ComboFix 09-09-29.04 - Jessi 30-09-2009 15:00.1.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.3069.2006 [GMT 2:00] Gestart vanuit: c:\users\Jessi\Desktop\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt * Aanwezig AV is actief . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Common Files\alg.exe c:\windows\Installer\WMEncoder.msi . (((((((((((((((((((( Bestanden Gemaakt van 2009-08-28 to 2009-09-30 )))))))))))))))))))))))))))))) . 2009-09-30 13:07 . 2009-09-30 13:07 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-09-24 14:32 . 2009-09-24 14:47 -------- d-----w- c:\program files\VFWorks 2009-09-22 15:03 . 2009-09-22 15:03 -------- d-----w- c:\users\Jessi\AppData\Local\Nero 2009-09-20 19:42 . 2009-09-21 10:39 -------- d-----w- c:\programdata\Electronic Arts 2009-09-20 16:17 . 2009-09-20 16:17 -------- d-----w- c:\program files\Ask.com 2009-09-20 16:15 . 2009-09-27 19:26 -------- d-----w- c:\users\Jessi\AppData\Roaming\uTorrent 2009-09-20 08:42 . 2009-09-21 14:29 6944 ----a-w- c:\users\Jessi\AppData\Local\d3d9caps.dat 2009-09-20 01:49 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll 2009-09-20 01:22 . 2009-09-20 01:22 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2009-09-20 01:09 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2009-09-20 01:09 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll 2009-09-20 01:09 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2009-09-20 01:09 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll 2009-09-20 01:09 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe 2009-09-20 01:09 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll 2009-09-20 01:09 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe 2009-09-20 01:03 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll 2009-09-20 01:03 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll 2009-09-20 01:03 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll 2009-09-20 01:03 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll 2009-09-20 01:03 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll 2009-09-20 01:01 . 2009-09-20 01:01 -------- d-----w- c:\program files\MSXML 4.0 2009-09-19 20:47 . 2009-09-19 20:47 -------- d-----w- c:\users\Jessi\AppData\Local\Adobe 2009-09-19 20:44 . 2009-09-29 20:31 -------- d-----w- c:\users\Jessi\Tracing 2009-09-19 16:10 . 2009-09-19 16:10 10134 ----a-r- c:\users\Jessi\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe 2009-09-19 16:10 . 2009-09-19 16:10 -------- d-----w- c:\program files\Microsoft WSE 2009-09-19 16:09 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll 2009-09-19 16:00 . 2009-09-21 10:43 -------- d-----w- c:\program files\Electronic Arts 2009-09-19 15:30 . 2009-09-19 15:30 -------- d-----w- c:\programdata\DAEMON Tools Lite 2009-09-19 15:21 . 2009-09-19 15:21 -------- d-----w- c:\program files\DAEMON Tools Toolbar 2009-09-19 15:21 . 2009-09-19 15:21 -------- d-----w- c:\program files\DAEMON Tools Lite 2009-09-19 15:15 . 2009-09-19 15:15 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-09-19 15:15 . 2009-09-19 15:49 -------- d-----w- c:\users\Jessi\AppData\Roaming\DAEMON Tools Lite 2009-09-19 13:21 . 2009-09-19 13:21 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2009-09-19 13:20 . 2009-09-19 13:20 -------- d-----w- c:\program files\Microsoft 2009-09-19 13:20 . 2009-09-19 13:20 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-09-19 13:19 . 2009-09-19 13:24 -------- d-----w- c:\program files\Windows Live 2009-09-19 13:19 . 2009-09-19 13:19 -------- d-----w- c:\users\Jessi\AppData\Local\Ahead 2009-09-19 13:13 . 2009-09-19 13:13 -------- d-----w- c:\users\Jessi\AppData\Roaming\Nero 2009-09-19 13:07 . 2009-09-19 13:11 -------- d-----w- c:\program files\Common Files\Nero 2009-09-19 13:07 . 2009-09-19 13:07 -------- d-----w- c:\programdata\Nero 2009-09-19 13:07 . 2009-09-19 13:07 -------- d-----w- c:\program files\Nero 2009-09-19 13:06 . 2009-09-19 13:06 -------- d-----w- c:\program files\Common Files\Windows Live 2009-09-19 13:02 . 2009-09-19 13:02 -------- d-----w- c:\program files\Shape Collage 2009-09-19 11:41 . 2009-09-28 20:15 -------- d-----w- c:\users\Jessi\AppData\Roaming\GrabIt 2009-09-19 11:35 . 2009-09-19 12:03 -------- d-----w- c:\program files\FTDv3.8 2009-09-19 11:33 . 2009-09-19 11:33 -------- d-----w- c:\program files\GrabIt 2009-09-19 11:29 . 2009-09-19 11:29 -------- d-----w- c:\program files\SystemRequirementsLab 2009-09-19 11:16 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll 2009-09-19 11:16 . 