ComboFix 10-11-12.01 - Lammert 11/12/2010 18:46:31.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.1535.1036 [GMT 1:00] Running from: c:\documents and settings\Lammert\Bureaublad\ComboFix.exe AV: AVG Anti-Virus Free Edition 2011 *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Documenten\Server\admin.txt c:\documents and settings\All Users\Documenten\Server\server.dat c:\documents and settings\Lammert\Application Data\chkntfs.dat c:\windows\system32\cmqhubvn.ini c:\windows\system32\jkdvhpps.ini c:\windows\system32\oXIjmnmp.ini c:\windows\system32\oXIjmnmp.ini2 c:\windows\system32\rsAacccf.ini c:\windows\system32\rsAacccf.ini2 . ((((((((((((((((((((((((( Files Created from 2010-10-12 to 2010-11-12 ))))))))))))))))))))))))))))))) . 2010-11-12 11:10 . 2010-11-12 11:10 -------- d-----w- c:\program files\WarRock 2010-11-12 11:08 . 2010-11-12 11:08 -------- d-----w- c:\documents and settings\Lammert\Application Data\AVG10 2010-11-12 10:59 . 2010-11-12 10:59 -------- d-----w- c:\documents and settings\LocalService\Bureaublad 2010-11-12 10:59 . 2010-11-12 10:59 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files 2010-11-12 10:50 . 2010-11-12 10:50 -------- d-----w- C:\$AVG 2010-11-12 10:48 . 2010-11-12 10:48 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2010-11-11 18:10 . 2008-04-13 21:06 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys 2010-11-11 18:10 . 2008-04-13 23:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys 2010-11-11 18:09 . 2006-12-28 23:31 19569 ----a-w- c:\windows\005717_.tmp 2010-11-11 17:19 . 2010-11-11 17:19 -------- d-----w- c:\program files\Common Files\Java 2010-11-11 17:18 . 2010-11-11 17:18 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-11-11 17:18 . 2010-11-11 17:18 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-11-11 17:18 . 2010-11-11 17:18 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll 2010-11-11 05:49 . 2009-08-13 15:24 512000 -c----w- c:\windows\system32\dllcache\jscript.dll 2010-11-10 10:34 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll 2010-11-10 10:34 . 2010-06-08 16:10 790528 ----a-w- c:\windows\system32\xvidcore.dll 2010-11-10 10:34 . 2010-06-08 16:10 134144 ----a-w- c:\windows\system32\xvidvfw.dll 2010-11-10 10:34 . 2010-01-17 15:18 151552 ----a-w- c:\windows\system32\ac3acm.acm 2010-11-10 10:34 . 2008-09-24 18:41 839680 ----a-w- c:\windows\system32\lameACM.acm 2010-11-10 10:34 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll 2010-11-10 10:34 . 2010-10-18 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll 2010-11-10 10:34 . 2010-11-10 10:35 -------- d-----w- c:\program files\K-Lite Codec Pack 2010-10-23 17:10 . 2010-10-23 17:10 -------- d-----w- c:\program files\PokerStove 2010-10-18 08:32 . 2010-11-09 23:57 -------- d-----w- C:\Poker 2010-10-15 21:29 . 2008-04-13 23:10 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-28 21:55 . 2010-09-28 21:55 388096 ----a-r- c:\documents and settings\Lammert\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-09-24 13:26 . 2010-09-24 13:26 377 ----a-w- c:\documents and settings\Lammert\Local Settings\Application Data\postgresinstall.bat 2010-09-08 17:55 . 2002-02-09 23:00 72748 ----a-w- c:\windows\unins000.exe 2007-12-19 19:48 . 2007-12-19 19:46 459188632 ----a-w- c:\program files\ADBEIDSNCS3_WWE.exe 2007-12-19 17:51 . 2007-12-19 17:50 423321216 ----a-w- c:\program files\ADBEFLPRCS3_WWE.exe 2007-12-16 11:09 . 2007-12-16 11:09 1131046 ----a-w- c:\program files\winrar.exe 2007-12-14 21:14 . 2007-12-14 19:05 795278976 ----a-w- c:\program files\ADBEILSTCS3_WWE.exe 2007-12-14 21:14 . 2007-12-14 21:13 486108144 ----a-w- c:\program files\Adobe photoshop extended.exe 2007-12-08 15:26 . 2007-12-08 15:26 21321008 ----a-w- c:\program files\QuickTimeInstaller.exe 2007-12-08 12:43 . 2007-12-08 12:43 3003113 ----a-w- c:\program files\Setup_MagicISO.exe 2007-12-05 16:37 . 2007-12-05 16:37 595664 ----a-w- c:\program files\BitTorrent-6.0.exe 2007-12-04 22:20 . 2007-12-04 22:20 2402832 ----a-w- c:\program files\WLinstaller.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "Auslogics BoostSpeed"="c:\program files\Auslogics\Auslogics BoostSpeed\boostspeed.exe" [2009-08-04 475760] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-16 68856] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2010-02-24 323392] "Google Update"="c:\documents and settings\Lammert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-15 136176] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1368064] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152] "wcmdmgr"="c:\windows\wt\updater\wcmdmgrl.exe" [2001-01-25 20480] "Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 61440] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-16 185896] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2009-09-29 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-14 81920] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-30 413696] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Uilke\Menu Start\Programma's\Opstarten\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Nero BackItUp Scheduler 3"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Omerta Script\\mirc.exe"= "c:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"= "c:\\Program Files\\Xfire\\xfire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Nokia\\Devices\\Nokia_Mobile_Browser_Simulator\\nmb.