logje ComboFix:
ComboFix 09-07-01.01 - wesley 01/07/2009 21:11.2 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.32.1043.18.2047.1244 [GMT 2:00]
Gestart vanuit: k:\users\wesley\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
SP: BitDefender AntiSpam *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\cahpcg.cmd
k:\windows\system32\ATIODCLI.exe
k:\windows\system32\ATIODE.exe
k:\windows\system32\mfc45.dll
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-06-01 to 2009-07-01 ))))))))))))))))))))))))))))))
.
2009-07-01 19:14 . 2009-07-01 19:14 -------- d-----w- k:\users\wesley\AppData\Local\temp
2009-06-29 19:52 . 2009-06-29 19:52 81984 ----a-w- k:\windows\system32\bdod.bin
2009-06-29 19:42 . 2009-06-29 19:42 -------- d-----w- k:\users\wesley\AppData\Roaming\BitDefender
2009-06-29 19:41 . 2009-06-29 19:43 -------- d-----w- k:\programdata\BitDefender
2009-06-29 19:41 . 2009-06-29 19:53 -------- d-----w- k:\program files\Common Files\BitDefender
2009-06-24 20:53 . 2009-06-24 20:53 -------- d-----w- k:\programdata\ATI
2009-06-24 20:48 . 2009-06-24 20:48 10134 ----a-r- k:\users\wesley\AppData\Roaming\Microsoft\Installer\{4D917177-4E73-144B-EFFE-802EFF83D5B4}\ARPPRODUCTICON.exe
2009-06-24 20:47 . 2009-06-24 20:47 -------- d-----w- K:\ATI
2009-06-24 20:45 . 2009-02-20 16:10 153952 ----a-w- k:\windows\system32\drivers\RtHDMIV.sys
2009-06-24 20:45 . 2009-02-12 18:26 282112 ----a-w- k:\windows\system32\AHPCEE32.dll
2009-06-24 20:45 . 2009-02-09 18:01 991744 ----a-w- k:\windows\system32\RHDMIExt.dll
2009-06-19 15:57 . 2009-06-19 15:57 -------- d-----w- k:\program files\MSXML 4.0
2009-06-17 20:15 . 2009-06-17 20:15 -------- d-----w- k:\programdata\LightScribe
2009-06-17 20:15 . 2009-06-17 20:15 -------- d-----w- k:\windows\system32\ErrorLogs
2009-06-17 20:10 . 2008-08-20 03:33 1315328 ----a-w- k:\windows\system32\ole32.dll
2009-06-17 18:14 . 2006-12-01 23:26 57856 -c--a-w- k:\programdata\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\Windows\winsxs\7z1v718o.6n8\mfcm80u.dll
2009-06-17 18:12 . 2009-05-04 08:46 2835656 -c--a-w- k:\programdata\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\speedupmypc2009.exe
2009-06-17 18:12 . 2009-04-29 09:45 845128 -c--a-w- k:\programdata\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\58D97068\B74607BA\System.Data.SQLite.dll
2009-06-17 18:12 . 2009-04-29 09:45 771368 -c--a-w- k:\programdata\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\9966075F\B74607BA\UBSysMan.dll
2009-06-17 18:12 . 2009-04-29 09:45 614696 -c--a-w- k:\programdata\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\7AEFAE8C\B74607BA\Launcher.exe
2009-06-17 18:12 . 2009-04-29 09:45 54608 -c--a-w- k:\programdata\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\D720648F\B74607BA\Interop.IWshRuntimeLibrary.dll
2009-06-17 18:12 . 2009-04-29 09:45 519168 -c--a-w- k:\programdata\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\78B94F67\B74607BA\IsLicense40.dll
2009-06-17 18:12 . 2009-04-29 09:45 474408 -c--a-w- k:\programdata\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\62A3297F\B74607BA\AvalonCommon.dll
2009-06-17 18:12 . 2009-04-29 09:45 395048 -c--a-w- k:\programdata\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\C77843B\B74607BA\SUMPBackend.dll
2009-06-17 18:12 . 2009-04-29 09:45 345008 -c--a-w- k:\programdata\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\4BF757A\B74607BA\IsLicense30.dll
