ComboFix 09-05-15.06 - Matthias 16/05/2009 14:16.1 - NTFSx86 Gestart vanuit: c:\documents and settings\Matthias\Mijn documenten\Downloads\ComboFix.exe . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Matthias\Application Data\inst.exe c:\program files\SoftwareOnline c:\recycler\S-1-5-21-2226183215-1036156495-499020687-1007\Dc4.zip c:\recycler\S-1-5-21-2226183215-1036156495-499020687-1007\INFO2 c:\recycler\S-1-5-21-2226183215-1036156495-499020687-501\Dc1\Verwijder Van Dale Snelzoeker Pocketwoordenboek Nederlands.lnk c:\recycler\S-1-5-21-2226183215-1036156495-499020687-501\INFO2 c:\windows\system32\drivers\npf.sys c:\windows\system32\Packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\WanPacket.dll c:\windows\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_NPF (((((((((((((((((((( Bestanden Gemaakt van 2009-04-16 to 2009-05-16 )))))))))))))))))))))))))))))) . 2009-05-16 10:23 . 2009-05-16 10:23 -------- d-----w c:\documents and settings\Matthias\Application Data\Malwarebytes 2009-05-16 10:22 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-16 10:22 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-16 10:22 . 2009-05-16 10:22 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-05-16 10:22 . 2009-05-16 10:23 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-05-15 17:49 . 2009-05-15 17:49 -------- d-----w c:\program files\Trend Micro 2009-05-15 15:17 . 2009-02-15 22:10 1221512 ----a-w c:\windows\system32\zpeng25.dll 2009-05-15 15:17 . 2009-05-15 15:17 -------- d-----w c:\program files\Zone Labs 2009-05-15 13:56 . 2009-05-15 15:18 -------- d-----w c:\program files\AskBarDis 2009-05-14 19:01 . 2009-05-16 12:10 -------- d--h--r c:\documents and settings\Matthias\Onlangs geopend 2009-05-13 19:17 . 2009-05-13 19:17 -------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters 2009-05-13 19:09 . 2009-05-13 19:14 -------- d-----w c:\program files\Driver Checker 2009-05-12 19:17 . 2009-05-12 19:25 -------- d-----w c:\program files\PFConfig 2009-05-07 16:21 . 2009-05-15 16:19 -------- d-----w c:\program files\Guild Wars 2009-05-04 19:24 . 2009-05-05 17:35 -------- d-----w c:\documents and settings\Matthias\Application Data\Auslogics 2009-05-04 19:23 . 2009-05-04 19:23 -------- d-----w c:\program files\Auslogics 2009-05-01 12:21 . 2009-05-14 19:07 -------- d-----w c:\documents and settings\Matthias\Application Data\Mp3tag 2009-05-01 12:20 . 2009-05-01 12:20 -------- d-----w c:\program files\Mp3tag 2009-04-29 16:09 . 2009-04-29 16:09 -------- d-----w c:\program files\MPMAN 2009-04-28 16:38 . 2009-04-28 16:38 -------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2009-04-28 16:38 . 2009-04-28 16:38 -------- d-----w c:\program files\DAEMON Tools Toolbar 2009-04-28 16:37 . 2009-04-28 16:38 -------- d-----w c:\program files\DAEMON Tools Lite 2009-04-28 16:33 . 2009-04-28 16:39 -------- d-----w c:\documents and settings\Matthias\Application Data\DAEMON Tools Lite . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-16 12:22 . 2007-10-11 07:45 -------- d-----w c:\program files\SPAMfighter 2009-05-15 16:47 . 2008-04-21 14:47 -------- d-----w c:\program files\Mozilla Firefox 3 Beta 5 2009-05-15 15:42 . 2008-06-26 18:51 -------- d-----w c:\program files\Mozilla Thunderbird 2009-05-15 15:17 . 2005-08-10 16:11 4212 -c-ha-w c:\windows\system32\zllictbl.dat 2009-05-15 15:14 . 2009-05-15 15:14 0 ----a-w C:\XES6D.tmp 2009-05-14 14:35 . 2008-07-07 12:40 -------- d-----w c:\program files\Ashampoo 2009-05-13 18:58 . 2007-08-14 14:44 -------- d-----w c:\program files\IObit 2009-05-13 14:03 . 2008-04-14 17:02 712704 ----a-w c:\windows\system32\windowscodecs.dll 2009-05-13 14:03 . 2003-01-26 23:48 147456 ----a-w c:\windows\system32\vbzip11.dll 2009-05-13 13:47 . 2008-02-25 17:51 -------- d-----w c:\program files\AviSynth 2.5 2009-05-13 13:45 . 2008-02-28 17:27 -------- d-----w c:\program files\Windows Live 2009-05-13 13:43 . 