ComboFix 10-04-08.02 - Vista 09-04-2010 17:00:48.1.1 - x86 Gestart vanuit: c:\users\Vista\Desktop\ComboFix.exe SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-3571811162-4242231129-1306086523-1006 c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500 c:\program files\WinPCap c:\program files\WinPCap\daemon_mgm.exe c:\program files\WinPCap\INSTALL.LOG c:\program files\WinPCap\NetMonInstaller.exe c:\program files\WinPCap\npf_mgm.exe c:\program files\WinPCap\rpcapd.exe c:\program files\WinPCap\Uninstall.exe c:\windows\system32\drivers\npf.sys c:\windows\system32\Packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\WanPacket.dll c:\windows\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_NPF (((((((((((((((((((( Bestanden Gemaakt van 2010-03-09 to 2010-04-09 )))))))))))))))))))))))))))))) . 2010-04-09 15:23 . 2010-04-09 15:34 -------- d-----w- c:\users\Vista\AppData\Local\temp 2010-04-09 15:23 . 2010-04-09 15:23 -------- d-----w- c:\users\userpostgres\AppData\Local\temp 2010-04-09 15:23 . 2010-04-09 15:23 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp 2010-04-09 15:23 . 2010-04-09 15:23 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-04-09 14:49 . 2010-04-09 14:52 -------- d-----w- C:\32788R22FWJFW 2010-04-08 18:10 . 2010-04-08 18:10 -------- d-----w- c:\users\Vista\AppData\Local\CrashDumps 2010-04-08 17:03 . 2010-04-08 17:03 -------- d-----w- c:\users\Vista\AppData\Roaming\Malwarebytes 2010-04-08 17:02 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-08 17:02 . 2010-04-08 17:02 -------- d-----w- c:\programdata\Malwarebytes 2010-04-08 17:02 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-08 17:02 . 2010-04-08 17:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-08 16:07 . 2010-04-08 16:07 -------- d-----w- c:\program files\Trend Micro 2010-04-08 15:55 . 2010-04-09 05:57 -------- d-----w- c:\users\userpostgres\AppData\Local\CrashDumps 2010-04-07 09:58 . 2010-04-07 09:59 -------- d-----w- c:\users\Vista\AppData\Local\Analog Clock 2010-04-07 09:52 . 2010-04-07 09:59 -------- d-----w- c:\users\Vista\AppData\Local\Opera 2010-04-07 09:48 . 2010-04-07 09:50 -------- d-----w- c:\program files\Opera 2010-04-06 19:12 . 2010-04-06 19:11 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2010-04-06 19:11 . 2010-04-07 05:41 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-04-06 19:11 . 2010-04-06 19:12 -------- d-----w- c:\program files\Symantec 2010-04-06 19:02 . 2010-04-07 09:01 -------- d-----w- c:\windows\system32\drivers\NAV 2010-04-06 19:01 . 2010-04-06 19:02 -------- d-----w- c:\program files\Norton AntiVirus 2010-04-06 19:01 . 2010-04-06 19:21 -------- d-----w- c:\programdata\Norton 2010-04-06 18:59 . 2010-04-06 19:01 -------- d-----w- c:\programdata\NortonInstaller 2010-04-06 18:59 . 2010-04-06 18:59 -------- d-----w- c:\program files\NortonInstaller 2010-04-06 14:49 . 2010-04-06 14:49 -------- d-----w- c:\users\Vista\AppData\Roaming\Uniblue 2010-04-06 14:49 . 2010-04-06 14:49 -------- d-----w- c:\program files\Uniblue 2010-04-06 10:42 . 2010-04-06 10:43 -------- d-----w- c:\program files\RocketDock 2010-04-06 10:39 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll 2010-04-06 10:39 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe 2010-04-06 10:39 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2010-04-06 10:39 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll 2010-04-06 10:10 . 2009-08-06 17:23 171608 ----a-w- c:\windows\system32\wuwebv.dll 2010-04-06 10:10 . 2009-08-06 16:44 33792 ----a-w- c:\windows\system32\wuapp.exe 2010-04-02 17:10 . 2010-04-02 17:10 -------- d-----w- c:\users\Vista\AppData\Local\AKSoftware 2010-04-02 12:36 . 2010-04-02 12:38 -------- d-----w- C:\.CombatScape_v5 2010-04-02 09:55 . 2010-04-02 09:55 -------- d-----w- c:\program files\Microsoft 2010-03-26 17:15 . 2010-03-26 17:15 -------- d-----w- c:\users\Vista\AppData\Roaming\TortoiseSVN 2010-03-26 17:07 . 2010-03-26 17:07 -------- d-----w- c:\program files\Common Files\TortoiseOverlays 2010-03-26 17:07 . 2010-03-26 17:07 -------- d-----w- c:\program files\TortoiseSVN 2010-03-22 20:03 . 2010-03-22 20:03 -------- d-----w- c:\users\Vista\AppData\Roaming\TuneUp Software 2010-03-22 19:56 . 2010-03-29 17:36 -------- d-----w- c:\programdata\TuneUp Software 2010-03-22 19:55 . 