2009-06-17 18:12 . 2009-04-29 09:45 236840 -c--a-w- k:\programdata\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\683B013A\B74607BA\PowerSuiteBackendUtils.dll
2009-06-17 18:12 . 2009-04-29 09:45 197968 -c--a-w- k:\programdata\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\6A0591D6\B74607BA\ICSharpCode.SharpZipLib.dll
2009-06-17 18:12 . 2009-04-29 09:45 1250600 -c--a-w- k:\programdata\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\B430549D\B74607BA\SUMP.exe
2009-06-17 18:12 . 2009-06-17 18:12 -------- dc-h--w- k:\programdata\{A613CA96-150A-4A1D-90CE-67F81379DF8C}
2009-06-13 17:40 . 2009-06-24 20:39 -------- d-----w- k:\users\wesley\AppData\Roaming\Uniblue
2009-06-13 17:40 . 2009-04-21 16:28 2568216 -c--a-w- k:\programdata\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\Uniblue RegistryBooster.exe
2009-06-13 17:40 . 2009-06-24 20:38 -------- d-----w- k:\program files\Uniblue
2009-06-13 17:40 . 2008-08-26 16:48 99624 -c--a-w- k:\programdata\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\7390E4F0\6383BC9B\StartRegistryBooster.exe
2009-06-13 17:40 . 2008-08-26 16:48 757760 -c--a-w- k:\programdata\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\2B86F085\6383BC9B\UBVarRB.dll
2009-06-13 17:40 . 2008-08-26 16:48 6676480 -c--a-w- k:\programdata\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\4E45A1A4\6383BC9B\RegistryBooster.dll
2009-06-13 17:40 . 2008-08-26 16:48 497496 -c--a-w- k:\programdata\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\AF01B0B\6383BC9B\XceedZip.dll
2009-06-13 17:40 . 2008-08-26 16:48 413696 -c--a-w- k:\programdata\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\52CD59C9\6383BC9B\update.dll
2009-06-13 17:40 . 2008-08-26 16:48 2019624 -c--a-w- k:\programdata\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\7CE1607E\6383BC9B\RegistryBooster.exe
2009-06-13 17:40 . 2008-08-26 16:48 111912 -c--a-w- k:\programdata\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\65B92A91\6383BC9B\KillRBProcess.exe
2009-06-13 17:39 . 2009-06-13 17:40 -------- dc-h--w- k:\programdata\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-06-13 16:18 . 2009-06-13 16:18 -------- d-----w- k:\users\wesley\AppData\Roaming\PeerNetworking
2009-06-13 13:18 . 2009-06-13 13:18 -------- d-----w- k:\users\wesley\AppData\Roaming\ATI
2009-06-13 13:18 . 2009-06-13 13:18 -------- d-----w- k:\users\wesley\AppData\Local\ATI
2009-06-13 13:18 . 2009-06-13 13:18 0 ----a-w- k:\windows\ativpsrm.bin
2009-06-13 13:12 . 2009-06-24 20:53 -------- d-----w- k:\program files\ATI
2009-06-13 13:12 . 2009-06-24 20:50 -------- d-----w- k:\program files\ATI Technologies
2009-06-13 13:11 . 2009-03-16 20:26 159744 ----a-w- k:\windows\system32\atitmmxx.dll
2009-06-13 13:11 . 2009-03-16 20:25 348160 ----a-w- k:\windows\system32\atipdlxx.dll
2009-06-13 13:11 . 2009-03-16 20:25 43520 ----a-w- k:\windows\system32\ati2edxx.dll
2009-06-13 13:11 . 2009-03-16 20:11 3837440 ----a-w- k:\windows\system32\atiumdag.dll
2009-06-13 13:11 . 2009-03-16 19:53 4950528 ----a-w- k:\windows\system32\atiumdva.dll
2009-06-13 13:11 . 2008-09-30 21:53 270336 ------w- k:\windows\system32\Ati2evxx.dll
2009-06-13 13:11 . 2008-09-30 21:52 704512 ------w- k:\windows\system32\Ati2evxx.exe
2009-06-13 13:11 . 2008-09-30 21:15 3107788 ----a-w- k:\windows\system32\atiumdva.dat
2009-06-13 13:11 . 2008-09-23 13:58 118784 ----a-w- k:\windows\system32\atibrtmon.exe
2009-06-11 21:17 . 2009-06-12 15:58 -------- d-----w- K:\SMCLpav
2009-06-10 16:54 . 2009-06-10 16:54 -------- d-----w- k:\users\wesley\AppData\Roaming\GRETECH
