ComboFix 10-05-28.08 - Administrator 29-05-2010 16:07:56.11.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1015.534 [GMT 2:00] Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix1.exe AV: Norman Security Suite *On-access scanning disabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1} FW: Norman Security Suite *disabled* {83B29CE9-9DE2-2CB5-9AB3-780D70FF12B0} * Aanwezig AV is actief . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\hpe3B.dll c:\windows\system32\Thumbs.db . (((((((((((((((((((( Bestanden Gemaakt van 2010-04-28 to 2010-05-29 )))))))))))))))))))))))))))))) . 2010-05-29 14:57 . 2010-05-29 14:57 114688 ----a-w- c:\windows\system32\chg.exe 2010-05-27 21:06 . 2010-05-27 21:05 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-05-22 23:11 . 2010-05-22 23:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer 2010-05-02 12:47 . 2008-01-09 10:28 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-29 14:57 . 2008-10-11 17:05 -------- d-----w- c:\program files\Norman 2010-05-28 19:33 . 2009-03-07 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-05-27 21:40 . 2009-06-14 00:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Zylom 2010-05-27 21:29 . 2010-05-27 21:29 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-05-27 21:06 . 2010-05-27 21:06 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3a326587-n\msvcp71.dll 2010-05-27 21:06 . 2010-05-27 21:06 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3a326587-n\jmc.dll 2010-05-27 21:06 . 2010-05-27 21:06 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3a326587-n\msvcr71.dll 2010-05-27 21:06 . 2010-05-27 21:06 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-64b13ee4-n\decora-sse.dll 2010-05-27 21:06 . 2010-05-27 21:06 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-64b13ee4-n\decora-d3d.dll 2010-05-27 21:03 . 2010-01-02 12:21 -------- d-----w- c:\program files\DominateGame 2010-05-27 15:15 . 2009-02-24 11:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-25 21:34 . 2009-03-27 12:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent 2010-05-24 17:13 . 2008-10-30 16:01 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-05-15 15:40 . 2006-08-21 18:14 -------- d-----w- c:\program files\Java 2010-05-15 15:40 . 2006-08-21 18:14 -------- d-----w- c:\program files\Common Files\Java 2010-05-12 01:14 . 2008-10-25 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-05-02 12:43 . 2009-04-20 10:44 -------- d-----w- c:\program files\Sony Ericsson 2010-05-02 12:43 . 2006-08-21 18:06 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-05-02 12:42 . 2009-04-20 11:05 -------- d-----w- c:\program files\Avanquest update 2010-05-02 12:32 . 2009-06-05 16:20 -------- d-----w- c:\program files\uTorrent 2010-04-29 13:39 . 2009-02-24 11:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 13:39 . 2009-02-24 11:01 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-29 09:07 . 2004-09-08 07:54 94448 ----a-w- c:\windows\system32\perfc013.dat 2010-04-29 09:07 . 2004-09-08 07:54 521242 ----a-w- c:\windows\system32\perfh013.dat 2010-04-29 09:04 . 2010-04-29 09:04 -------- d-----w- c:\program files\Cisco Systems 2010-04-24 17:00 . 2009-07-28 16:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype 2010-04-24 15:06 . 2009-07-28 16:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM 2010-04-01 19:31 . 2010-03-28 22:29 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2010-04-01 19:31 . 2010-03-28 22:28 0 ----a-w- c:\windows\system32\drivers\logiflt.iad 2010-03-28 18:33 . 2010-03-28 18:33 50354 ----a-w- c:\documents and settings\Administrator\Application Data\Facebook\uninstall.exe 2010-03-13 02:20 . 2010-03-13 02:20 79488 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_18\gtapi.dll 2010-03-13 02:20 . 2010-03-13 02:55 923936 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\JRERunOnce.exe 2010-03-10 06:17 . 2004-08-04 08:00 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-06 05:30 . 2010-03-06 05:30 847040 ----a-w- c:\documents and settings\Administrator\Application Data\Facebook\axfbootloader.dll 2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\Administrator\Application Data\Facebook\npfbplugin_1_0_3.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2008-10-08 13:09 . 2008-10-08 13:09 22 -csha-w- c:\windows\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Vid"="c:\program files\Logitech\Logitech Vid\Vid.exe" [2010-02-12 5933912] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304] "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 184320] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-10 761945] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "ScreenPrint32"="c:\program files\ScreenPrint32 v3\ScreenPrint32.exe" [2003-05-15 446464] "Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-02-15 892928] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-01-23 802816] "Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-04 417792] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 131072] "PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 122880] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-20 137752] "Norman ZANDA"="c:\program files\Norman\Npm\Bin\ZLH.EXE" [2009-11-24 189824] "MsmqIntCert"="mqrt.dll" [2008-04-14 177152] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-20 141848] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-20 166424] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-31 122940] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960] "CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Administrator\Menu Start\Programma's\Opstarten\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-2-15 581693] DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-10-8 184320] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] 2005-07-25 18:41 40960 ----a-w- c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "c:\\WINDOWS\\SMINST\\Scheduler.