ComboFix 09-08-20.07 - Steven 08/21/2009 17:25.4.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.1022.474 [GMT 2:00] Gestart vanuit: c:\documents and settings\Steven\Mijn documenten\Downloads\ComboFix.exe AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\win.ini . (((((((((((((((((((( Bestanden Gemaakt van 2009-07-21 to 2009-08-21 )))))))))))))))))))))))))))))) . 2009-08-21 14:21 . 2009-08-21 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-21 13:00 . 2009-08-20 08:00 87888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090820.038\NAVENG.SYS 2009-08-21 13:00 . 2009-08-20 08:00 875728 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090820.038\NAVEX15.SYS 2009-08-21 13:00 . 2009-08-20 08:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090820.038\NAVENG32.DLL 2009-08-21 13:00 . 2009-08-20 08:00 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090820.038\NAVEX32A.DLL 2009-08-21 13:00 . 2009-08-20 08:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090820.038\EECTRL.SYS 2009-08-21 13:00 . 2009-08-20 08:00 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090820.038\ECMSVR32.DLL 2009-08-21 13:00 . 2009-08-20 08:00 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090820.038\CCERASER.DLL 2009-08-21 13:00 . 2009-08-20 08:00 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090820.038\ERASER.SYS 2009-08-21 12:44 . 2009-08-20 23:39 165240 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll 2009-08-20 23:43 . 2009-07-11 23:15 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\Scxpx86.dll 2009-08-20 23:43 . 2009-07-11 23:15 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSxpx86.dll 2009-08-20 23:43 . 2009-07-11 23:15 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSviA64.sys 2009-08-20 23:43 . 2009-07-11 23:15 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSvix86.sys 2009-08-20 23:43 . 2009-07-11 23:15 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys 2009-08-20 23:40 . 2009-08-20 23:40 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-08-20 23:38 . 2009-08-21 12:59 -------- d-----w- c:\windows\system32\drivers\NAV 2009-08-20 23:38 . 2009-08-20 23:38 -------- d-----w- c:\program files\Norton AntiVirus 2009-08-20 23:38 . 2009-08-20 23:38 -------- d-----w- c:\program files\Windows Sidebar 2009-08-20 23:38 . 2009-08-20 23:38 -------- d-----w- c:\program files\NortonInstaller 2009-08-20 23:09 . 2009-08-20 23:09 -------- d-----w- c:\documents and settings\Steven\Local Settings\Application Data\Tific 2009-08-20 23:09 . 2009-08-20 23:09 -------- d-----w- c:\documents and settings\Steven\Application Data\Tific 2009-08-20 23:09 . 2009-08-20 23:09 -------- d-----w- c:\documents and settings\Steven\Local Settings\Application Data\Symantec 2009-08-20 23:07 . 2009-08-20 23:07 -------- d-----w- c:\windows\system32\drivers\NIS 2009-08-20 23:07 . 2009-08-20 23:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2009-08-20 23:06 . 2009-08-20 23:07 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-08-20 22:30 . 2009-08-20 22:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software 2009-08-20 18:49 . 2009-08-20 18:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment 2009-08-20 08:00 . 2009-08-20 08:00 87888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090820.022\NAVENG.SYS 2009-08-20 08:00 . 2009-08-20 08:00 875728 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090820.022\NAVEX15.SYS 2009-08-20 08:00 . 2009-08-20 08:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090820.022\EECTRL.SYS 2009-08-20 08:00 . 2009-08-20 08:00 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090820.022\ECMSVR32.DLL 2009-08-20 08:00 . 2009-08-20 08:00 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090820.022\CCERASER.DLL 2009-08-20 08:00 . 2009-08-20 08:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090820.022\NAVENG32.DLL 2009-08-20 08:00 . 2009-08-20 08:00 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090820.022\NAVEX32A.DLL 2009-08-20 08:00 . 