2009-06-10 16:54 . 2009-06-10 16:54 -------- d-----w- k:\program files\GRETECH
2009-06-07 09:34 . 2009-06-07 09:34 56 ---ha-w- k:\windows\system32\ezsidmv.dat
2009-06-07 09:18 . 2009-06-07 09:18 -------- d-----w- k:\program files\iPod
2009-06-07 09:18 . 2009-06-07 09:18 -------- d-----w- k:\program files\iTunes
2009-06-07 09:17 . 2009-06-07 09:17 75048 ----a-w- k:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-06 15:58 . 2009-06-06 16:00 -------- d-----w- k:\program files\QuickTime
2009-06-02 21:51 . 2009-06-02 21:51 -------- dc----w- k:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-01 17:33 . 2009-05-11 22:07 -------- d-----w- k:\users\wesley\AppData\Roaming\vlc
2009-07-01 16:25 . 2009-05-11 22:24 -------- d-----w- k:\users\wesley\AppData\Roaming\Azureus
2009-06-30 19:15 . 2009-05-22 11:55 1356 ----a-w- k:\users\wesley\AppData\Local\d3d9caps.dat
2009-06-29 19:11 . 2009-05-13 20:54 -------- d-----w- k:\users\wesley\AppData\Roaming\Skype
2009-06-29 19:10 . 2009-05-13 20:55 -------- d-----w- k:\users\wesley\AppData\Roaming\skypePM
2009-06-24 21:00 . 2009-06-24 20:45 -------- d--h--w- k:\program files\Temp
2009-06-24 20:59 . 2009-05-10 13:30 319456 ----a-w- k:\windows\DIFxAPI.dll
2009-06-24 20:45 . 2009-06-24 20:21 49435232 ----a-w- k:\users\wesley\AppData\Roaming\Uniblue\DriverScanner\Download\pci_ven_1002_dev_954f8_600_0_0000.exe
2009-06-24 20:38 . 2009-06-24 20:38 -------- dc-h--w- k:\programdata\{8A09CD83-59E1-4DB1-AAFC-E25174FC6706}
2009-06-24 20:22 . 2009-06-24 20:22 16668058 ----a-w- k:\users\wesley\AppData\Roaming\Uniblue\DriverScanner\Download\hdaudio_func_01_ven_1002_dev_aa016_0_1_5796.exe
2009-06-22 21:40 . 2009-05-11 22:16 -------- d-----w- k:\users\wesley\AppData\Roaming\FrostWire
2009-06-21 15:22 . 2009-05-31 17:43 -------- d-----w- k:\program files\Lavasoft
2009-06-21 15:22 . 2009-05-30 20:49 -------- d-----w- k:\programdata\Lavasoft
2009-06-17 18:16 . 2009-06-17 18:15 -------- d-----w- k:\programdata\DriverScanner
2009-06-17 18:15 . 2009-06-17 18:15 -------- dc-h--w- k:\programdata\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-06-17 18:09 . 2009-05-11 21:47 -------- d-----w- k:\program files\Malwarebytes' Anti-Malware
2009-06-17 18:08 . 2009-05-30 14:00 3561743 ----a-w- k:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-17 09:27 . 2009-05-11 21:47 38160 ----a-w- k:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 09:27 . 2009-05-11 21:47 19096 ----a-w- k:\windows\system32\drivers\mbam.sys
2009-06-13 18:33 . 2009-05-15 15:48 -------- d-----w- k:\programdata\Microsoft Help
2009-06-13 15:21 . 2009-05-16 16:16 -------- d-----w- k:\users\wesley\AppData\Roaming\dvdcss
2009-06-13 12:42 . 2009-05-22 12:15 -------- d-----w- k:\programdata\NVIDIA
2009-06-11 20:44 . 2009-05-10 13:57 -------- d-----w- k:\program files\Panda Security
2009-06-11 20:44 . 2009-05-10 13:30 -------- d--h--w- k:\program files\InstallShield Installation Information
2009-06-10 17:54 . 2009-05-11 22:35 -------- d-----w- k:\program files\PS3 Media Server
2009-06-07 09:18 . 2009-05-11 21:40 -------- d-----w- k:\program files\Common Files\Apple
2009-06-07 09:18 . 2009-05-11 21:41 -------- d-----w- k:\programdata\Apple Computer
2009-06-01 18:38 . 2009-06-01 18:39 410984 ----a-w- k:\windows\system32\deploytk.dll
2009-06-01 18:38 . 2009-05-11 22:14 -------- d-----w- k:\program files\Java
2009-05-30 13:55 . 2009-05-30 12:56 -------- d-----w- k:\programdata\iolo
