ComboFix 08-03-21.1 - ferla 2008-03-22 9:34:17.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1986 [GMT 1:00] Gestart vanuit: C:\Users\ferla\Desktop\ComboFix.exe . (((((((((((((((((((( Bestanden Gemaakt van 2008-02-22 to 2008-03-22 )))))))))))))))))))))))))))))) . 2008-03-22 09:33 . 2008-03-22 09:33 3,631 --a------ C:\66AE.tmp 2008-03-21 20:54 . 2008-03-21 20:54 3,631 --a------ C:\BB43.tmp 2008-03-21 17:04 . 2008-03-21 17:04 d-------- C:\Program Files\Trend Micro 2008-03-21 11:58 . 2008-03-21 12:37 d-------- C:\Program Files\a-squared Free 2008-03-21 03:13 . 2008-03-22 09:21 54,156 --ah----- C:\Windows\QTFont.qfn 2008-03-21 03:13 . 2008-03-21 03:13 1,409 --a------ C:\Windows\QTFont.for 2008-03-21 02:25 . 2008-03-21 02:32 d-------- C:\Windows\Omniquad Total Security 2008-03-21 02:25 . 2008-03-21 02:25 76 --a------ C:\Windows\winomnifile.dat 2008-03-21 00:03 . 2008-03-20 22:06 266,240 --a------ C:\Windows\bokpkov.dll 2008-03-21 00:03 . 2008-03-20 22:06 241,664 --a------ C:\Windows\altvxvm.dll 2008-03-20 23:31 . 1999-08-31 16:55 164,112 --a------ C:\Windows\system\Olepro32.dll 2008-03-20 23:31 . 2001-02-17 15:33 17,920 --a------ C:\Windows\system\Stdole2.tlb 2008-03-20 23:27 . 1997-11-19 15:49 303,616 --a------ C:\Windows\IsUninst.exe 2008-03-20 23:11 . 2008-03-20 23:12 d-------- C:\Windows\uninstall\Tri-Towers 2008-03-20 23:11 . 2008-03-20 23:11 d-------- C:\Windows\uninstall 2008-03-20 20:34 . 2008-03-20 20:34 d-------- C:\Program Files\Free Audio Pack 2008-03-20 20:34 . 1998-06-16 23:00 516,173 --a------ C:\Windows\System32\MSVCP60D.DLL 2008-03-20 20:34 . 1998-06-16 23:00 385,100 --a------ C:\Windows\System32\MSVCRTD.DLL 2008-03-20 20:34 . 2000-11-29 02:07 307,200 --a------ C:\Windows\System32\msvcr70.dll 2008-03-20 20:34 . 2004-03-08 23:00 224,016 --a------ C:\Windows\System32\TABCTL32.OCX 2008-03-20 20:34 . 1998-07-12 23:00 141,312 --a------ C:\Windows\System32\MSCMCFR.DLL 2008-03-20 20:34 . 2000-10-01 19:00 119,568 --a------ C:\Windows\System32\VB6FR.DLL 2008-03-20 20:34 . 1999-03-25 19:00 101,888 --a------ C:\Windows\System32\VB6STKIT.DLL 2008-03-20 20:34 . 1998-07-12 23:00 59,904 --a------ C:\Windows\System32\Mscc2fr.dll 2008-03-20 20:34 . 1998-07-12 19:00 32,768 --a------ C:\Windows\System32\CMDLGFR.DLL 2008-03-20 20:34 . 1998-07-12 23:00 21,504 --a------ C:\Windows\System32\TABCTFR.DLL 2008-03-20 20:11 . 2008-03-20 20:11 d-------- C:\Users\ferla\AppData\Roaming\CDBurnerXP_Soft 2008-03-20 13:07 . 2008-03-20 13:07 d-------- C:\Users\ferla\AppData\Roaming\Acoustica 2008-03-20 13:07 . 2002-11-05 15:16 57,344 --a------ C:\Windows\System32\Wnaspint.dll 2008-03-19 14:59 . 2008-03-19 14:59 d-------- C:\Users\ferla\AppData\Roaming\Logitech 2008-03-19 14:59 . 2008-03-19 14:59 d-------- C:\Users\All Users\LogiShrd 2008-03-19 14:58 . 2008-03-19 14:58 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf 2008-03-19 14:58 . 2008-03-19 14:58 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-03-19 14:56 . 2008-03-19 14:56 d-------- C:\Users\All Users\Logitech 2008-03-19 14:56 . 2008-03-19 14:57 d-------- C:\Program Files\Common Files\Logishrd 2008-03-19 14:56 . 2008-01-09 12:26 301,656 --a------ C:\Windows\System32\BtCoreIf.dll 2008-03-19 14:56 . 2008-01-09 12:27 170,512 --a------ C:\Windows\System32\kemutb.dll 2008-03-19 14:56 . 2008-01-09 12:28 141,840 --a------ C:\Windows\System32\KemUtil.dll 2008-03-19 14:56 . 2008-01-09 12:28 117,264 --a------ C:\Windows\System32\KemWnd.dll 2008-03-19 14:56 . 2008-01-09 12:28 76,304 --a------ C:\Windows\System32\KemXML.dll 2008-03-16 02:38 . 2008-03-16 02:38 d-------- C:\Program Files\BitLord 2008-03-16 02:18 . 2008-03-16 02:55 d-------- C:\Windows\Downloaded Installations 2008-03-16 02:04 . 