2009-08-20 08:00 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090820.022\ERASER.SYS 2009-08-18 12:59 . 2009-08-18 12:59 -------- d-----w- c:\program files\LimeWire 2009-08-17 12:30 . 2009-08-21 15:20 -------- d--h--r- c:\documents and settings\Steven\Onlangs geopend 2009-08-17 12:25 . 2009-08-17 12:27 -------- d-----w- c:\windows\SHELLNEW 2009-08-17 12:25 . 2009-08-17 12:25 -------- d-----w- c:\program files\Microsoft.NET 2009-08-17 09:58 . 2009-08-17 10:14 52224 ----a-w- c:\documents and settings\Steven\Application Data\Mozilla\Firefox\Profiles\1jdtqz0b.default\extensions\{b921a072-09a1-4d62-adc4-339176a59f90}\components\FFExternalAlert.dll 2009-08-17 09:58 . 2009-08-17 10:14 114688 ----a-w- c:\documents and settings\Steven\Application Data\Mozilla\Firefox\Profiles\1jdtqz0b.default\extensions\{b921a072-09a1-4d62-adc4-339176a59f90}\components\npmozax.dll 2009-08-17 08:44 . 2009-08-17 08:44 152576 ----a-w- c:\documents and settings\Steven\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-08-16 23:08 . 2009-08-16 23:08 -------- d-----w- c:\documents and settings\Steven\Local Settings\Application Data\Hole-bi 2009-08-16 23:08 . 2009-08-16 23:08 -------- d-----w- c:\program files\Conduit 2009-08-16 23:08 . 2009-08-16 23:08 -------- d-----w- c:\documents and settings\Steven\Local Settings\Application Data\Conduit 2009-08-16 23:08 . 2009-08-17 09:18 -------- d-----w- c:\program files\Hole-bi 2009-08-15 14:42 . 2009-08-16 09:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-15 14:24 . 2009-08-19 10:39 -------- d--h--r- c:\documents and settings\Dennis\Onlangs geopend 2009-08-15 09:07 . 2009-08-15 09:07 -------- d-----w- c:\documents and settings\All Users\Application Data\TreeCardGames 2009-08-15 09:07 . 2009-08-15 09:09 -------- d-----w- c:\program files\MahJong Suite 2009-08-13 18:34 . 2009-08-14 19:37 -------- d-----w- c:\documents and settings\Steven\Application Data\Winamp 2009-08-13 18:34 . 2009-08-13 18:35 -------- d-----w- c:\program files\Winamp 2009-08-12 20:54 . 2009-08-12 20:54 -------- d-----w- c:\windows\system32\wbem\Repository 2009-08-12 18:19 . 2009-08-12 18:20 -------- d-----w- c:\documents and settings\Steven\Application Data\NeroDCTemplates 2009-08-12 13:24 . 2009-08-12 13:24 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-08-12 07:52 . 2009-07-10 13:31 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-11 21:42 . 2009-08-11 21:42 -------- d-----w- c:\documents and settings\Steven\Application Data\MOVAVI 2009-08-11 15:40 . 2009-08-11 15:40 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio 2009-08-11 15:40 . 2009-08-11 15:40 -------- d-----w- c:\documents and settings\Steven\Application Data\Roxio 2009-08-11 15:16 . 2009-08-11 15:16 -------- d-----w- c:\documents and settings\Steven\Application Data\Blackberry Desktop 2009-08-11 14:58 . 2009-08-11 15:52 256 ----a-w- c:\windows\system32\pool.bin 2009-08-11 14:58 . 2009-08-11 14:58 -------- d-----w- c:\documents and settings\Steven\Application Data\Research In Motion 2009-08-11 14:53 . 2009-08-12 21:16 -------- d-----w- c:\program files\Google 2009-08-11 14:26 . 2009-08-12 13:07 -------- d-----w- c:\documents and settings\Steven\Application Data\vlc 2009-08-05 07:37 . 2009-08-05 07:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic 2009-08-05 07:34 . 2009-08-05 07:34 -------- d-----w- c:\program files\Common Files\Sonic Shared 2009-08-05 07:34 . 2009-08-05 07:35 -------- d-----w- c:\program files\Roxio 2009-08-05 07:34 . 2009-08-05 07:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio 2009-08-05 07:30 . 2009-08-05 07:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion 2009-08-05 07:29 . 2009-01-09 14:18 27136 ----a-r- c:\windows\system32\drivers\RimSerial.sys 2009-08-05 07:29 . 2009-08-05 07:29 -------- d-----w- c:\program files\Common Files\Roxio Shared 2009-08-05 07:28 . 2009-08-05 07:29 -------- d-----w- c:\program files\Common Files\Research In Motion 2009-08-05 07:28 . 