ComboFix 08-04-20.2 - jos 2008-04-21 2:36:27.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.400 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\jos\Local Settings\Temporary Internet Files\Content.IE5\58HPDHN3\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\ateskvtq.exe
C:\WINDOWS\system32\moXEKRqr.ini
C:\WINDOWS\system32\moXEKRqr.ini2
C:\WINDOWS\system32\nnnoOiGv.dll
C:\WINDOWS\system32\rqRKEXom.dll
C:\WINDOWS\system32\urqPfGVN.dll
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-03-21 to 2008-04-21 ))))))))))))))))))))))))))))))
.
2008-04-21 01:53 . 2008-04-21 01:53 <DIR> d-------- C:\Documents and Settings\serna\Application Data\Grisoft
2008-04-21 01:41 . 2008-04-21 01:41 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-04-21 01:39 . 2008-04-21 01:39 13,107,200 --a------ C:\WINDOWS\system32\oembios.bin
2008-04-21 01:38 . 2008-04-21 01:38 2,854,400 --a------ C:\WINDOWS\system32\msi.dll
2008-04-21 01:37 . 2008-04-21 01:37 13,107,200 --a------ C:\WINDOWS\system32\dllcache\oembios.bin
2008-04-21 01:36 . 2008-04-21 01:36 13,463,552 --a------ C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-04-21 01:35 . 2008-04-21 01:35 3,107,788 --a------ C:\WINDOWS\system32\ativvaxx.dat
2008-04-21 01:32 . 2008-04-21 01:32 32,866 --------- C:\WINDOWS\slrundll.exe
2008-04-21 01:29 . 2008-04-21 01:29 1,818,624 --a------ C:\WINDOWS\mixer.exe
2008-04-21 01:29 . 2008-04-21 01:29 215,144 -ra------ C:\WINDOWS\patchw32.dll
2008-04-21 01:29 . 2008-04-21 01:29 70,144 --a------ C:\WINDOWS\notepad.exe
2008-04-21 01:29 . 2008-04-21 01:29 16,730 --a------ C:\WINDOWS\Patroon.bmp
2008-04-21 01:29 . 2008-04-21 01:29 4,207 --a------ C:\WINDOWS\ODBCINST.INI
2008-04-21 01:29 . 2008-04-21 01:29 1,405 --a------ C:\WINDOWS\msdfmap.ini
2008-04-21 01:29 . 2008-04-21 01:29 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-04-21 01:29 . 2008-04-21 01:29 335 --a------ C:\WINDOWS\mozregistry.dat
2008-04-21 01:29 . 2008-04-21 01:29 25 --a------ C:\WINDOWS\mixerdef.ini
2008-04-21 01:28 . 2008-04-21 01:28 17,062 --a------ C:\WINDOWS\Kopje koffie.bmp
2008-04-21 01:28 . 2008-04-21 01:28 545 --a------ C:\WINDOWS\LHA.PIF
2008-04-21 01:25 . 2008-04-21 01:25 1,036,800 --a------ C:\WINDOWS\explorer.exe
2008-04-21 01:25 . 2008-04-21 01:25 26,582 --a------ C:\WINDOWS\Groensteen.bmp
2008-04-21 01:25 . 2008-04-21 01:25 10,752 --a------ C:\WINDOWS\hh.exe
2008-04-21 01:25 . 2008-04-21 01:25 80 --a------ C:\WINDOWS\explorer.scf
2008-04-21 01:24 . 2008-04-21 01:24 139,264 --a------ C:\WINDOWS\cmuninst.exe
2008-04-21 01:24 . 2008-04-21 01:24 135,168 --a------ C:\WINDOWS\cmuninst.dat
2008-04-21 01:24 . 2008-04-21 01:24 82,944 --a------ C:\WINDOWS\clock.avi
2008-04-21 01:24 . 2008-04-21 01:24 39,104 --a------ C:\WINDOWS\cmijack.dat
2008-04-21 01:24 . 2008-04-21 01:24 28,252 --a------ C:\WINDOWS\corelpf.lrs
2008-04-21 01:24 . 2008-04-21 01:24 22,178 --a------ C:\WINDOWS\cmaudio.dat
2008-04-21 01:24 . 2008-04-21 01:24 1,272 --a------ C:\WINDOWS\Blauw 16.bmp
2008-04-21 01:24 . 2008-04-21 01:24 25 --a------ C:\WINDOWS\cdplayer.ini
2008-04-21 01:24 . 2008-04-21 01:24 2 --a------ C:\WINDOWS\desktop.ini
2008-04-21 01:24 . 2008-04-21 01:24 0 --a------ C:\WINDOWS\control.ini
2008-04-21 01:23 . 2008-04-21 01:23 545 --a------ C:\WINDOWS\ARJ.PIF