2008-03-16 02:05 d-------- C:\Program Files\Total Video Converter 2008-03-16 00:47 . 2008-03-16 00:47 d-------- C:\Program Files\Zattoo 2008-03-14 16:35 . 2008-03-14 16:35 25 --a------ C:\Windows\cdplayer.ini 2008-03-14 16:33 . 2008-03-14 16:33 d-------- C:\Program Files\Real 2008-03-14 16:33 . 2008-03-14 16:33 d-------- C:\Program Files\Common Files\xing shared 2008-03-14 16:33 . 2008-03-14 16:33 d-------- C:\Program Files\Common Files\Real 2008-03-14 10:08 . 2008-03-14 10:08 d-------- C:\Users\ferla\AppData\Roaming\PCTV4Me 2008-03-14 10:08 . 2008-03-14 10:08 d-------- C:\Program Files\PCTV4Me 2008-03-13 17:21 . 2008-03-13 17:22 d-------- C:\Program Files\WinZip Self-Extractor 2008-03-13 15:03 . 2008-03-13 16:53 d-------- C:\Users\ferla\AppData\Roaming\Azureus 2008-03-12 23:04 . 2008-03-12 23:04 1 --a------ C:\Windows\System32\sav86032.sys 2008-03-12 22:50 . 2008-03-12 22:50 d-------- C:\Windows\System32\3-D_Sea_Turtle_Paradise_Demo dir 2008-03-12 22:50 . 2008-03-12 22:50 520,192 --a------ C:\Windows\System32\3-D_Sea_Turtle_Paradise_Demo.scr 2008-03-12 22:16 . 2005-09-29 14:55 69,632 --a------ C:\Windows\System32\FreezeScreenSaver.exe 2008-03-12 20:41 . 2008-03-12 23:04 60,763 --a------ C:\lma_log.html 2008-03-12 20:40 . 2008-03-22 09:12 6,630 --a------ C:\log.html 2008-03-12 20:34 . 2008-03-12 20:34 d-------- C:\Users\All Users\Laconic Software 2008-03-12 20:34 . 2008-03-12 20:34 d-------- C:\Program Files\Free Fire Screensaver 2008-03-12 17:21 . 2008-03-21 12:38 d-------- C:\Program Files\Freeze.com 2008-03-12 10:36 . 2007-12-16 23:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys 2008-03-12 10:36 . 2007-12-16 10:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys 2008-03-09 04:25 . 2008-03-09 04:25 d-------- C:\Users\ferla\AppData\Roaming\Leadertech 2008-03-09 03:38 . 2008-03-21 12:37 d-------- C:\Program Files\UltraISO 2008-03-09 03:38 . 2008-03-09 04:35 d-------- C:\Program Files\Common Files\EZB Systems 2008-03-09 02:07 . 2008-03-09 02:07 d-------- C:\Users\ferla\AppData\Roaming\Download Manager 2008-03-08 22:13 . 2008-03-08 22:13 720,896 --a------ C:\Windows\iun6002.exe 2008-03-07 16:13 . 2008-03-07 16:13 d-------- C:\Program Files\Pcsx2_0.9.4 2008-03-05 15:19 . 2008-03-05 15:19 716,272 --a------ C:\Windows\System32\drivers\sptd.sys 2008-03-05 00:19 . 2008-03-09 01:05 d-------- C:\Program Files\MotoGP 2008-03-04 21:07 . 2008-03-04 21:11 536 --a------ C:\Windows\_delis32.ini 2008-03-04 21:06 . 1998-10-09 15:36 327,168 --a------ C:\Windows\IsUn0413.exe 2008-03-04 11:25 . 2008-03-04 11:25 2,560 --a------ C:\Windows\_MSRSTRT.EXE 2008-03-04 00:19 . 2008-03-04 00:19 d-------- C:\Program Files\BearShare Applications 2008-03-04 00:07 . 2006-11-12 11:39 483,328 --a------ C:\Windows\System32\actskn45.ocx 2008-03-03 22:34 . 2008-03-20 20:10 d-------- C:\Program Files\CDBurnerXP 2008-03-02 10:42 . 2008-03-02 10:42 d-------- C:\Users\All Users\Apple Computer 2008-03-02 10:42 . 2008-03-02 11:18 d-------- C:\Program Files\QuickTime Alternative 2008-03-02 10:42 . 2008-01-31 23:13 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx 2008-03-02 10:42 . 2008-01-31 23:13 57,344 --a------ C:\Windows\System32\QuickTime.qts 2008-03-02 10:20 . 2008-03-13 17:19 d-------- C:\Users\All Users\WinZip 2008-02-28 15:29 . 2008-02-28 15:29 d-------- C:\Windows\Samsung 2008-02-28 15:29 . 2007-01-22 15:35 466,944 --a------ C:\Windows\ssndii.exe 2008-02-28 15:27 . 2006-12-08 01:49 11,502 --------- C:\Windows\Dr. Printer Icon.ico 2008-02-28 15:25 . 2006-12-09 05:45 22,723 --a------ C:\Windows\System32\sugs2l3.dll 2008-02-28 15:25 . 2006-12-09 05:45 409 --a------ C:\Windows\System32\sugs2l3.smt 2008-02-28 15:24 . 