2009-08-05 07:30 -------- d-----w- c:\program files\Research In Motion . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-20 23:44 . 2006-12-25 12:41 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-08-20 23:39 . 2009-08-20 23:39 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2009-08-20 23:39 . 2009-08-20 23:39 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2009-08-20 23:39 . 2009-08-20 23:39 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2009-08-20 23:39 . 2009-08-20 23:39 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2009-08-20 23:39 . 2009-08-20 23:39 -------- d-----w- c:\program files\Symantec 2009-08-20 23:39 . 2009-08-20 23:39 35888 ----a-r- c:\windows\system32\drivers\SymIM.sys 2009-08-20 23:39 . 2009-08-20 23:39 1294680 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll 2009-08-20 23:39 . 2009-08-20 23:39 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll 2009-08-20 23:39 . 2009-08-20 23:39 288104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CPDOEM\CPDOEM.dll 2009-08-20 23:39 . 2009-08-20 23:39 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll 2009-08-20 22:46 . 2007-04-15 19:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-08-18 13:25 . 2007-06-25 09:15 130400 ----a-w- c:\documents and settings\Ouders\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-18 13:03 . 2006-12-02 09:59 -------- d-----w- c:\documents and settings\Steven\Application Data\LimeWire 2009-08-18 09:12 . 2006-04-10 12:00 89818 ----a-w- c:\windows\system32\perfc013.dat 2009-08-18 09:12 . 2006-04-10 12:00 506964 ----a-w- c:\windows\system32\perfh013.dat 2009-08-18 08:55 . 2006-11-30 11:22 130400 ----a-w- c:\documents and settings\Steven\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-17 17:45 . 2009-01-06 16:12 -------- d-----w- c:\documents and settings\Ouders\Application Data\MahJong Suite 2009-08-17 12:12 . 2009-03-07 13:51 -------- d-----w- c:\program files\Microsoft 2009-08-17 08:45 . 2006-10-30 10:32 -------- d-----w- c:\program files\Java 2009-08-13 19:17 . 2008-08-27 10:53 -------- d-----w- c:\program files\Netlog Music Tool 2009-08-11 14:56 . 2006-10-30 11:23 -------- d-----w- c:\program files\DivX 2009-08-11 14:55 . 2009-03-29 13:43 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-08-05 09:01 . 2006-04-10 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-05 08:46 . 2007-01-27 18:20 -------- d-----w- c:\program files\PKR 2009-08-05 07:04 . 2008-10-17 20:52 -------- d-----w- c:\program files\Common Files\Nokia 2009-08-01 08:22 . 2007-12-22 17:14 -------- d-----w- c:\program files\Microsoft Silverlight 2009-07-25 03:23 . 2009-03-06 11:43 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-19 20:51 . 2009-07-19 20:51 766 ----a-r- c:\documents and settings\Steven\Application Data\Microsoft\Installer\{E89B484C-B913-49A0-959B-89E836001658}\ARPPRODUCTICON.exe 2009-07-19 20:05 . 2009-04-29 19:00 -------- d-----w- c:\program files\VideoLAN 2009-07-17 19:04 . 2006-04-10 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2006-04-10 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-11 23:15 . 2009-08-20 23:39 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys 2009-07-11 23:15 . 2009-08-20 23:39 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys 2009-07-11 23:15 . 2009-08-20 23:39 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys 2009-07-11 23:15 . 2009-08-20 23:39 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll 2009-07-11 23:15 . 2009-08-20 23:39 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll 2009-07-10 08:37 . 2008-01-18 16:12 -------- d-----w- c:\documents and settings\Steven\Application Data\U3 2009-07-10 07:04 . 2008-10-17 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations 2009-07-10 07:03 . 2009-07-10 07:03 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe 2009-07-10 07:03 . 2009-07-10 07:03 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe 2009-07-10 07:03 . 2009-07-10 07:03 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe 2009-07-10 07:03 . 