2008-04-21 01:16 . 2008-04-21 01:16 <DIR> d-------- C:\Documents and Settings\serna\Application Data\Malwarebytes
2008-04-21 00:47 . 2008-04-21 00:47 <DIR> d-------- C:\Program Files\ABBYY FineReader 8.0 Professional Edition
2008-04-21 00:47 . 2008-04-21 00:47 251,184 -rahs---- C:\ntldr
2008-04-21 00:46 . 2008-04-21 00:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-21 00:46 . 2008-04-21 00:46 94,080 --a------ C:\Documents and Settings\jos\Application Data\ezplay.sys
2008-04-21 00:46 . 2008-04-21 00:46 87,608 --a------ C:\Documents and Settings\jos\Application Data\ezpinst.exe
2008-04-21 00:46 . 2008-04-21 00:46 47,360 --a------ C:\Documents and Settings\jos\Application Data\pcouffin.sys
2008-04-21 00:42 . 2008-04-21 00:42 524,288 --a------ C:\backup.bin
2008-04-21 00:42 . 2008-04-21 00:42 4,952 -rahs---- C:\Bootfont.bin
2008-04-21 00:10 . 2008-04-21 00:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2008-04-21 00:09 . 2008-04-21 00:09 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-04-21 00:05 . 2008-04-21 00:05 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-04-21 00:00 . 2008-04-21 00:46 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen
2008-04-21 00:00 . 2008-04-21 00:46 <DIR> d--h----- C:\Documents and Settings\Administrator\Onlangs geopend
2008-04-21 00:00 . 2008-04-21 00:46 <DIR> d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
2008-04-21 00:00 . 2008-04-21 00:46 <DIR> d-------- C:\Documents and Settings\Administrator\Mijn documenten
2008-04-21 00:00 . 2008-04-21 00:46 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-04-21 00:00 . 2008-04-21 00:46 <DIR> d-------- C:\Documents and Settings\Administrator\Favorieten
2008-04-21 00:00 . 2008-04-21 00:46 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad
2008-04-21 00:00 . 2008-04-21 00:00 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-21 00:00 . 2008-04-21 02:35 1,024 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT.LOG
2008-04-20 22:00 . 2008-04-20 22:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\cnwzsfcn
2008-04-20 22:00 . 2008-04-19 12:39 335,872 --a------ C:\WINDOWS\wdpoefan.dll
2008-04-20 22:00 . 2008-04-19 12:39 270,336 --a------ C:\WINDOWS\qnmargolktr.dll
2008-04-20 22:00 . 2008-04-19 12:39 233,472 --a------ C:\WINDOWS\vadokmxt.dll
2008-04-20 22:00 . 2008-04-19 12:39 184,320 --a------ C:\WINDOWS\dpevflbg.dll
2008-04-20 22:00 . 2008-04-19 12:39 106,496 --a------ C:\WINDOWS\olgdqarf.exe
2008-04-20 22:00 . 2008-04-19 12:39 98,304 --a------ C:\WINDOWS\wxvgsdbq.exe
2008-04-20 22:00 . 2008-04-20 22:00 98,304 --------- C:\WINDOWS\system32\yrsrgbwb.exe
2008-04-20 17:42 . 2008-04-21 00:47 <DIR> dr-h----- C:\Documents and Settings\jos\Onlangs geopend
2008-04-16 21:05 . 2008-04-16 21:14 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-04-16 21:05 . 2008-04-16 21:05 <DIR> d-------- C:\Documents and Settings\jos\Application Data\TuneUp Software
2008-04-16 21:05 . 2008-04-16 21:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-04-16 21:05 . 2008-04-16 21:05 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-04-16 21:05 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-04-15 09:31 . 2008-04-15 09:31 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-04-14 15:35 . 2008-04-14 15:35 <DIR> d-------- C:\Documents and Settings\jos\Application Data\Jasc