2008-02-28 15:24 d-------- C:\Windows\System32\drivers\Samsung 2008-02-28 15:24 . 2006-12-09 05:44 151,552 --a------ C:\Windows\System32\sugs2ci.exe 2008-02-28 15:24 . 2006-12-09 05:44 65,536 --a------ C:\Windows\System32\sugs2ci.dll 2008-02-28 15:24 . 2006-12-08 01:50 41,984 --------- C:\Windows\System32\drivers\DGIVECP.SYS 2008-02-28 15:24 . 2006-12-08 01:50 5,120 --------- C:\Windows\System32\drivers\SSPORT.SYS 2008-02-28 01:25 . 2008-02-28 01:25 d-------- C:\GAMES 2008-02-27 12:34 . 2008-01-12 18:32 23,904 --a------ C:\Windows\System32\drivers\COH_Mon.sys 2008-02-27 12:34 . 2008-01-15 09:54 10,537 --a------ C:\Windows\System32\drivers\COH_Mon.cat 2008-02-27 12:34 . 2008-01-15 05:28 706 --a------ C:\Windows\System32\drivers\COH_Mon.inf 2008-02-27 02:29 . 2008-02-27 02:30 d-------- C:\Users\ferla\AppData\Roaming\Vso 2008-02-27 02:29 . 2008-02-27 02:29 d-------- C:\Users\All Users\DVDXStudio 2008-02-27 02:29 . 2008-02-27 02:29 d-------- C:\Program Files\CloneDVD 2008-02-27 02:29 . 2008-02-27 02:29 81,920 --a------ C:\Users\ferla\AppData\Roaming\ezpinst.exe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-21 11:37 --------- d-----w C:\Program Files\HarryPotter 2008-03-20 12:20 --------- d-----w C:\Program Files\Elaborate Bytes 2008-03-19 13:56 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-19 13:56 --------- d-----w C:\Program Files\Logitech 2008-03-13 14:24 --------- d-----w C:\Program Files\Java 2008-03-13 05:20 118,784 ----a-w C:\Windows\Web\Wallpaper\Scenic- Night Of Horrors Wallpaper dir\uninstall.exe 2008-03-12 14:03 --------- d-----w C:\Program Files\Windows Mail 2008-03-06 22:28 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-03-04 20:08 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-02 21:40 --------- d-----w C:\Program Files\PopCap Games 2008-02-28 10:00 --------- d-----w C:\Program Files\Norton 360 2008-02-27 11:59 --------- d-----w C:\Program Files\Trickshot 2008-02-27 00:06 --------- d-----w C:\Program Files\MK4 2008-02-26 20:23 --------- d-----w C:\Program Files\Picasa2 2008-02-26 20:06 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF 2008-02-26 20:06 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS 2008-02-26 20:06 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT 2008-02-26 20:06 --------- d-----w C:\Program Files\Symantec 2008-02-26 18:31 --------- d-----w C:\Program Files\Windows Sidebar 2008-02-26 18:01 943,800 ----a-w C:\Windows\System32\winload.exe 2008-02-26 17:58 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-02-26 17:58 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys 2008-02-26 17:58 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-02-26 17:58 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-02-26 17:58 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-02-26 17:58 216,632 ----a-w C:\Windows\system32\drivers\netio.sys 2008-02-26 17:58 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys 2008-02-26 17:58 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys 2008-02-26 17:58 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys 2008-02-26 17:58 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-02-26 17:58 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys 2008-02-26 17:58 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys 2008-02-26 17:57 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-02-26 17:57 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-26 17:57 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-02-26 17:57 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-02-26 17:50 824,832 ----a-w C:\Windows\System32\wininet.dll 2008-02-26 17:50 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-02-26 