2009-07-10 07:03 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe 2009-07-10 07:03 . 2009-07-10 07:04 33700216 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_dut.exe 2009-07-04 13:07 . 2009-04-01 21:14 -------- d-----w- c:\documents and settings\Steven\Application Data\DivX 2009-07-03 17:00 . 2006-04-10 12:00 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 11:05 . 2008-09-07 19:55 -------- d-----w- c:\program files\VDOWNLOADER 2009-06-25 08:27 . 2006-04-10 12:00 735232 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:27 . 2006-04-10 12:00 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:27 . 2006-04-10 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:27 . 2006-04-10 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-25 08:27 . 2006-04-10 12:00 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:27 . 2006-04-10 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-24 19:21 . 2008-10-17 20:53 -------- d-----w- c:\documents and settings\Steven\Application Data\Nokia 2009-06-24 19:12 . 2009-06-24 19:12 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\pcswpcsi.exe 2009-06-24 19:12 . 2009-06-24 19:12 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstCCD.exe 2009-06-24 19:12 . 2009-06-24 19:12 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCSFEMsi.exe 2009-06-24 19:12 . 2009-06-24 19:12 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCS.exe 2009-06-24 19:11 . 2009-06-24 19:12 33846448 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Nokia_PC_Suite_7_1_30_8_dut.exe 2009-06-24 11:18 . 2006-04-10 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-23 13:54 . 2009-03-15 18:04 -------- d-----w- c:\documents and settings\Steven\Application Data\WhatPulse 2009-06-23 13:50 . 2008-05-01 07:57 -------- d-----w- c:\program files\Movie DVD Maker 2009-06-23 13:50 . 2006-11-30 15:47 -------- d-----w- c:\program files\WhatPulse 2009-06-23 13:50 . 2006-10-30 13:48 -------- d-----w- c:\program files\MSN Messenger 2009-06-23 13:22 . 2009-06-23 13:22 1529 ----a-w- c:\documents and settings\Steven\Application Data\iolo\restore.bat 2009-06-23 12:58 . 2009-06-23 12:06 -------- d-----w- c:\documents and settings\Steven\Application Data\iolo 2009-06-23 12:58 . 2009-06-23 12:06 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo 2009-06-23 12:21 . 2009-06-23 12:21 -------- d-----w- c:\documents and settings\LocalService\Application Data\iolo 2009-06-17 10:33 . 2009-06-17 10:33 10134 ----a-r- c:\documents and settings\Steven\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe 2009-06-16 14:40 . 2006-04-10 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:40 . 2006-04-10 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 10:45 . 2006-04-10 12:00 82432 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-15 10:45 . 2006-04-10 12:00 79872 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:16 . 2006-04-10 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 07:22 . 2006-09-27 15:23 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:16 . 2006-04-10 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-05 10:38 . 2009-06-05 10:38 22486 ----a-r- c:\documents and settings\Steven\Application Data\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe 2009-06-03 19:11 . 2006-04-10 12:00 1295360 ----a-w- c:\windows\system32\quartz.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2006-10-30 11:23 . 2006-10-30 11:23 8 --sh--r- c:\windows\system32\6B8972DCC0.sys 2002-04-16 10:27 . 2002-04-16 10:27 5 --sha-w- c:\windows\system32\CdI5T.drv 2006-10-30 11:23 . 2006-10-30 11:23 4704 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{b921a072-09a1-4d62-adc4-339176a59f90}"= "c:\program files\Hole-bi\tbHol0.dll" [2009-07-15 2224152] [HKEY_CLASSES_ROOT\clsid\{b921a072-09a1-4d62-adc4-339176a59f90}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b921a072-09a1-4d62-adc4-339176a59f90}] 2009-07-15 08:09 2224152 ----a-w- c:\program files\Hole-bi\tbHol0.