2008-04-14 15:31 . 2008-04-14 15:32 <DIR> d-------- C:\Program Files\Jasc Software Inc
2008-04-12 02:20 . 2008-04-12 15:13 <DIR> d-------- C:\Program Files\Intelore
2008-04-11 15:22 . 2008-04-11 19:37 <DIR> d-------- C:\Program Files\Azureus
2008-04-11 15:22 . 2008-04-15 17:59 <DIR> d-------- C:\Documents and Settings\jos\Application Data\Azureus
2008-04-11 15:22 . 2008-04-11 15:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-04-10 09:43 . 2008-04-10 10:00 <DIR> d-------- C:\Program Files\Dr.Hardware 2008 english
2008-04-04 23:50 . 2008-04-04 23:50 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-04 23:50 . 2008-04-04 23:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-04 12:26 . 2008-04-14 11:19 <DIR> d-------- C:\Program Files\GameShadow
2008-04-04 12:25 . 2008-04-04 12:25 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-04-04 10:32 . 2008-04-21 02:51 5,160,992 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-04 10:32 . 2008-04-21 02:45 64,640 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-04 10:29 . 2008-04-04 10:29 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-04-02 23:39 . 2008-04-02 23:39 <DIR> d-------- C:\Program Files\Common Files\ABBYY
2008-04-02 23:35 . 2008-04-03 00:03 <DIR> d-------- C:\Program Files\ABBYY FineReader 9.0
2008-04-02 23:35 . 2008-04-03 00:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ABBYY
2008-04-02 20:13 . 2008-04-02 20:13 <DIR> d-------- C:\Documents and Settings\jos\Application Data\Nero
2008-04-02 20:09 . 2008-04-02 20:11 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-04-02 20:09 . 2008-04-02 20:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-03-31 20:42 . 2008-03-31 20:42 <DIR> d-------- C:\Program Files\QuickTime
2008-03-31 20:42 . 2008-03-31 20:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-31 19:00 . 2008-03-31 19:00 1,409 --a------ C:\WINDOWS\system32\tmp8C393.FOT
2008-03-31 11:32 . 2008-03-31 11:32 <DIR> d-------- C:\Program Files\ScanSoft
2008-03-31 11:30 . 2008-03-31 11:31 <DIR> d-------- C:\Program Files\Microsoft AutoRoute
2008-03-28 17:07 . 2008-03-28 17:07 <DIR> d-------- C:\Program Files\Common Files\Protexis
2008-03-28 17:07 . 2008-03-28 17:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Corel
2008-03-27 22:25 . 2008-03-27 22:25 <DIR> d-------- C:\Documents and Settings\jos\Application Data\HEXelon
2008-03-27 22:24 . 2008-03-27 22:45 <DIR> d-------- C:\Program Files\TC UP
2008-03-25 17:25 . 2004-08-04 00:10 51,328 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2008-03-25 17:25 . 2004-08-04 00:10 51,328 --a--c--- C:\WINDOWS\system32\dllcache\msdv.sys
2008-03-25 17:25 . 2004-08-04 00:10 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys
2008-03-25 17:25 . 2004-08-04 00:10 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys
2008-03-25 17:25 . 2004-08-04 00:10 38,912 --a--c--- C:\WINDOWS\system32\dllcache\avc.sys
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-04-21 00:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-04-20 23:40 94,784 ----a-w C:\WINDOWS\twain.dll