17:50 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-26 17:50 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-02-26 16:03 --------- d-----w C:\Program Files\Intel 2008-02-26 15:02 32 ----a-w C:\Users\All Users\ezsid.dat 2008-02-25 15:33 --------- d-----w C:\Program Files\Common Files\Logitech 2008-02-25 15:06 --------- d-----w C:\Program Files\Electronic Arts 2008-02-21 20:20 --------- d-----w C:\Program Files\Common Files\Java 2008-02-21 17:20 --------- d-----w C:\Program Files\Parkeerbonnen Monopoly 2008-02-21 01:05 --------- d-----w C:\Program Files\Text 2008-02-21 01:05 --------- d-----w C:\Program Files\Sounds 2008-02-21 01:05 --------- d-----w C:\Program Files\Scenarios 2008-02-21 01:05 --------- d-----w C:\Program Files\redist 2008-02-21 01:05 --------- d-----w C:\Program Files\Art 2008-02-20 00:54 --------- d-----w C:\Program Files\Spiderman 2008-02-19 23:07 --------- d-----w C:\Program Files\Infogrames 2008-02-19 20:03 --------- d-----w C:\Program Files\Duke Nukem - Manhattan Project 2008-02-19 18:29 --------- d-----w C:\Program Files\Bejeweled 2 Deluxe 2008-02-18 17:41 --------- d-----w C:\Program Files\MSXML 4.0 2008-02-18 15:37 --------- d-----w C:\Program Files\MSN Messenger 2008-02-18 15:18 --------- d-----w C:\Program Files\Microsoft.NET 2008-02-18 12:06 --------- d-----w C:\Program Files\Common Files\SupportSoft 2006-03-11 00:57 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((( snapshot@2008-03-21_21.22.40,06 ))))))))))))))))))))))))))))))))))))))))) . - 2008-03-21 20:15:54 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-03-22 08:19:46 67,584 --s-a-w C:\Windows\bootstat.dat - 2008-03-21 20:18:05 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat + 2008-03-22 08:35:09 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat - 2008-03-21 20:18:05 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-03-22 08:21:55 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-03-22 08:21:55 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2008-03-21 20:19:41 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat + 2008-03-22 08:34:23 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat - 2008-03-21 20:18:00 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-03-22 08:21:50 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-03-22 08:21:50 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2008-03-21 20:18:14 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-03-22 08:19:50 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-03-21 20:18:14 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-03-22 08:19:50 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-03-21 20:18:14 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-03-22 08:19:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-03-21 19:56:46 107,614 ----a-w C:\Windows\System32\perfc009.dat + 2008-03-22 08:26:44 107,614 ----a-w C:\Windows\System32\perfc009.dat - 2008-03-21 19:56:46 127,416 ----a-w C:\Windows\System32\perfc013.dat + 2008-03-22 08:26:44 127,416 ----a-w C:\Windows\System32\perfc013.dat - 2008-03-21 19:56:46 618,470 ----a-w C:\Windows\System32\perfh009.dat + 2008-03-22 08:26:44 618,470 ----a-w C:\Windows\System32\perfh009.dat - 2008-03-21 19:56:46 699,276 ----a-w C:\Windows\System32\perfh013.dat + 2008-03-22 08:26:44 699,276 ----a-w C:\Windows\System32\perfh013.dat - 2008-03-21 20:18:29 6,126 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-291037213-2100468392-4013449214-1002_UserData.bin + 2008-03-22 08:22:15 6,166 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-291037213-2100468392-4013449214-1002_UserData.bin - 2008-03-21 20:18:29 57,578 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-03-22 