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{b921a072-09a1-4d62-adc4-339176a59f90}"= "c:\program files\Hole-bi\tbHol0.dll" [2009-07-15 2224152] [HKEY_CLASSES_ROOT\clsid\{b921a072-09a1-4d62-adc4-339176a59f90}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{B921A072-09A1-4D62-ADC4-339176A59F90}"= "c:\program files\Hole-bi\tbHol0.dll" [2009-07-15 2224152] [HKEY_CLASSES_ROOT\clsid\{b921a072-09a1-4d62-adc4-339176a59f90}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WhatPulse"="c:\program files\WhatPulse\WhatPulse.exe" [2009-03-12 2763264] "Netlog Music Tool"="c:\program files\Netlog Music Tool\NetlogMusicTool.exe" [2009-08-13 1728456] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440] "msnmgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-04-27 3885408] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240] "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-10-07 75048] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-11-07 17421824] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Dennis\Menu Start\Programma's\Opstarten\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="c:\windows\system32\logonui.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^BTTray.lnk] backup=c:\windows\pss\BTTray.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Steven^Menu Start^Programma's^Opstarten^BTTray.lnk] backup=c:\windows\pss\BTTray.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "PnkBstrA"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] ""= [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\FileZilla\\FileZilla.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "j:\\World of Warcraft\\BackgroundDownloader.exe"= "j:\\World of Warcraft\\Repair.exe"= "j:\\Curse\\CurseClient.exe"= "j:\\World of Warcraft\\Launcher.exe"= "j:\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= "j:\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "5353:TCP"= 5353:TCP:Adobe CSI CS4 "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [01/07/2009 23:39 20744] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [01/31/2009 22:47 64160] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1000000.07D\SymEFA.sys [08/21/2009 1:39 309296] R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [06/30/2008 15:12 16896] R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [06/30/2008 15:12 53248] R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [10/30/2006 11:48 17920] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1000000.07D\BHDrvx86.sys [08/21/2009 1:39 254512] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1000000.07D\ccHPx86.sys [08/21/2009 1:39 362544] R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [02/24/2008 15:19 3026] R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys [08/21/2009 1:43 276344] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [10/07/2008 21:31 61424] R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe [08/21/2009 1:39 115560] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [04/08/2009 12:38 92008] R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [07/07/2007 15:46 6852] R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [03/30/2009 16:28 1533808] R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [12/15/2008 16:49 89600] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [08/20/2009 10:00 101936] R3 VMHybrid;VMHybrid service;c:\windows\system32\drivers\VMHybrid.sys [09/21/2008 16:34 1059072] R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [10/30/2006 11:22 7040] S3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [10/30/2006 11:14 674048] S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [03/22/2008 21:14 16512] S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [12/07/2008 12:44 30088] S3 ETDrv;ETDrv;c:\windows\system32\drivers\ETDrv.sys [01/02/2007 23:11 185280] S3 getPlus(R) Helper;getPlus(R) Helper; [x] S3 gtermddo;gtermddo;\??