2009-05-30 13:00 . 2009-05-30 12:56 -------- d-----w- k:\users\wesley\AppData\Roaming\iolo
2009-05-24 12:30 . 2009-05-24 12:30 3584 ----a-r- k:\users\wesley\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-05-24 12:30 . 2009-05-24 12:30 -------- d-----w- k:\program files\Windows Installer Clean Up
2009-05-24 12:29 . 2009-05-13 21:21 -------- d-----w- k:\program files\MSECache
2009-05-23 14:47 . 2009-05-11 22:32 53319 ----a-w- k:\programdata\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2009-05-18 17:29 . 2009-05-18 17:29 -------- d-----w- k:\programdata\WindowsSearch
2009-05-17 11:06 . 2009-05-10 13:26 99864 ----a-w- k:\users\wesley\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-17 10:09 . 2009-05-17 10:05 -------- d-----w- k:\programdata\Zoom Player
2009-05-17 10:05 . 2009-05-17 10:05 -------- d-----w- k:\program files\Zoom Player
2009-05-17 09:56 . 2009-05-17 09:56 -------- d-----w- k:\program files\Microsoft CAPICOM 2.1.0.2
2009-05-17 09:55 . 2009-05-14 18:27 -------- d-----w- k:\program files\Microsoft
2009-05-17 09:51 . 2009-05-17 09:40 -------- d-----w- k:\program files\Microsoft Works
2009-05-17 09:40 . 2009-05-17 09:40 -------- d-----w- k:\program files\MSBuild
2009-05-17 09:38 . 2009-05-17 09:38 -------- d-----w- k:\program files\Microsoft.NET
2009-05-17 09:36 . 2009-05-17 09:36 -------- d-----w- k:\program files\Microsoft Visual Studio 8
2009-05-16 15:58 . 2009-05-16 15:58 -------- d-----w- k:\programdata\WLInstaller
2009-05-15 16:23 . 2009-05-15 16:23 -------- d-----w- k:\programdata\Office Genuine Advantage
2009-05-14 18:27 . 2009-05-14 18:18 -------- d-----w- k:\program files\Windows Live
2009-05-14 18:18 . 2009-05-14 18:18 -------- d-----w- k:\program files\Windows Live SkyDrive
2009-05-14 17:45 . 2009-05-14 17:31 53319 ----a-w- k:\programdata\Temp\{2B55AF83-017A-4C81-9324-D9D3255642A6}\PostBuild.exe
2009-05-14 17:41 . 2006-11-02 12:37 -------- d-----w- k:\program files\Windows Defender
2009-05-14 17:40 . 2009-05-14 17:40 -------- d-----w- k:\program files\Microsoft Games
2009-05-14 17:40 . 2006-11-02 12:37 -------- d-----w- k:\program files\Windows Journal
2009-05-14 17:40 . 2009-05-14 17:40 41976 ----a-w- k:\windows\inf\PERFLIB\0413\perfd.dat
2009-05-14 17:40 . 2009-05-14 17:40 336440 ----a-w- k:\windows\inf\PERFLIB\0413\perfi.dat
2009-05-14 17:40 . 2009-05-14 17:40 336440 ----a-w- k:\windows\inf\PERFLIB\0413\perfh.dat
2009-05-14 17:40 . 2009-05-14 17:40 41976 ----a-w- k:\windows\inf\PERFLIB\0413\perfc.dat
2009-05-14 17:40 . 2006-11-02 12:37 -------- d-----w- k:\program files\Windows Collaboration
2009-05-14 17:38 . 2006-11-02 12:37 -------- d-----w- k:\program files\Windows Calendar
2009-05-14 17:38 . 2006-11-02 12:37 -------- d-----w- k:\program files\Windows Sidebar
2009-05-14 17:38 . 2006-11-02 11:18 -------- d-----w- k:\program files\Windows Mail
2009-05-14 17:38 . 2006-11-02 12:37 -------- d-----w- k:\program files\Windows Photo Gallery
2009-05-14 17:32 . 2009-05-14 17:32 -------- d-----w- k:\program files\Vista Language Packs
2009-05-14 17:00 . 2009-05-14 17:00 -------- d-----w- k:\program files\Bonjour
2009-05-14 17:00 . 2009-05-14 17:00 -------- d-----w- k:\program files\Apple Software Update
2009-05-14 16:44 . 2009-05-13 21:05 -------- d-----w- k:\program files\Vivid WorkshopData ATI
2009-05-13 21:08 . 2009-05-13 21:07 -------- d-----w- k:\program files\FrostWire
2009-05-13 21:08 . 2009-05-13 21:05 -------- d--h--w- k:\program files\Zero G Registry
2009-05-13 21:08 . 2009-05-13 21:08 -------- d-----w- k:\programdata\WorkshopData