2008-04-20 23:40 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-20 23:40 49,680 ----a-w C:\WINDOWS\twunk_16.exe
2008-04-20 23:40 287,232 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-20 23:40 257,072 ----a-w C:\WINDOWS\winhelp.exe
2008-04-20 23:40 25,600 ----a-w C:\WINDOWS\twunk_32.exe
2008-04-20 23:40 18,944 ----a-w C:\WINDOWS\vmmreg32.dll
2008-04-20 23:40 15,872 ----a-w C:\WINDOWS\TASKMAN.EXE
2008-04-20 23:37 96,256 ----a-w C:\WINDOWS\system32\drivers\scsiport.sys
2008-04-20 23:30 41,219 ----a-w C:\WINDOWS\RSETPATH.exe
2008-04-20 23:30 215,144 ----a-r C:\WINDOWS\pw32a.dll
2008-04-20 23:30 153,088 ----a-w C:\WINDOWS\regedit.exe
2008-04-20 23:25 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
2008-04-20 23:25 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
2008-04-20 23:25 3,374,640 ----a-w C:\WINDOWS\Help\Tours\mmTour\tour.exe
2008-04-20 23:25 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
2008-04-20 23:25 152,576 ----a-w C:\WINDOWS\Help\bnts.dll
2008-04-20 23:23 450,048 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
2008-04-20 23:23 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll
2008-04-20 23:23 244,736 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
2008-04-20 23:23 137,728 ----a-w C:\WINDOWS\AppPatch\aclua.dll
2008-04-20 23:23 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
2008-04-20 23:23 1,852,416 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
2008-04-20 23:00 --------- d-----w C:\Program Files\Zone Labs
2008-04-20 23:00 --------- d-----w C:\Program Files\Yahoo!
2008-04-20 23:00 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-20 23:00 --------- d-----w C:\Program Files\Unlocker
2008-04-20 22:59 --------- d-----w C:\Program Files\Uniblue
2008-04-20 22:59 --------- d-----w C:\Program Files\TrojanHunter 5.0
2008-04-20 22:59 --------- d-----w C:\Program Files\TechSmith
2008-04-20 22:59 --------- d-----w C:\Program Files\Symantec
2008-04-20 22:59 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-04-20 22:59 --------- d-----w C:\Program Files\Smart Projects
2008-04-20 22:59 --------- d-----w C:\Program Files\ScanWizard 5
2008-04-20 22:59 --------- d-----w C:\Program Files\Reference Assemblies
2008-04-20 22:59 --------- d-----w C:\Program Files\Real
2008-04-20 22:59 --------- d-----w C:\Program Files\Qualcomm
2008-04-20 22:59 --------- d-----w C:\Program Files\PowerISO
2008-04-20 22:55 --------- d-----w C:\Program Files\Pinnacle
2008-04-20 22:54 --------- d-----w C:\Program Files\Nuance
2008-04-20 22:54 --------- d-----w C:\Program Files\Netscape
2008-04-20 22:53 --------- d-----w C:\Program Files\Nero
2008-04-20 22:53 --------- d-----w C:\Program Files\MSXML 6.0
2008-04-20 22:53 --------- d-----w C:\Program Files\MSBuild
2008-04-20 22:53 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-20 22:53 --------- d-----w C:\Program Files\Microsoft Works
2008-04-20 22:53 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-04-20 22:50 --------- d-----w C:\Program Files\Corel
2008-04-20 22:50 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-20 22:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-20 22:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-20 22:50 --------- d-----w C:\Program Files\Common Files\Scansoft Shared