\c:\docume~1\Steven\LOCALS~1\Temp\gtermddo.sys --> c:\docume~1\Steven\LOCALS~1\Temp\gtermddo.sys [?] S3 gwiopm;gwiopm;\??\c:\program files\My Drivers\gwiopm.sys --> c:\program files\My Drivers\gwiopm.sys [?] S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [07/02/2008 14:58 26248] S3 MarkFun_NT;MarkFun_NT; [x] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys --> c:\windows\system32\drivers\nmwcdnsu.sys [?] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys --> c:\windows\system32\drivers\nmwcdnsuc.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Inhoud van de 'Gedeelde Taken' map 2009-08-20 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] 2009-08-21 c:\windows\Tasks\User_Feed_Synchronization-{514EDE84-5471-4002-90C1-39AD4566C524}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2376665 uInternet Connection Wizard,ShellNext = hxxp://www.aldi.com/ IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Verzenden naar &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Visit in &3D using ExitReality - http://3d.exitreality.com/TransmogrifyPage.htm DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab DPF: {C9A703E2-3145-11D8-813C-005022E14DE2} - hxxp://img.lnm.eu/qtid.com/client/en/MessengerInstaller.cab DPF: {CC3910E0-1518-4E76-8921-9400C8AA9B50} - hxxp://img.lnm.eu/qtid.com/client/nl/GayIdClientInstaller.cab FF - ProfilePath - c:\documents and settings\Steven\Application Data\Mozilla\Firefox\Profiles\1jdtqz0b.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2376665&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Hole-bi Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ig?hl=nl&source=iglk FF - prefs.js: keyword.URL - about:neterror?e=query&u= FF - component: c:\documents and settings\Steven\Application Data\Mozilla\Firefox\Profiles\1jdtqz0b.default\extensions\{b921a072-09a1-4d62-adc4-339176a59f90}\components\FFExternalAlert.dll FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-connections-per-server - 8 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.notify.interval - 600000 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: content.switch.threshold - 600000 c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . . ------- Bestandsassociaties ------- . JSEFile=NOTEPAD.EXE %1 VBEFile=NOTEPAD.EXE %1 VBSFile=NOTEPAD.EXE %1 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-21 17:37 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Norton AntiVirus] "ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.0.0.125\diMaster.dll\" /prefetch:1" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-316890845-3734499880-1621737851-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1ED8954A-D165-2161-A9C7-A26641CE5CBD}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "iaeckpmhhkmilhdibe"=hex:6b,61,68,66,62,61,6a,6f,65,63,6a,67,68,68,69,66,68,6e, 63,64,65,6e,00,00 "hakbmmndikpkeaam"=hex:6b,61,67,66,6f,6a,61,68,6f,67,62,6c,69,62,6c,67,6f,6b, 66,63,6e,6f,00,00 [HKEY_USERS\S-1-5-21-316890845-3734499880-1621737851-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:05,70,1d,17,55,3b,6f,d9,be,ac,ef,90,60,c5,65,e9,c2,ef,55,28,a0,27,db, 2e,41,f5,bb,33,17,e0,76,8b,30,d4,45,63,82,10,58,aa,65,ea,25,d9,fd,b7,c1,a6,\ "??"=hex:2f,b6,6f,45,ee,e2,ec,0a,29,d5,69,d3,55,fd,2c,18 [HKEY_USERS\S-1-5-21-316890845-3734499880-1621737851-1006\Software\SecuROM\License information*] "datasecu"=hex:40,05,9e,61,f2,74,0c,53,9a,45,0c,d6,54,aa,b0,99,6d,49,ab,2f,e5, 2b,eb,44,85,6a,54,9b,5f,b8,b5,2d,8a,21,c6,87,5f,71,62,e8,eb,8d,53,5c,c4,a0,\ "rkeysecu"=hex:64,46,02,59,a2,0b,75,f1,41,39,0b,19,52,ae,f0,d6 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(1904) c:\windows\system32\Ati2evxx.dll c:\windows\system32\WRLogonNTF.dll . Voltooingstijd: 2009-08-21 17:42 ComboFix-quarantined-files.txt 2009-08-21 15:42 ComboFix2.txt 2009-08-16 20:45 Pre-Run: 231.323.525.120 bytes beschikbaar Post-Run: 231.495.389.184 bytes beschikbaar Current=3 Default=3 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5 409 --- E O F --- 2009-08-17 23:31