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "63095:UDP"= 63095:UDP:Utorrent "63095:TCP"= 63095:TCP:Utorrent R0 NDIS_RD;Norman Firewall NDIS driver;c:\windows\system32\drivers\ndis_rd.sys [24-2-2009 13:38 82072] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11-6-2009 21:09 721904] R1 NGS;Norman General Security Driver;c:\program files\Norman\Ngs\Bin\ngs.sys [5-3-2009 15:15 25032] R1 NPROSEC;Norman Security driver;c:\program files\Norman\Ngs\Bin\nprosec.sys [24-2-2009 13:38 61512] R1 TDI_RD;Norman Firewall TDI driver;c:\windows\system32\drivers\tdi_rd.sys [24-2-2009 13:38 76944] R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [4-8-2004 10:00 14336] R2 Ndiskio;Ndiskio;c:\program files\Norman\Nse\Bin\Ndiskio.sys [16-10-2009 20:00 24168] R2 NPFSvc32;Norman Personal Firewall Service;c:\program files\Norman\npf\bin\npfsvc32.exe [24-2-2009 13:38 566656] R2 NPROSECSVC;Norman Security service;c:\program files\Norman\Ngs\Bin\nprosec.exe [24-2-2009 13:38 103752] R2 NVOY;Norman Resource Provider;c:\program files\Norman\Npm\Bin\nvoy.exe [24-2-2009 13:39 97752] R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2-5-2010 14:43 90112] R3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\Nse\Bin\Nsesvc.exe [10-12-2009 18:52 283976] R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [24-2-2009 13:38 21832] R3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\nvc\bin\Nvcoas.exe [24-2-2009 13:38 202056] R3 Scheduler;Norman Scheduler Service;c:\program files\Norman\Npm\Bin\scheduler.exe [12-5-2009 23:27 133272] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2-5-2010 14:47 27632] S3 NVCScheduler;Norman Virus Control Scheduler;"c:\program files\Norman\Npm\Bin\Nvcsched.exe" --> c:\program files\Norman\Npm\Bin\Nvcsched.exe [?] S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [20-4-2009 12:45 90408] S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [20-4-2009 12:45 15016] S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [20-4-2009 12:45 122024] S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [20-4-2009 12:45 115368] S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [20-4-2009 12:45 25768] S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [20-4-2009 12:45 111784] S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [20-4-2009 12:45 117544] S4 gupdate1c99f5bd8902d1c;Google Updateservice (gupdate1c99f5bd8902d1c);c:\program files\Google\Update\GoogleUpdate.exe [7-3-2009 21:35 133104] --- Andere Services/Drivers In Geheugen --- *Deregistered* - mchInjDrv [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASChannel . Inhoud van de 'Gedeelde Taken' map 2010-05-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2010-05-29 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-07 16:26] 2010-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-07 19:35] 2010-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-07 19:35] 2010-05-29 c:\windows\Tasks\User_Feed_Synchronization-{EA63F620-F611-42DD-A5B6-46ECFB9CE72D}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Verzenden naar &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ptx8i4a9.default\ FF - prefs.js: browser.search.selectedEngine - DAEMON Search FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ptx8i4a9.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ptx8i4a9.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll FF - plugin: c:\documents and settings\Administrator\Application Data\Facebook\npfbplugin_1_0_3.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-29 16:58 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ???HZ??????(?@???????@ scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys spkh.sys >>UNKNOWN [0x86787938]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf755ef28 \Driver\ACPI -> ACPI.sys @ 0xf72b7cb8 \Driver\atapi -> atapi.sys @ 0xf722eb40 \Driver\iaStor -> iaStor.sys @ 0xf71907b0 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 user & kernel MBR OK malicious code @ sector 0xba50a90 size 0x1b4 ! copy of MBR has been found in sector 62 ! PE file found in sector at 0x0BA50A90 ! ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-2880723128-196248389-2616108540-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6c,7d,a6,3a,cb,ec,43,46,8b,60,c6,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6c,7d,a6,3a,cb,ec,43,46,8b,60,c6,\ . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(692) c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll c:\program files\HPQ\IAM\Bin\ASChnl.dll c:\program files\HPQ\IAM\Bin\ItMsg.dll - - - - - - - > 'explorer.exe'(500) c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\program files\Norman\nvc\bin\Niphk.dll c:\program files\HPQ\IAM\Bin\SFSShell.dll c:\program files\HPQ\IAM\bin\ItMsg.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Norman\Npm\Bin\Elogsvc.exe c:\program files\Norman\Npm\Bin\Zanda.exe c:\windows\system32\DllHost.exe c:\program files\HPQ\IAM\bin\asghost.exe c:\windows\system32\msdtc.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\windows\system32\igfxsrvc.exe c:\windows\system32\mqsvc.exe c:\program files\Windows Media Player\WMPNetwk.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files\Norman\npf\bin\npfuser.exe c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe c:\windows\system32\mqtgsvc.exe c:\program files\Norman\Npm\Bin\Njeeves.exe c:\progra~1\HPQ\Shared\HPQTOA~1.EXE c:\program files\Norman\Nvc\Bin\Nip.exe c:\program files\Norman\Nvc\Bin\cclaw.exe . ************************************************************************** . Voltooingstijd: 2010-05-29 17:05:56 - machine werd herstart ComboFix-quarantined-files.txt 2010-05-29 15:05 ComboFix2.txt 2009-10-25 21:48 ComboFix3.txt 2009-10-25 21:17 ComboFix4.txt 2009-10-25 17:54 ComboFix5.txt 2010-05-29 14:03 Pre-Run: 14.697.922.560 bytes beschikbaar Post-Run: 16.581.365.760 bytes beschikbaar - - End Of File - - 25EF8583E1F79BDFC4199DC63766E617