2008-04-20 22:49 --------- d-----w C:\Program Files\Common Files\Real
2008-04-20 22:49 --------- d-----w C:\Program Files\Common Files\logishrd
2008-04-20 22:49 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-20 22:49 --------- d-----w C:\Program Files\Common Files\Corel
2008-04-20 22:48 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-20 22:48 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-20 22:48 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-04-20 22:48 --------- d-----w C:\Program Files\CCleaner
2008-04-20 22:48 --------- d-----w C:\Program Files\ATI Technologies
2008-04-20 22:48 --------- d-----w C:\Program Files\AOpen
2008-04-20 22:48 --------- d-----w C:\Program Files\ANI
2008-04-20 22:48 --------- d-----w C:\Program Files\Alwil Software
2008-04-20 22:48 --------- d-----w C:\Program Files\ACD Systems
2008-04-20 22:47 --------- d-----w C:\Program Files\a-squared Free
2008-04-20 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nuance
2008-04-20 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-20 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-20 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-04-20 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2008-04-20 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-20 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-04-20 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-20 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-20 20:20 --------- d-----w C:\Documents and Settings\jos\Application Data\uTorrent
2008-04-10 13:12 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-04-07 18:32 3,140 --sha-w C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-03-28 15:09 88 --sh--r C:\Documents and Settings\All Users\Application Data\E251144BEE.sys
2008-03-27 23:14 --------- d-----w C:\Documents and Settings\jos\Application Data\UpdateStar
2008-03-13 21:11 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-03-12 16:07 --------- d-----w C:\Documents and Settings\jos\Application Data\Ariane Software
2008-03-09 14:40 --------- d-----w C:\Documents and Settings\jos\Application Data\VSRevoGroup
2008-03-09 14:30 --------- d-----w C:\Program Files\VS Revo Group
2008-03-06 14:34 --------- d-----w C:\Program Files\Java
2008-03-06 14:33 --------- d-----w C:\Program Files\Common Files\Java
2008-03-04 12:57 --------- d-----w C:\Documents and Settings\jos\Application Data\Malwarebytes
2008-03-04 12:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-01 23:24 --------- d-----w C:\Documents and Settings\jos\Application Data\Systenance
2008-03-01 22:46 --------- d-----w C:\Program Files\Index.dat Analyzer
2008-02-28 15:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-02-26 16:39 --------- d-----w C:\Documents and Settings\jos\Application Data\EPSON
2008-02-26 14:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-02-26 02:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-02-25 07:49 --------- d-s---w C:\Program Files\Common Files\Teknum Systems
2008-02-24 14:24 --------- d-----w C:\Program Files\HandyBits
2008-02-24 14:13 --------- d-----w C:\Program Files\TrueCrypt
2008-02-24 14:11 --------- d-----w C:\Documents and Settings\jos\Application Data\TrueCrypt
.