2008-07-21 19:17 -------- d-----w c:\program files\SweetIM 2009-05-13 13:22 . 2009-02-28 16:40 -------- d-----r c:\program files\Kompozer 2009-05-13 13:22 . 2009-02-15 14:22 -------- d-----w c:\program files\Recovery for Publisher 2009-05-13 13:22 . 2009-01-02 15:42 -------- d-----w c:\program files\WinPcap 2009-05-13 13:22 . 2008-02-28 17:36 -------- d-----w c:\program files\Windows Live Toolbar 2009-05-11 18:55 . 2004-09-10 16:23 172032 ----a-w c:\windows\system32\scrrun.dll 2009-05-06 12:12 . 2008-06-19 15:43 -------- d-----w c:\program files\Lexmark X1100 Series 2009-05-04 19:16 . 2008-07-02 17:52 34 -c--a-w c:\documents and settings\Matthias\jagex_runescape_preferences.dat 2009-04-28 16:33 . 2008-10-28 09:53 721904 ----a-w c:\windows\system32\drivers\sptd.sys 2009-04-26 10:33 . 2005-02-12 18:57 -------- d-----w c:\program files\Java 2009-04-21 17:04 . 2009-01-26 17:56 -------- d-----w c:\program files\Songbird 2009-04-15 11:05 . 2004-09-10 16:24 84940 -c--a-w c:\windows\system32\perfc013.dat 2009-04-15 11:05 . 2004-09-10 16:24 475976 -c--a-w c:\windows\system32\perfh013.dat 2009-04-11 15:19 . 2005-03-16 17:55 86104 -c--a-w c:\documents and settings\Matthias\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-09 13:16 . 2009-01-12 19:28 -------- d-----w c:\program files\DNA 2009-04-09 12:39 . 2008-10-28 11:08 -------- d-----w c:\program files\MagicISO 2009-04-01 14:41 . 2009-04-01 14:41 201728 ----a-w c:\windows\system32\Esprit collection 2009.scr 2009-03-26 19:32 . 2009-03-26 19:26 -------- d-----w c:\program files\Microsoft 2009-03-26 19:30 . 2009-03-26 19:30 -------- d-----w c:\program files\Microsoft Sync Framework 2009-03-26 19:28 . 2009-03-26 19:28 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition 2009-03-26 19:20 . 2009-03-26 19:20 -------- d-----w c:\program files\Common Files\Windows Live 2009-03-25 10:34 . 2007-11-18 15:47 -------- d-----r c:\program files\Skype 2009-03-17 18:36 . 2009-03-17 18:36 201728 ----a-w c:\windows\system32\ESPRIT_collection.scr 2009-03-09 03:19 . 2009-01-29 18:35 410984 -c--a-w c:\windows\system32\deploytk.dll 2009-03-06 14:23 . 2004-09-10 16:23 285696 ----a-w c:\windows\system32\pdh.dll 2009-03-03 00:16 . 2004-09-10 16:23 826368 ----a-w c:\windows\system32\wininet.dll 2009-02-20 17:18 . 2004-09-10 16:23 78336 -c--a-w c:\windows\system32\ieencode.dll 2007-02-14 08:44 . 2005-06-20 17:36 518 -c--a-w c:\program files\CA4E15S.key . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Google Update"="c:\documents and settings\Matthias\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-02-28 133104] "Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-04-30 2329936] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "ATIPTA"="c:\ati technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 339968] "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576] "avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-02-05 81000] "SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2009-03-12 326792] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-30 185896] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "wave1"= serwvdrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R3 AmeAtmPc;AmeAtmPc;c:\windows\system32\DRIVERS\AmeAtmPc.sys [x] R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16512] R3 AtmElan;ATM geëmuleerde LAN;c:\windows\system32\DRIVERS\atmlane.sys [2008-04-13 55808] R3 AtmLane;ATM LAN-emulatie;c:\windows\system32\DRIVERS\atmlane.sys [2008-04-13 55808] R3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360] R3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-06 33752] R3 hitmanpro3;Hitman Pro 3 Support Driver;c:\windows\system32\drivers\hitmanpro3.sys [x] S1 aswSP;avast! Self Protection; [x] S1 bbcap;bbcap;c:\windows\system32\DRIVERS\bbcap.sys [2007-07-15 2944] S1 mchInjDrv;madCodeHook DLL injection driver;c:\windows\system32\Drivers\mchInjDrv.sys [2008-06-24 