08:22:15 57,642 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-03-21 20:18:25 33,916 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-03-22 08:22:11 34,558 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 14:32 1120568] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-06-08 15:22 23299112] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440] "AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-03-16 22:53 2321600] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-03-11 10:28 1006264] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-20 00:49 861744] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-08-16 21:19 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-08-16 21:19 8478720] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-08-16 21:19 81920] "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 11:40 232184] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-03-11 02:28 227328] "MSPService"="C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe" [2007-06-12 23:36 102400] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816] "toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 17:20 28672] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 13:00 174872] "Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2007-09-25 15:03 93208] "Samsung PanelMgr"="C:\Windows\Samsung\PanelMgr\SSMMgr.exe" [2007-01-02 11:47 520192] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-14 16:33 185896] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\Windows\KHALMNPR.Exe] "CloneCDElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 07:33 45056] "MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 10:45 222208] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-03-04 21:08:33 110592] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-19 14:56:50 789008] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-03-13 17:24:16 118784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "SysSys"= {dbb863cf-74cb-4417-a1b8-28bb4d08183d} - C:\Windows\Installer\{dbb863cf-74cb-4417-a1b8-28bb4d08183d}\SysSys.dll [2008-03-21 00:03 14378] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{A650A783-D2FE-412B-BE02-7D04DB16E429}"= C:\Program Files\CyberLink\MagicSports\MagicSports.exe:CyberLink MagicSports "{B0FF362F-C498-418F-B6B6-3C269B39F3CB}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R0 ElbyVCD;ElbyVCD;C:\Windows\system32\DRIVERS\ElbyVCD.sys [2002-11-28 11:43] R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080314.001\IDSvix86.sys [2008-02-14 02:39] R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 08:34] R2 SSPORT;SSPORT;C:\Windows\system32\Drivers\SSPORT.sys [2006-12-08 01:50] R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-09 22:32] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-10-23 10:24] S4 FreezeScreenSaver;FreezeScreenSaver;C:\Windows\system32\FreezeScreenSaver.exe [2005-09-29 14:55] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] \shell\AutoRun\command - G:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9b3882a-ea99-11dc-af80-001b24e4cbb8}] \shell\AutoRun\command - G:\LaunchU3.exe *Newly Created Service* - COMHOST . Inhoud van de 'Gedeelde Taken' map "2008-03-22 08:30:00 C:\Windows\Tasks\Recovery DVD Creator.job" - C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe "2008-03-22 08:30:00 C:\Windows\Tasks\Uitgebreide garantie.job" - C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-22 09:36:15 Windows 6.0.6000 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-03-22 9:36:50 ComboFix-quarantined-files.txt 2008-03-22 08:36:46 ComboFix2.txt 2008-03-21 20:22:56 . 2008-03-18 19:52:42 --- E O F ---