Code:
<pre>
----a-w 68,856 2008-04-20 22:51:18 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w 145,496 2008-04-20 22:57:41 C:\Program Files\Pinnacle\Studio 11\LaunchList2 .exe
----a-w 200,704 2008-04-20 22:59:22 C:\Program Files\PowerISO\PWRISOVM .EXE
----a-w 15,360 2008-04-20 23:36:12 C:\WINDOWS\system32\ctfmon .exe
</pre>
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-04-04 10:29 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-04-04 10:29 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-04-04 10:29 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-21 01:36 15360]
"EPSON Stylus DX8400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\ 3\E_FATICEE.exe" [2007-04-12 16:00 182272]
"Update Service"="C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe " [2008-02-24 16:24 19456]
"sdsczkua"="C:\WINDOWS\system32\yrsrgbwb.exe" [2008-04-20 22:00 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"C-Media Mixer"="Mixer.exe" [2008-04-21 01:29 1818624 C:\WINDOWS\mixer.exe]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 17:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 17:30 81920]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 17:00 155648]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"Device Detector"="DevDetect.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-21 01:36 15360]
C:\Documents and Settings\jos\Menu Start\Programma's\Opstarten\
Registration .LNK - D:\Program Files\Ubisoft\RegistrationReminder\RegistrationRem inder.exe [2008-04-04 12:25:28 962560]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
FreeClip.lnk - C:\Program Files\FreeClip\FreeClip.exe [2008-04-21 00:51:12 724992]
Scanner Finder.lnk - C:\Program Files\ScanWizard 5\ScannerFinder.exe [2008-04-21 00:59:48 315392]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"NoSecCpl"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"DisableLockWorkstation"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer\run]
"zqzwbVPVnT"= C:\Documents and Settings\All Users\Application Data\cnwzsfcn\gtmrkzab.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoStartMenuPinnedList"= 0 (0x0)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinterTabs"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoToolbarCustomize"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-03-21 14:31 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.PIM1"= PCLEPIM1.dll
"VIDC.ACDV"= ACDV.dll
"VIDC.MJPG"= Pvmjpg30.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
"Device Detector"=DevDetect.exe -autorun
"beidsystemtray"=C:\Program Files\Belgium Identity Card\beidsystemtray.exe
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe"
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"F:\\torrent\\utorrent.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 VD_FileDisk;VD_FileDisk;C:\WINDOWS\system32\driver s\VD_FileDisk.sys [2006-01-13 15:00]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;"C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLi censeServer.exe" -service []
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswF sBlk.sys [2008-03-29 19:35]
R2 eID CRL Service;eID CRL Service;C:\WINDOWS\system32\beidservicecrl.exe [2007-02-19 16:16]
R2 PSI_SVC_2;Protexis Licensing V2;"c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [2007-07-24 12:15]
R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2008-04-21 01:39]
R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvb i.sys [2008-04-21 01:37]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-21 01:37]
S3 ACSSCR;ACR38 Smart Card Reader;C:\WINDOWS\system32\DRIVERS\a38usb.sys [2006-03-24 20:14]
S3 eID Privacy Service;eID Privacy Service;C:\WINDOWS\system32\beidservicepcsc.exe [2007-02-19 16:16]
S3 OpenDrv;OpenDrv;C:\Program Files\AOpen\SilentTek\OpenDrv.sys [2008-04-21 00:48]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.ex e [2008-04-16 21:05]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhoud van de 'Gedeelde Taken' map
"2008-04-04 21:50:40 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-21 00:49:12 C:\WINDOWS\Tasks\Easy Onderhoud.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-04-12 16:47:42 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-20 23:40:47 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-20 23:40:47 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
************************************************** ************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-21 02:50:11
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\imapi.exe
.
************************************************** ************************
.
Voltooingstijd: 2008-04-21 2:53:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-21 00:53:24
ComboFix2.txt 2008-03-05 09:58:28
Pre-Run: 227,993,083,904 bytes beschikbaar
Post-Run: 227,973,107,712 bytes beschikbaar
380 --- E O F --- 2008-04-09 12:17:38
quarantined files
2008-04-20 22:00 38400 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\urqPfGVN.d ll.vir
2008-04-20 22:05 274432 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\nnnoOiGv.d ll.vir
2008-04-21 01:35 74304 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ateskvtq.e xe.vir
2008-04-21 02:13 274432 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\rqRKEXom.d ll.vir
2008-04-21 02:34 6844 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\moXEKRqr.i ni2.vir
2008-04-21 02:36 6844 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\moXEKRqr.i ni.vir
2008-04-21 02:43 200 --a------ C:\Qoobox\Quarantine\catchme.log
2008-04-21 02:43 264346 --a------ C:\Qoobox\Quarantine\catchme2008-04-21_ 24313.68.zip
Favorieten/bladwijzers