2560] S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560] S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152] S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] S2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2009-01-16 184968] S3 Cap713x;Cap713x Video Capture;c:\windows\system32\DRIVERS\Cap713x.sys [2004-10-08 751104] --- Andere Services/Drivers In Geheugen --- *Deregistered* - Aavmker4 *Deregistered* - abp480n5 *Deregistered* - adpu160m *Deregistered* - AFD *Deregistered* - agpCPQ *Deregistered* - Aha154x *Deregistered* - aic78u2 *Deregistered* - aic78xx *Deregistered* - ALG *Deregistered* - AliIde *Deregistered* - alim1541 *Deregistered* - amdagp *Deregistered* - amsint *Deregistered* - asc *Deregistered* - asc3350p *Deregistered* - asc3550 *Deregistered* - aswFsBlk *Deregistered* - aswMon2 *Deregistered* - aswRdr *Deregistered* - aswSP *Deregistered* - aswTdi *Deregistered* - aswUpdSv *Deregistered* - ATI Smart *Deregistered* - atksgt *Deregistered* - Atmuni *Deregistered* - AudioSrv *Deregistered* - audstub *Deregistered* - avast! Antivirus *Deregistered* - avast! Mail Scanner *Deregistered* - avast! Web Scanner *Deregistered* - bbcap *Deregistered* - Beep *Deregistered* - Browser *Deregistered* - cbidf *Deregistered* - cd20xrnt *Deregistered* - Cdfs *Deregistered* - CmdIde *Deregistered* - Cpqarray *Deregistered* - CryptSvc *Deregistered* - dac2w2k *Deregistered* - dac960nt *Deregistered* - DcomLaunch *Deregistered* - Dhcp *Deregistered* - dmserver *Deregistered* - Dnscache *Deregistered* - dpti2o *Deregistered* - ERSvc *Deregistered* - EventSystem *Deregistered* - FastUserSwitchingCompatibility *Deregistered* - Fips *Deregistered* - FltMgr *Deregistered* - fssfltr *Deregistered* - Ftdisk *Deregistered* - Gpc *Deregistered* - gusvc *Deregistered* - helpsvc *Deregistered* - HidServ *Deregistered* - hpn *Deregistered* - HTTP *Deregistered* - HTTPFilter *Deregistered* - i2omgmt *Deregistered* - i2omp *Deregistered* - ImapiService *Deregistered* - ini910u *Deregistered* - IntelIde *Deregistered* - IpNat *Deregistered* - IPSec *Deregistered* - JavaQuickStarterService *Deregistered* - KSecDD *Deregistered* - lanmanserver *Deregistered* - lanmanworkstation *Deregistered* - LexBceS *Deregistered* - lirsgt *Deregistered* - LmHosts *Deregistered* - mchInjDrv *Deregistered* - MDM *Deregistered* - mnmdd *Deregistered* - MountMgr *Deregistered* - mraid35x *Deregistered* - MRxSmb *Deregistered* - Msfs *Deregistered* - MSIServer *Deregistered* - mssmbios *Deregistered* - Mup *Deregistered* - NDIS *Deregistered* - NdisTapi *Deregistered* - Ndisuio *Deregistered* - NdisWan *Deregistered* - NDProxy *Deregistered* - NetBIOS *Deregistered* - NetBT *Deregistered* - Netman *Deregistered* - Nla *Deregistered* - Npfs *Deregistered* - Ntfs *Deregistered* - Null *Deregistered* - PartMgr *Deregistered* - PCIIde *Deregistered* - perc2 *Deregistered* - perc2hib *Deregistered* - PptpMiniport *Deregistered* - ProtectedStorage *Deregistered* - PSched *Deregistered* - ql1080 *Deregistered* - Ql10wnt *Deregistered* - ql12160 *Deregistered* - ql1240 *Deregistered* - ql1280 *Deregistered* - RasAcd *Deregistered* - Rasl2tp *Deregistered* - RasMan *Deregistered* - RasPppoe *Deregistered* - Raspti *Deregistered* - Rawwan *Deregistered* - Rdbss *Deregistered* - RDPCDD *Deregistered* - RecAgent *Deregistered* - RpcSs *Deregistered* - SamSs *Deregistered* - Schedule *Deregistered* - SeaPort *Deregistered* - seclogon *Deregistered* - SENS *Deregistered* - SharedAccess *Deregistered* - ShellHWDetection *Deregistered* - SLService *Deregistered* - SlWdmSup *Deregistered* - SPAMfighter Update Service *Deregistered* - Sparrow *Deregistered* - Spooler *Deregistered* - sptd *Deregistered* - sr *Deregistered* - srescan *Deregistered* - srservice *Deregistered* - Srv *Deregistered* - SSDPSRV *Deregistered* - swenum *Deregistered* - sym_hi *Deregistered* - sym_u3 *Deregistered* - symc810 *Deregistered* - symc8xx *Deregistered* - SymWSC *Deregistered* - TapiSrv *Deregistered* - Tcpip *Deregistered* - TermDD *Deregistered* - TermService *Deregistered* - Themes *Deregistered* - TosIde *Deregistered* - uagp35 *Deregistered* - ultra *Deregistered* - UMWdf *Deregistered* - Update *Deregistered* - VgaSave *Deregistered* - viaagp *Deregistered* - VolSnap *Deregistered* - vsdatant *Deregistered* - vsmon *Deregistered* - W32Time *Deregistered* - Wanarp *Deregistered* - winmgmt *Deregistered* - wscsvc *Deregistered* - wuauserv *Deregistered* - WZCSVC . Inhoud van de 'Gedeelde Taken' map 2009-05-16 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-23 16:17] 2009-05-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2226183215-1036156495-499020687-1008.job - c:\documents and settings\Matthias\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-28 18:29] 2009-05-15 c:\windows\Tasks\HDReg.job - c:\apps\HDReg\HDRegRem.exe [2005-02-12 10:14] 2007-12-19 c:\windows\Tasks\Herinnering voor registratie 1.job - c:\windows\system32\OOBE\oobebaln.exe [2004-09-10 17:03] 2005-02-26 c:\windows\Tasks\Herinnering voor registratie 3.job - c:\windows\system32\OOBE\oobebaln.exe [2004-09-10 17:03] 2009-03-28 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] 2009-05-16 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.belgacom.net uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://nl.packardbell.be/easysearch/index.asp?query=1 uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm FF - ProfilePath - c:\documents and settings\Matthias\Application Data\Mozilla\Firefox\Profiles\lynu7ss8.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2088433&SearchSource=3&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.ultimate-guitar.com/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2088433&q= FF - component: c:\documents and settings\Matthias\Application Data\Mozilla\Firefox\Profiles\lynu7ss8.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll FF - plugin: c:\documents and settings\Matthias\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\npOGAPlugin.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll ---- FIREFOX POLICIES ---- FF - user.js: browser.cache.memory.capacity - 16000 FF - user.js: browser.chrome.favicons - fales FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.search.openintab - false FF - user.js: browser.tabs.closeButtons - 1 FF - user.js: browser.tabs.opentabfor.middleclick - true FF - user.js: browser.tabs.tabMinWidth - 100 FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: content.max.tokenizing.time - 3000000 FF - user.js: content.maxtextrun - 4095 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 1000000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 1000000 FF - user.js: dom.disable_window_status_change - true FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: network.prefetch-next - true FF - user.js: nglayout.initialpaint.delay - 1000 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-16 14:22 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{61E02159-A14A-FC32-018FB6A6B5E128FA}\{BE08726F-5794-26E4-FF65539D238093C7}\{FD6EFD08-28CD-2519-DC89D4AD1DA3D3A5}*] "IQNBLELQUCQAXRDYSTMOPE2WKD1"=hex:01,00,01,00,00,00,00,00,18,9b,fa,a9,f5,0c,d9, 2d,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(756) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\ZoneLabs\vsmon.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\apps\ABOARD\AOSD.EXE c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\windows\system32\wdfmgr.exe c:\program files\Common Files\Symantec Shared\Security Center\symwsc.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\msiexec.exe . ************************************************************************** . Voltooingstijd: 2009-05-16 14:26 - machine werd herstart ComboFix-quarantined-files.txt 2009-05-16 12:26 Pre-Run: 104.239.292.416 bytes beschikbaar Post-Run: 104.192.245.760 bytes beschikbaar 420 --- E O F --- 2009-05-13 19:37