2008-08-27 01:05 212480 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2009-09-19 11:16 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll 2009-09-19 11:15 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll 2009-09-19 11:15 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys 2009-09-19 11:15 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll 2009-09-19 11:15 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2009-09-19 11:15 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2009-09-19 11:15 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE 2009-09-19 11:15 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe 2009-09-19 11:15 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2009-09-19 11:15 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2009-09-19 11:15 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2009-09-19 11:15 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll 2009-09-19 11:13 . 2007-01-08 08:34 6656 ----a-w- c:\users\Jessi\AppData\Roaming\myphotobook\xtras\localXP.exe 2009-09-19 11:13 . 2007-01-01 16:01 9728 ----a-w- c:\users\Jessi\AppData\Roaming\myphotobook\xtras\localVista.exe 2009-09-19 11:13 . 2006-12-21 11:16 614400 ----a-w- c:\users\Jessi\AppData\Roaming\myphotobook\xtras\Iml32.dll 2009-09-19 11:13 . 2006-12-21 11:16 21504 ----a-w- c:\users\Jessi\AppData\Roaming\myphotobook\xtras\shellExecute.exe 2009-09-19 11:13 . 2006-12-21 11:16 151552 ----a-w- c:\users\Jessi\AppData\Roaming\myphotobook\xtras\Proj.dll 2009-09-19 11:13 . 2006-12-21 11:16 9216 ----a-w- c:\users\Jessi\AppData\Roaming\myphotobook\xtras\sleep.exe 2009-09-19 11:13 . 2006-12-21 11:16 343040 ----a-w- c:\users\Jessi\AppData\Roaming\myphotobook\xtras\msvcrt.dll 2009-09-19 11:13 . 2009-09-19 11:14 -------- d-----w- c:\users\Jessi\AppData\Roaming\myphotobook 2009-09-19 11:13 . 2008-10-22 03:57 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2009-09-19 11:13 . 2006-12-21 11:16 1499136 ----a-w- c:\users\Jessi\AppData\Roaming\myphotobook\xtras\Dirapi.dll 2009-09-19 11:13 . 2008-06-26 01:45 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll 2009-09-19 11:13 . 2008-06-26 01:45 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll 2009-09-19 11:13 . 2008-06-26 03:29 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll 2009-09-19 11:11 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-09-19 11:11 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll 2009-09-19 11:11 . 2008-09-05 05:14 1191936 ----a-w- c:\windows\system32\msxml3.dll 2009-09-19 11:11 . 2008-04-18 05:48 269312 ----a-w- c:\windows\system32\es.dll 2009-09-19 11:11 . 2008-04-10 05:12 738304 ----a-w- c:\windows\system32\inetcomm.dll 2009-09-19 11:11 . 2008-06-26 03:29 303616 ----a-w- c:\windows\system32\wmpeffects.dll 2009-09-19 11:03 . 2008-08-28 03:40 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2009-09-19 11:03 . 2008-08-28 03:37 712704 ----a-w- c:\windows\system32\WindowsCodecs.dll 2009-09-19 11:03 . 2008-08-28 03:37 347648 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2009-09-19 11:02 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-09-19 11:02 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-09-19 11:02 . 2009-09-19 11:02 -------- d-----w- c:\programdata\IsolatedStorage 2009-09-19 11:02 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll 2009-09-19 11:01 . 2008-10-21 05:25 1645568 ----a-w- c:\windows\system32\connect.dll 2009-09-19 10:53 . 2009-09-19 10:53 -------- d-----w- c:\users\Jessi\AppData\Roaming\Toshiba 2009-09-19 10:42 . 2008-10-16 21:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll 2009-09-19 10:42 . 2008-10-16 21:09 51224 ----a-w- c:\windows\system32\wuauclt.exe 2009-09-19 10:42 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll 2009-09-19 10:42 . 2008-10-16 20:56 1524736 ----a-w- c:\windows\system32\wucltux.dll 2009-09-19 10:41 . 2008-10-16 21:12 561688 ----a-w- c:\windows\system32\wuapi.dll 2009-09-19 10:41 . 2008-10-16 21:08 34328 ----a-w- c:\windows\system32\wups.dll 2009-09-19 10:41 . 2008-10-16 20:55 83456 ----a-w- c:\windows\system32\wudriver.dll 2009-09-19 10:41 . 2008-10-16 12:08 162064 ----a-w- c:\windows\system32\wuwebv.dll 2009-09-19 10:41 . 2008-10-16 11:56 31232 ----a-w- c:\windows\system32\wuapp.exe 2009-09-19 10:33 . 2009-09-19 10:33 -------- d-----w- c:\users\Jessi\AppData\Roaming\ATI 2009-09-19 10:33 . 