2010-03-22 19:55 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} 2010-03-20 17:01 . 2010-03-20 17:01 -------- d-----w- c:\program files\Firebird 2010-03-18 18:12 . 2010-03-19 18:26 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-03-13 19:08 . 2010-03-17 19:06 -------- d-----w- c:\users\Vista\AppData\Roaming\mIRC . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-09 15:29 . 2008-10-29 14:36 1356 ----a-w- c:\users\Vista\AppData\Local\d3d9caps.dat 2010-04-09 06:14 . 2009-12-09 16:18 -------- d-----w- c:\programdata\EachDupeBias 2010-04-07 17:13 . 2009-02-07 16:14 -------- d-----w- c:\program files\CCleaner 2010-04-07 15:41 . 2009-03-10 20:16 -------- d-----w- c:\program files\Messenger Plus! Live 2010-04-06 19:11 . 2010-04-06 19:12 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2010-04-06 19:11 . 2010-04-06 19:12 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2010-04-06 18:42 . 2010-01-12 18:44 -------- d-----w- c:\program files\Common Files\Akamai 2010-04-06 18:32 . 2009-06-29 17:50 -------- d-----w- c:\program files\Common Files\Apple 2010-04-06 18:21 . 2008-10-29 16:25 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-04-06 18:18 . 2009-12-20 10:51 -------- d-----w- c:\program files\Common Files\Steam 2010-04-06 18:09 . 2009-01-19 13:17 -------- d-----w- c:\program files\Winamp 2010-04-06 13:58 . 2009-01-27 15:59 -------- d-----w- c:\users\Vista\AppData\Roaming\uTorrent 2010-04-03 10:09 . 2009-02-16 13:52 674280 ----a-w- c:\windows\system32\perfh013.dat 2010-04-03 10:09 . 2009-02-16 13:52 130700 ----a-w- c:\windows\system32\perfc013.dat 2010-04-02 16:47 . 2008-10-29 14:37 72400 ----a-w- c:\users\Vista\AppData\Local\GDIPFONTCACHEV1.DAT 2010-04-02 11:58 . 2008-11-02 16:22 38 ----a-w- c:\users\Vista\jagex_runescape_preferences.dat 2010-04-02 09:55 . 2009-12-08 17:13 -------- d-----w- c:\programdata\WindowsLiveInstaller 2010-04-02 09:54 . 2008-11-02 16:42 -------- d-----w- c:\program files\Windows Live 2010-03-29 17:06 . 2009-03-27 17:36 -------- d-----w- c:\program files\SwiftKit 2010-03-29 14:48 . 2009-03-11 18:00 -------- d-----w- c:\program files\TeamViewer 2010-03-29 14:39 . 2008-11-16 18:46 -------- d-----w- c:\program files\Google 2010-03-29 14:33 . 2009-03-03 17:35 -------- d-----w- c:\program files\DVDVideoSoft 2010-03-29 14:30 . 2009-03-03 17:35 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2010-03-22 17:10 . 2010-01-07 14:03 -------- d-----w- c:\program files\DNA 2010-03-19 20:30 . 2010-01-07 14:03 -------- d-----w- c:\program files\GamersFirst 2010-03-06 17:39 . 2010-03-06 17:39 -------- d-----w- c:\program files\AWS 2010-03-06 17:25 . 2010-03-06 17:25 -------- d-----w- c:\program files\Common Files\Java 2010-03-06 17:23 . 2010-03-06 17:23 -------- d-----w- c:\program files\Sun 2010-03-06 17:22 . 2008-10-29 16:56 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-03-06 17:05 . 2008-11-28 15:08 -------- d-----w- c:\program files\Java 2010-03-02 13:51 . 2009-12-09 16:19 -------- d-----w- c:\programdata\third lies itch ford 2010-02-20 16:36 . 2010-02-20 16:36 -------- d-----w- c:\program files\Funcom 2010-02-19 17:24 . 2010-02-19 17:24 -------- d-----w- c:\program files\Gameforge4D 2010-02-13 10:30 . 2010-02-13 10:30 -------- d-----w- c:\program files\Free Offers from Freeze.com 2010-02-11 12:38 . 2009-02-14 13:04 -------- d-----w- c:\users\Vista\AppData\Roaming\godzHell 2006-11-22 14:58 . 2006-11-22 14:58 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ------- Sigcheck ------- [-] 2009-09-05 . 5B8AB8E9F38BC52ECD183B099093C2BD . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952] "Google Update"="c:\users\Vista\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-02-04 135664] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920] "TrueTransparency"="c:\users\Vista\Desktop\Aero\TrueTransparency\TrueTransparency.exe" [2008-06-24 372224] "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184] "SoundMan"="SOUNDMAN.EXE" [2005-09-21 90112] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "snpstd2"="c:\windows\vsnpstd2.exe" [2007-04-13 307200] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-29 1086856] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2008-08-08 