2009-05-13 21:03 . 2009-05-11 22:09 -------- d-----w- k:\program files\Trend Micro
2009-05-13 21:02 . 2009-05-13 21:02 45056 ----a-r- k:\users\wesley\AppData\Roaming\Microsoft\Installer\{35A98817-8931-4435-AB68-B2B81F06A318}\NewShortcut1_35A9881789314435AB68B2B81F06A318_12.exe
2009-05-13 21:02 . 2009-05-13 21:02 40960 ----a-r- k:\users\wesley\AppData\Roaming\Microsoft\Installer\{35A98817-8931-4435-AB68-B2B81F06A318}\ARPPRODUCTICON.exe
2009-05-13 21:02 . 2009-05-13 21:02 -------- d-----w- k:\program files\DFF
2009-05-13 21:01 . 2009-05-13 21:01 -------- d-----w- k:\program files\CCleaner
2009-05-13 20:53 . 2009-05-13 20:53 -------- d-----w- k:\program files\Common Files\Skype
2009-05-13 20:53 . 2009-05-13 20:53 -------- d-----r- k:\program files\Skype
2009-05-13 20:53 . 2009-05-13 20:53 -------- d-----w- k:\programdata\Skype
2009-05-13 20:50 . 2009-05-13 20:50 -------- d-----w- k:\program files\Alcohol Soft
2009-05-13 20:47 . 2009-05-11 21:43 -------- d-----w- k:\program files\Common Files\Adobe
2009-05-13 16:50 . 2009-05-13 16:50 -------- d-----w- k:\users\wesley\AppData\Roaming\Locktime
2009-05-11 22:46 . 2009-05-11 22:46 721904 ----a-w- k:\windows\system32\drivers\sptd.sys
2009-05-11 22:37 . 2009-05-11 22:34 -------- d-----w- k:\users\wesley\AppData\Roaming\CyberLink
2009-05-11 22:37 . 2009-05-11 22:34 -------- d-----w- k:\programdata\CyberLink
2009-05-11 22:33 . 2009-05-11 22:33 -------- d-----w- k:\program files\Common Files\CyberLink
2009-05-11 22:31 . 2009-05-11 22:32 29480 ----a-w- k:\windows\system32\msxml3a.dll
2009-05-11 22:30 . 2009-05-11 22:29 176 ----a-w- k:\users\wesley\AppData\Roaming\Azureus\restart.bat
2009-05-11 22:30 . 2009-05-11 22:30 0 ----a-w- k:\users\wesley\AppData\Roaming\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2009-05-11 22:29 . 2009-05-11 22:23 -------- d-----w- k:\program files\Vuze
2009-05-11 22:28 . 2009-05-11 22:28 -------- d-----w- k:\users\wesley\AppData\Roaming\Xilisoft Corporation
2009-05-11 22:27 . 2009-05-11 22:27 -------- d-----w- k:\program files\Xilisoft
2009-05-11 22:24 . 2009-05-11 22:24 -------- d-----w- k:\programdata\Azureus
2009-05-11 22:14 . 2009-05-11 22:14 -------- d-----w- k:\program files\Common Files\Java
2009-05-11 22:04 . 2009-05-11 22:04 -------- d-----w- k:\program files\VideoLAN
2009-05-11 22:00 . 2009-05-11 22:00 -------- d-----w- k:\programdata\Locktime
2009-05-11 22:00 . 2009-05-11 22:00 -------- d-----w- k:\program files\NetLimiter 2 Monitor
2009-05-11 21:56 . 2009-05-11 21:55 604416 ----a-w- k:\windows\system32\TUProgSt.exe
2009-05-11 21:56 . 2009-05-11 21:56 361216 ----a-w- k:\windows\system32\TuneUpDefragService.exe
2009-05-11 21:56 . 2009-05-11 21:54 -------- d-----w- k:\program files\TuneUp Utilities 2009
2009-05-11 21:54 . 2009-05-11 21:54 -------- d-----w- k:\users\wesley\AppData\Roaming\TuneUp Software
2009-05-11 21:54 . 2009-05-11 21:54 -------- d-----w- k:\programdata\TuneUp Software
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="k:\program files\Alcohol Soft\Alcohol 52\axcmd.exe" [2009-04-24 203416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="k:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"StartCCC"="k:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-17 61440]
"RtHDVCpl"="RtHDVCpl.exe" - k:\windows\RtHDVCpl.exe [2008-05-20 6144000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="k:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="k:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="k:\program files\Java\jre6\bin\jusched.exe"