2009-09-19 10:33 -------- d-----w- c:\users\Jessi\AppData\Local\ATI 2009-09-19 10:33 . 2009-09-19 10:33 -------- d-----w- c:\programdata\ATI 2009-09-19 10:33 . 2009-09-19 14:02 -------- d-----w- c:\users\Jessi\AppData\Local\Google 2009-09-19 10:33 . 2009-09-19 10:33 -------- d-----w- c:\users\Jessi\AppData\Local\Toshiba 2009-09-19 10:33 . 2009-09-19 10:33 82720 ----a-w- c:\users\Jessi\AppData\Local\GDIPFONTCACHEV1.DAT 2009-09-19 10:31 . 2008-07-18 16:52 279376 ----a-w- c:\windows\system32\drivers\tos_sps32.sys 2009-09-19 10:31 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll 2009-09-19 10:30 . 2009-09-19 10:31 -------- d-----w- c:\program files\Common Files\Toshiba Shared 2009-09-19 10:29 . 2009-09-19 10:29 -------- d-----w- c:\users\Jessi\AppData\Roaming\InstallShield 2009-09-19 10:26 . 2009-09-19 10:26 -------- d-----w- c:\programdata\ToshibaEurope 2009-09-19 10:22 . 2009-09-19 10:22 -------- d-sh--we c:\users\Default\Sjablonen 2009-09-19 10:22 . 2009-09-19 10:22 -------- d-sh--we c:\users\Default\Netwerkprinteromgeving 2009-09-19 10:22 . 2009-09-19 10:22 -------- d-sh--we c:\users\Default\Mijn documenten 2009-09-19 10:22 . 2009-09-19 10:22 -------- d-sh--we c:\users\Default\Menu Start 2009-09-19 10:22 . 2009-09-19 10:22 -------- d-sh--we c:\users\Default\AppData\Local\Geschiedenis 2009-09-19 10:22 . 2009-09-19 10:22 -------- d-sh--we c:\programdata\Sjablonen 2009-09-19 10:22 . 2009-09-19 10:22 -------- d-sh--we c:\programdata\Menu Start 2009-09-19 10:22 . 2009-09-19 10:22 -------- d-sh--we c:\programdata\Favorieten 2009-09-19 10:22 . 2009-09-19 10:22 -------- d-sh--we c:\programdata\Documenten 2009-09-19 10:22 . 2009-09-19 10:22 -------- d-sh--we c:\programdata\Bureaublad 2009-09-19 09:18 . 2009-09-19 09:18 0 ----a-w- c:\windows\ativpsrm.bin 2009-09-19 09:15 . 2009-09-19 09:15 -------- d-----w- c:\program files\Camera Assistant Software for Toshiba 2009-09-19 09:15 . 2008-07-15 17:59 17960 ----a-w- c:\windows\system32\drivers\UVCFTR_S.SYS 2009-09-19 09:14 . 2008-04-15 08:05 118784 ----a-w- c:\windows\system32\drivers\Rtlh86.sys 2009-09-19 09:13 . 2009-09-19 09:14 -------- d-----w- c:\program files\ATI Technologies . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-30 12:39 . 2008-01-21 06:47 667352 ----a-w- c:\windows\system32\perfh013.dat 2009-09-30 12:39 . 2008-01-21 06:47 126854 ----a-w- c:\windows\system32\perfc013.dat 2009-09-27 11:46 . 2009-09-27 11:46 -------- d-----w- c:\program files\uTorrent 2009-09-25 09:57 . 2008-07-01 15:08 -------- d-----w- c:\program files\Common Files\Adobe 2009-09-21 10:43 . 2008-07-01 14:36 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-21 09:25 . 2008-07-01 15:05 -------- d-----w- c:\program files\McAfee 2009-09-20 18:38 . 2008-07-01 15:05 -------- d-----w- c:\programdata\McAfee 2009-09-20 01:57 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-09-20 01:42 . 2008-07-01 15:15 -------- d-----w- c:\program files\Microsoft Works 2009-09-20 01:33 . 2008-07-01 15:14 -------- d-----w- c:\programdata\Microsoft Help 2009-09-19 11:13 . 2009-09-19 11:13 0 ----a-w- c:\users\Jessi\AppData\Roaming\wklnhst.dat 2009-09-19 11:08 . 2008-07-01 15:10 -------- d-----w- c:\program files\Picasa2 2009-09-19 10:53 . 2008-07-01 15:09 -------- d-----w- c:\program files\Google 2009-09-19 10:33 . 2009-09-19 10:31 -------- d-----w- c:\programdata\Atheros 2009-09-19 10:33 . 2009-09-19 10:33 -------- d-----w- c:\program files\Jumpstart 2009-09-19 10:32 . 2009-09-19 10:31 -------- d-----w- c:\program files\Atheros 2009-09-19 10:30 . 2008-07-01 14:57 -------- d-----w- c:\programdata\Toshiba 2009-09-19 10:30 . 2008-07-01 14:45 -------- d-----w- c:\program files\Toshiba 2009-09-19 09:20 . 2009-09-19 09:20 0 --sha-r- c:\windows\system32\drivers\TOSHIBA_Satellite A300_08771-DU_PSAGCE-0KG00.MRK 2009-09-19 09:14 . 2008-08-08 08:50 -------- d-----w- c:\program files\Realtek 2009-09-19 09:13 . 2008-07-01 14:25 -------- d-----w- c:\program files\Intel 2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll 2009-07-18 16:06 . 2009-09-19 11:12 827904 ----a-w- c:\windows\system32\wininet.dll 2009-07-18 16:01 . 2009-09-19 11:12 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-07-18 09:46 . 2009-09-19 11:12 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2009-07-17 14:35 . 2009-09-19 11:12 71680 ----a-w- c:\windows\system32\atl.dll 2009-07-16 10:32 . 2008-07-01 15:05 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys 2009-07-14 13:00 . 