12:11 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-06-05 11:39 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-05-26 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3571811162-4242231129-1306086523-1000] "EnableNotificationsRef"=dword:00000001 R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-05-14 721904] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1106000.020\SYMDS.SYS [2009-08-30 328752] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1106000.020\SYMEFA.SYS [2010-02-04 172592] S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20090829.001\BHDrvx86.sys [2009-08-30 506928] S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1106000.020\ccHPx86.sys [2010-02-25 501888] S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100402.001\IDSvix86.sys [2009-10-28 343088] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1106000.020\Ironx86.SYS [2010-02-27 116784] S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NAV\1106000.020\SYMTDIV.SYS [2010-02-04 340016] S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.6.0.32\ccSvcHst.exe [2010-02-25 126392] S2 PostgreSQL;PostgreSQL Database Server;c:\program files\PostgreSQL\8.0-beta2-dev3\bin\pg_ctl.exe [2004-09-10 61625] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-29 102448] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . Inhoud van de 'Gedeelde Taken' map 2010-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3571811162-4242231129-1306086523-1000Core.job - c:\users\Vista\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-04 13:05] 2010-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3571811162-4242231129-1306086523-1000UA.job - c:\users\Vista\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-04 13:05] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage mStart Page = hxxp://www.troner.net/ . - - - - ORPHANS VERWIJDERD - - - - WebBrowser-{3AD798D0-4642-4C55-BC14-CFE7DD19E0D1} - (no file) HKLM-Run-TQ566808 - D:\Setup.exe MSConfigStartUp-HyvesDesktop - c:\progra~1\HYVESD~1\bin\HYVESD~1.EXE MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\2.bin\mwsoemon.exe MSConfigStartUp-RoboForm - c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe MSConfigStartUp-SandboxieControl - c:\program files\Sandboxie\SbieCtrl.exe MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-09 17:33 Windows 6.0.6001 Service Pack 1 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8346D1F8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0x862dc322 \Driver\ACPI -> acpi.sys @ 0x85b65d4c \Driver\atapi -> 0x8346c1f8 IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NAV] "ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.6.0.32\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.6.0.32\diMaster.dll\" /prefetch:1" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-3571811162-4242231129-1306086523-1000\Software\SecuROM\License information*] "datasecu"=hex:20,97,bb,22,16,a5,fc,d4,9d,e0,0a,43,fc,76,9e,40,e6,d9,59,5f,a7, d7,2b,5f,70,7f,81,1d,f9,14,2f,8c,d9,57,38,5e,8f,c5,cd,ca,90,f3,aa,f3,82,cb,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'Explorer.exe'(1732) c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll c:\program files\TortoiseSVN\bin\TortoiseStub.dll c:\program files\TortoiseSVN\bin\TortoiseSVN.dll c:\program files\TortoiseSVN\bin\intl3_tsvn.dll c:\windows\System32\NLSData0013.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\folding@homecpu\1\Fah.exe c:\folding@homecpu\1\FahCore_b4.exe c:\program files\PostgreSQL\8.0-beta2-dev3\bin\postmaster.exe c:\windows\system32\WUDFHost.exe c:\program files\PostgreSQL\8.0-beta2-dev3\bin\postgres.exe c:\program files\PostgreSQL\8.0-beta2-dev3\bin\postgres.exe c:\program files\PostgreSQL\8.0-beta2-dev3\bin\postgres.exe c:\program files\PostgreSQL\8.0-beta2-dev3\bin\postgres.exe c:\windows\system32\DllHost.exe c:\windows\system32\conime.exe c:\program files\TortoiseSVN\bin\TSVNCache.exe . ************************************************************************** . Voltooingstijd: 2010-04-09 17:52:10 - machine werd herstart ComboFix-quarantined-files.txt 2010-04-09 15:51 Pre-Run: 96.271.015.936 bytes beschikbaar Post-Run: 99.218.464.768 bytes beschikbaar - - End Of File - - A0D5A3E3A4DCA0F27521985F65F275E6