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"= "c:\\Team17\\Worms World Party\\wwp.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "25999:TCP"= 25999:TCP:cs.xfire.com "5432:TCP"= 5432:TCP:postgres R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1-6-2009 9:57 691696] R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [12-12-2003 16:49 77312] R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [18-7-2008 17:18 33824] R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [10-11-2008 18:38 160792] R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [1-2-2008 3:02 65536] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 12:16 130384] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27-11-2009 20:15 135664] S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [9-11-2009 18:12 25088] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 12:16 753504] . Contents of the 'Scheduled Tasks' folder 2010-11-08 c:\windows\Tasks\AdobeAAMUpdater-1.0-HOME-0IW8LPQDDC-Lammert.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-08-15 01:44] 2010-11-08 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2010-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-27 19:15] 2010-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-27 19:15] 2010-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1767777339-725345543-1003Core.job - c:\documents and settings\Lammert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-10 09:16] 2010-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1767777339-725345543-1003UA.job - c:\documents and settings\Lammert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-10 09:16] 2010-11-12 c:\windows\Tasks\HPpromotions journeysoftware.job - c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 00:06] 2010-11-09 c:\windows\Tasks\WebReg Photosmart 2570 series.job - c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2005-05-11 00:06] . . ------- Supplementary Scan ------- . uStart Page = hxxp://ult.zurf.nl/ uInternet Settings,ProxyOverride = *.local IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll TCP: {DA222752-E084-46B4-BEC5-F58E9D4038B1} = 10.0.0.138 Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {19D6A3D5-EA50-4C3B-88F0-79627C325570} - hxxp://iloapp.perfectica.nl/gallery/executable/IlosoftMultipleImageUpload.dll FF - ProfilePath - c:\documents and settings\Lammert\Application Data\Mozilla\Firefox\Profiles\v2ha3sux.default\ FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/firefox?client=firefox-a&rls=org.mozilla:en-GB:official FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc68498&v=6.010.006.004&i=23&tp=ab&iy=&ychte=nl&lng=nl&q= FF - component: c:\documents and settings\Lammert\Application Data\Mozilla\Firefox\Profiles\v2ha3sux.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll FF - component: c:\documents and settings\Lammert\Application Data\Mozilla\Firefox\Profiles\v2ha3sux.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\documents and settings\Lammert\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Microsoft\Web Platform Installer\NPWPIDetector.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified . - - - - ORPHANS REMOVED - - - - AddRemove-Omerta Script_is1 - g:\omerta script\unins000.exe AddRemove-SimFarmv1.0 - c:\maxis\SimFarm\DeIsL1.isu ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-12 19:08 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-117609710-1767777339-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F1E3192E-377D-47D2-F384-61D7B6433763}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "abphepfnljipgmadefnkggngomkmncbmfc"=hex:61,61,00,00 "bbphepfnljipgmadefkkphjeibmialljeadc"=hex:61,61,00,00 [HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*] "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1072) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(1156) c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll - - - - - - - > 'explorer.exe'(1264) c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\PnkBstrA.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\program files\Canon\CAL\CALMAIN.exe c:\windows\system32\wscntfy.exe c:\windows\wt\updater\wcmdmgr.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe . ************************************************************************** . Completion time: 2010-11-12 19:14:33 - machine was rebooted ComboFix-quarantined-files.txt 2010-11-12 18:14 Pre-Run: 17,613,058,048 bytes beschikbaar Post-Run: 23,214,882,816 bytes beschikbaar WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn Current=2 Default=2 Failed=3 LastKnownGood=1 Sets=1,2,3,4 - - End Of File - - 67C3DA714488AB02C68FAC53EC603900