"Adobe Reader Speed Launcher"="k:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{2881AC5B-3C63-4F7B-BD40-860AC6BCD90B}k:\\program files\\vuze\\azureus.exe"= UDP:k:\program files\vuze\azureus.exe:Azureus
"UDP Query User{CAE69ED6-A908-4063-A5A7-EA6C050BE1A7}k:\\program files\\vuze\\azureus.exe"= TCP:k:\program files\vuze\azureus.exe:Azureus
"{DDB1DF1C-2C8B-46D0-A5BA-5E5FF1A57E10}"= k:\program files\Skype\Phone\Skype.exe

kype
"{6395173E-8797-48CB-985C-021F640CE831}"= UDP:k:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{773F4F0A-0D36-4ADA-848C-0F577FADBC1E}"= TCP:k:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4608604E-71A7-4CF6-B392-E24FD08E5C76}"= TCP:6004|k:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{E2E15C7A-7E79-4F9A-80F3-ADF69C614526}"= UDP:k:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{A01EFF30-6D4F-420C-A511-92AC6CD0C5DE}"= TCP:k:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{76F7E388-50BC-4464-8CFF-AAC615BDA7BB}"= UDP:k:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{34ADAA93-7080-47F5-AAFC-14292FD18CFB}"= TCP:k:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{F7A0E569-48E6-4472-ABAF-585784781D92}k:\\program files\\java\\jre1.6.0_07\\bin\\javaw.exe"= UDP:k:\program files\java\jre1.6.0_07\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{4E60E295-F544-4A46-B220-D328C44942D3}k:\\program files\\java\\jre1.6.0_07\\bin\\javaw.exe"= TCP:k:\program files\java\jre1.6.0_07\bin\javaw.exe:Java(TM) Platform SE binary
"{B75A8CBF-D616-4311-BC08-5100CB8496F1}"= UDP:k:\program files\iTunes\iTunes.exe:iTunes
"{F32919FC-D955-42DF-9E42-E028AE0831DA}"= TCP:k:\program files\iTunes\iTunes.exe:iTunes
"{F9B8D764-4C82-4594-A795-BC1D1B859C1D}"= k:\program files\Skype\Phone\Skype.exe

kype
"TCP Query User{3FC141A6-3FA6-492F-8C29-06FE0BEEBA39}k:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:k:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{6C159EFC-ECCF-42E0-AC41-F3BBA4B2D5A1}k:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:k:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"{D97CC739-47E5-49EB-BD92-D3BBB067C45D}"= k:\program files\Skype\Phone\Skype.exe

kype
"{F1CDC86C-6CB6-47CA-9EA4-5949754F27F1}"= k:\program files\Skype\Phone\Skype.exe

kype
R1 ElRawDisk;ElRawDisk;k:\windows\System32\drivers\elrawdsk.sys [30/05/2009 14:58 20392]
R1 nltdi;nltdi;k:\windows\System32\drivers\nltdi.sys [23/04/2007 18:08 81688]
R2 AMD External Events Utility;AMD External Events Utility;k:\windows\System32\atiesrxx.exe [16/03/2009 22:27 180224]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;k:\windows\System32\TUProgSt.exe [11/05/2009 23:55 604416]
R2 Uniblue DiskRescue;Uniblue DiskRescue;k:\program files\Uniblue\DiskRescue\UBDiskRescueSrv.exe [10/09/2008 17:22 229648]
R2 wlidsvc;Windows Live ID Sign-in Assistant;k:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 16:28 1533808]
S3 AtiHdmiService;ATI Function Driver for HDMI Service;k:\windows\System32\drivers\AtiHdmi.sys [20/02/2009 7:17 95760]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"k:\windows\System32\rundll32.exe" "k:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Inhoud van de 'Gedeelde Taken' map
2009-07-01 k:\windows\Tasks\1-klik Onderhoud.job
- k:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:51]
2009-06-30 k:\windows\Tasks\OGADaily.job
- k:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
2009-07-01 k:\windows\Tasks\OGALogon.job
