User{4A5B72DF-AD09-4AAB-AE00-C893F1350C00}c:\\halflife\\hl.exe"= TCP:c:\halflife\hl.exe:Half-Life Launcher
"{50839A35-0541-44EE-8C73-0D231FF2E846}"= UDP:c:\program files\Evolved Games\Terminator Salvation\TerminatorSalvation.exe:Terminator Salvation
"{3A38C47E-1853-4E87-AF7B-C3E5A69045C2}"= TCP:c:\program files\Evolved Games\Terminator Salvation\TerminatorSalvation.exe:Terminator Salvation
"{EDC5643C-8AC3-4845-96BF-01E60FDC8FC1}"= UDP:c:\program files\Ubisoft\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe:THE SETTLERS - Rise of an Empire
"{A78F58F4-EB3B-4FB9-B998-24CADADED97E}"= TCP:c:\program files\Ubisoft\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe:THE SETTLERS - Rise of an Empire
"{B9D0D807-7130-48D1-838C-F0B5802151B8}"= UDP:c:\program files\Steam\SteamApps\common\left 4 dead\bin\SDKLauncher.exe:Left 4 Dead Authoring Tools
"{381FA0C3-FD0B-4B7B-9AFD-3433DBD93990}"= TCP:c:\program files\Steam\SteamApps\common\left 4 dead\bin\SDKLauncher.exe:Left 4 Dead Authoring Tools
"{14A24D8E-99D1-447E-B8E6-C7C3C1148A98}"= UDP:c:\program files\Steam\SteamApps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{992C4029-7000-4BBE-97AA-E63E0A2C3045}"= TCP:c:\program files\Steam\SteamApps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{8226BE59-5709-41AB-9F03-6E3BABE6C48D}"= UDP:c:\program files\Activision\Transformers - Revenge of the Fallen\Transformers2.exe:Transformers(TM) - Revenge of the Fallen(TM)
"{C20E5E5E-1A9D-437C-93C5-CC2451DC3A9C}"= TCP:c:\program files\Activision\Transformers - Revenge of the Fallen\Transformers2.exe:Transformers(TM) - Revenge of the Fallen(TM)
"{2D6BACF8-FC04-4FB4-BC37-EE85DAEDD100}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{1B02EE16-7A5B-4B0C-8EE1-AD911AD04A00}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorre nt
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [26/07/2009 19:45 64160]
R1 VBoxDrv;VirtualBox Service;c:\windows\System32\drivers\VBoxDrv.sys [9/02/2009 21:06 100560]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\System32\drivers\VBoxUSBMon.sys [9/02/2009 21:06 41680]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [26/07/2009 20:31 1153368]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\System32\drivers\VBoxNetFlt.sys [21/01/2009 20:13 87312]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/07/2009 16:49 1029456]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssflt r.sys [13/04/2009 16:33 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [6/02/2009 18:08 533360]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Inhoud van de 'Gedeelde Taken' map
2009-07-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
FF - ProfilePath - c:\users\Eigenaar\AppData\Roaming\Mozilla\Firefox\ Profiles\lwtr8u9h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - component: c:\progra~1\MOZILL~1\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\npr pbrowserrecordplugin.dll
FF - component: c:\users\Eigenaar\AppData\Roaming\Mozilla\Firefox\ Profiles\lwtr8u9h.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\users\Eigenaar\AppData\Roaming\Mozilla\Firefox\ Profiles\lwtr8u9h.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&mozver={moz:version}-{moz:buildid}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&mozver={moz:version}-{moz:buildid}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.
************************************************** ************************
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-27 14:03
Windows 6.0.6001 Service Pack 1 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...

c:\users\Eigenaar\AppData\Local\Temp\catchme.dll 53248 bytes executable
Scan succesvol afgerond
verborgen bestanden: 1
************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_USERS\S-1-5-21-3642229930-311392705-405827475-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:ce,92,5f,41,c5,fa,d9,5b,df,f6,2d,58,c7,3f,ee, 6e,3c,94,be,0e,99,9d,0f,
91,f3,86,c5,51,9f,27,78,a8,d6,39,c4,36,9d,6c,db,3d ,a8,ba,28,8b,7a,fb,9c,0b,\
"??"=hex:74,3a,63,69,02,a9,0e,c5,1d,09,1a,5d,63,51,33, 7d
[HKEY_USERS\S-1-5-21-3642229930-311392705-405827475-1000\Software\SecuROM\License information*]
"datasecu"=hex:17,47,22,4e,c4,db,96,e2,02,40,ba,7a,6e,04,ac, 47,01,2e,55,d4,f3,
2e,70,f8,74,91,fb,cf,db,8e,fb,bc,76,f0,fb,d7,37,96 ,0e,96,37,b7,ec,ba,02,f8,\
"rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1, ff
.
Voltooingstijd: 2009-07-27 14:06
ComboFix-quarantined-files.txt 2009-07-27 12:05
Pre-Run: 30.281.416.704 bytes beschikbaar
Post-Run: 30.874.693.632 bytes beschikbaar
402 --- E O F --- 2009-07-22 06:05