2009-09-19 11:04 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-14 12:59 . 2009-09-19 11:04 4096 ----a-w- c:\windows\system32\dxmasf.dll 2009-07-14 12:58 . 2009-09-19 11:04 7680 ----a-w- c:\windows\system32\spwmp.dll 2009-07-14 10:59 . 2009-09-19 11:04 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-07-11 19:32 . 2009-09-19 11:14 302592 ----a-w- c:\windows\system32\wlansec.dll 2009-07-11 19:32 . 2009-09-19 11:14 293376 ----a-w- c:\windows\system32\wlanmsm.dll 2009-07-11 19:32 . 2009-09-19 11:14 513024 ----a-w- c:\windows\system32\wlansvc.dll 2009-07-11 19:29 . 2009-09-19 11:14 127488 ----a-w- c:\windows\system32\L2SecHC.dll 2009-07-10 11:24 . 2009-07-10 11:24 307568 ----a-w- c:\windows\WLXPGSS.SCR 2009-07-08 11:44 . 2008-07-01 15:05 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2009-07-08 11:44 . 2008-07-01 15:05 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2009-07-08 11:44 . 2008-07-01 15:05 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2009-07-08 11:44 . 2008-07-01 15:05 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2009-07-08 11:43 . 2008-07-01 15:05 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}] 2008-07-01 15:10 157168 ----a-w- c:\programdata\Partner\partner.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2009-09-02 12:56 1175944 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-01 68856] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "WindowsUpdateService"="c:\users\Jessi\AppData\Roaming\WinUpdateService.exe" [2006-03-14 299008] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-09 645328] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-01 29744] "Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480] "Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-04-24 103824] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-09-26 417792] "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456] "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800] "Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352] "NDSTray.exe"="NDSTray.exe" [BU] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-08 6037504] c:\users\Jessi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{0512B10A-23F9-4209-B6F7-17E5098B20FC}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent "{77B7846D-B31C-48F1-BC7C-A617E04AAE3D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{683280AF-84C2-4B19-A42F-A27DDBE40281}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{5BB9960C-1385-4D5E-98E9-F87D00C382D3}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync "{2F04EB71-3AF0-4153-AF5C-B211D06E8F01}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{837C3BC9-D359-48FC-A319-C6D66124798E}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\System32\drivers\jswpslwf.sys [19-9-2009 12:33 20384] R2 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [17-4-2008 0:19 40960] R2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [24-4-2008 10:21 99720] R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\Toshiba\SMARTLogService\TosIPCSrv.exe [3-12-2007 17:03 126976] R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [1-7-2008 16:54 7168] R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [25-8-2008 9:58 77824] S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1-7-2008 17:10 29744] S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [19-9-2009 12:33 954368] S3 Partner Service;Partner Service;c:\programdata\Partner\partner.exe [1-7-2008 17:10 110576] . Inhoud van de 'Gedeelde Taken' map 2008-08-08 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-20 19:26] 2008-08-08 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-20 19:26] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?NL IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home . - - - - ORPHANS VERWIJDERD - - - - HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe HKLM-Run-ITSecMng - c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe HKLM-Run-jswtrayutil - c:\program files\Jumpstart\jswtrayutil.exe HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-30 15:08 Windows 6.0.6001 Service Pack 1 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????????*???P?y?x?y???y???y?? scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Voltooingstijd: 2009-09-30 15:10 ComboFix-quarantined-files.txt 2009-09-30 13:10 Pre-Run: 25.746.276.352 bytes beschikbaar Post-Run: 32.514.551.808 bytes beschikbaar 331 --- E O F --- 2009-09-23 07:19