- k:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
2009-06-24 k:\windows\Tasks\Uniblue DiskRescue 2009.job
- k:\program files\Uniblue\DiskRescue\UBDiskRescue.exe [2008-09-10 15:22]
2009-07-01 k:\windows\Tasks\User_Feed_Synchronization-{6003FA04-85B3-4C9A-9EC5-F8F874DC6B52}.job
- k:\windows\system32\msfeedssync.exe [2009-05-10 11:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
IE: E&xport to Microsoft Excel - k:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xporteren naar Microsoft Excel - k:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
.
------- Bestandsassociaties -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
GMER - Rootkit Detector and Remover
Rootkit scan 2009-07-01 21:14
Windows 6.0.6001 Service Pack 1 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2009-07-01 21:15
ComboFix-quarantined-files.txt 2009-07-01 19:15
Pre-Run: 84.455.256.064 bytes beschikbaar
Post-Run: 84.467.773.440 bytes beschikbaar
281 --- E O F --- 2009-06-29 16:53
HIER LOGJE HIJACKTHIS:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:16:38, on 1/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
K:\Windows\system32\Dwm.exe
K:\Windows\SYSTEM32\taskeng.exe
K:\Windows\RtHDVCpl.exe
K:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
K:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
K:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
K:\Program Files\NetLimiter 2 Monitor\NLClient.exe
K:\Windows\system32\conime.exe
K:\Windows\system32\SearchFilterHost.exe
K:\Windows\Explorer.exe
K:\Program Files\Opera\opera.exe
K:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - K:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - K:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - K:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - K:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - K:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [GrooveMonitor] "K:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StartCCC] "K:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [AlcoholAutomount] "K:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O8 - Extra context menu item: E&xport to Microsoft Excel - res://K:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://K:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - K:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - K:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - K:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - K:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - K:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -
http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - K:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - K:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AMD External Events Utility - AMD - K:\Windows\system32\atiesrxx.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - K:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - K:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - K:\Windows\SYSTEM32\crypserv.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - K:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - K:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - K:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - K:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - K:\Windows\System32\TUProgSt.exe
O23 - Service: Uniblue DiskRescue - Uniblue - K:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe
--
End of file - 4875 bytes