ComboFix 10-11-23.04 - Medion 24-11-2010  13:49:46.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.31.1043.18.3071.1899 [GMT 1:00]
Gestart vanuit: c:\users\Medion\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Medion\AppData\Roaming\download2

Besmet exemplaar van c:\windows\explorer.exe werd aangetroffen en gedesinfecteerd  
Hersteld exemplaar van - c:\windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe 

Besmet exemplaar van c:\windows\System32\wininit.exe werd aangetroffen en gedesinfecteerd  
Hersteld exemplaar van - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe 

Besmet exemplaar van c:\windows\explorer.exe werd aangetroffen en gedesinfecteerd  
Hersteld exemplaar van - c:\windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
Besmet exemplaar van c:\windows\System32\wininit.exe werd aangetroffen en gedesinfecteerd  
Hersteld exemplaar van - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
.
((((((((((((((((((((   Bestanden Gemaakt van 2010-10-24 to 2010-11-24  ))))))))))))))))))))))))))))))
.

2010-11-24 13:06 . 2010-11-24 13:21	--------	d-----w-	c:\users\Medion\AppData\Local\temp
2010-11-24 13:06 . 2010-11-24 13:06	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-11-24 07:25 . 2010-11-24 07:25	--------	d-----w-	c:\users\Medion\AppData\Local\Adobe
2010-11-24 07:01 . 2010-11-24 07:01	--------	d-----w-	c:\programdata\Norton
2010-11-24 07:01 . 2010-11-24 07:01	--------	d-----w-	c:\windows\system32\drivers\NSS
2010-11-24 07:01 . 2010-11-24 07:01	--------	d-----w-	c:\programdata\Symantec
2010-11-24 07:01 . 2010-11-24 07:01	--------	d-----w-	c:\program files\Norton Security Scan
2010-11-24 07:01 . 2010-11-24 07:01	--------	d-----w-	c:\program files\NortonInstaller
2010-11-23 20:50 . 2010-11-23 20:50	--------	d-----w-	c:\windows\system32\Adobe
2010-11-23 17:03 . 2010-11-23 17:03	--------	d-----w-	c:\users\Medion\AppData\Local\Apple
2010-11-23 15:24 . 2010-11-23 15:24	--------	d-----w-	c:\users\Medion\AppData\Local\Apple Computer
2010-11-23 11:09 . 2010-11-10 04:33	6273872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B18FEAFA-9554-4914-A14D-204F35B22244}\mpengine.dll
2010-11-20 16:19 . 2010-11-20 16:19	--------	dc-h--w-	c:\programdata\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-11-20 15:49 . 2010-11-20 15:49	--------	d-----w-	c:\program files\ESET
2010-11-20 15:37 . 2010-11-20 16:33	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2010-11-20 15:37 . 2010-11-20 15:40	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-11-20 14:53 . 2010-11-20 14:53	--------	d-----w-	c:\users\Medion\AppData\Roaming\Malwarebytes
2010-11-20 14:53 . 2010-04-29 14:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-20 14:53 . 2010-11-20 14:53	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-11-20 14:53 . 2010-11-20 14:53	--------	d-----w-	c:\programdata\Malwarebytes
2010-11-20 14:53 . 2010-04-29 14:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-11-20 14:45 . 2010-11-20 14:45	388096	----a-r-	c:\users\Medion\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-20 14:45 . 2010-11-20 14:45	--------	d-----w-	c:\program files\Trend Micro
2010-11-14 22:57 . 2010-10-07 11:35	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2010-10-27 09:55 . 2010-08-26 16:01	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2010-10-27 09:55 . 2010-08-26 14:11	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll

.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2009-10-03 10:12	222080	------w-	c:\windows\system32\MpSigStub.exe
2010-10-14 00:36 . 2010-10-14 00:36	15451288	----a-w-	c:\windows\system32\xlive.dll
2010-10-14 00:36 . 2010-10-14 00:36	13642904	----a-w-	c:\windows\system32\xlivefnt.dll
2010-09-20 09:25 . 2010-10-14 01:01	231936	----a-w-	c:\windows\system32\msshsq.dll
2010-09-10 16:37 . 2010-10-13 18:14	8147456	----a-w-	c:\windows\system32\wmploc.DLL
2010-09-08 17:26 . 2010-10-13 18:15	833024	----a-w-	c:\windows\system32\wininet.dll
2010-09-08 17:23 . 2010-10-13 18:15	78336	----a-w-	c:\windows\system32\ieencode.dll
2010-09-08 15:53 . 2010-10-13 18:15	389632	----a-w-	c:\windows\system32\html.iec
2010-09-08 15:28 . 2010-10-13 18:15	1383424	----a-w-	c:\windows\system32\mshtml.tlb
2010-09-08 10:17 . 2010-09-08 10:17	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17 . 2010-09-08 10:17	69632	----a-w-	c:\windows\system32\QuickTime.qts
2010-09-06 16:24 . 2010-10-13 18:14	125952	----a-w-	c:\windows\system32\srvsvc.dll
2010-09-06 16:23 . 2010-10-13 18:14	17920	----a-w-	c:\windows\system32\netevent.dll
2010-09-06 14:13 . 2010-10-13 18:14	303616	----a-w-	c:\windows\system32\drivers\srv.sys
2010-09-06 14:12 . 2010-10-13 18:14	145408	----a-w-	c:\windows\system32\drivers\srv2.sys
2010-09-06 14:12 . 2010-10-13 18:14	101888	----a-w-	c:\windows\system32\drivers\srvnet.sys
2010-08-31 15:41 . 2010-10-13 18:14	954752	----a-w-	c:\windows\system32\mfc40.dll
2010-08-31 15:41 . 2010-10-13 18:14	954288	----a-w-	c:\windows\system32\mfc40u.dll
2010-08-31 15:40 . 2010-10-13 18:16	531968	----a-w-	c:\windows\system32\comctl32.dll
2010-08-31 13:39 . 2010-10-13 18:13	2037248	----a-w-	c:\windows\system32\win32k.sys
2010-08-26 16:07 . 2010-10-13 18:14	157184	----a-w-	c:\windows\system32\t2embed.dll
2010-08-26 16:01 . 2010-10-27 09:55	173056	----a-w-	c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:01 . 2010-10-27 09:55	459776	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:01 . 2010-10-27 09:55	541696	----a-w-	c:\windows\apppatch\AcLayers.dll
2010-08-26 16:01 . 2010-10-27 09:55	2153984	----a-w-	c:\windows\apppatch\AcGenral.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-20 39408]
"Google Update"="c:\users\Medion\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-02-26 135664]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"RtHDVCpl"="RtHDVCpl.exe" [2007-11-14 4706304]
"Norman ZANDA"="c:\program files\Norman\Npm\Bin\ZLH.EXE" [2010-01-29 189824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-15 136600]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]

c:\users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk /r \??\L:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Medion^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2010-03-04 15:42	323392	----a-w-	c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40	687560	----a-w-	c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 14:36	305440	----a-w-	c:\program files\iTunes\iTunesHelper.exe

R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 GarenaPEngine;GarenaPEngine;c:\users\Medion\AppData\Local\Temp\NYM6B9F.tmp [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\nse\bin\NSESVC.EXE [2010-06-14 282624]
R3 NvcMFlt;NvcMFlt;c:\windows\system32\DRIVERS\nvcv32mf.sys [2009-10-14 23392]
R3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\Nvc\bin\nvcoas.exe [2010-08-12 210248]
R3 NVCScheduler;Norman Virus Control Scheduler;c:\program files\Norman\Nvc\BIN\NVCSCHED.EXE [x]
R3 Scheduler;Norman Scheduler Service;c:\program files\Norman\Npm\Bin\scheduler.exe [2009-10-15 133272]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2009-08-27 16168]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-05-01 717296]
S1 NGS;Norman General Security Driver;c:\program files\norman\ngs\bin\ngs.sys [2010-01-04 26744]
S1 NPROSEC;Norman Security driver;c:\program files\Norman\Ngs\Bin\nprosec.sys [2010-05-10 72392]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 Ndiskio;Ndiskio;c:\program files\Norman\Nse\bin\NDISKIO.SYS [2009-10-09 22880]
S2 NNFSVC;Norman Network Filtering service;c:\program files\Norman\Ngs\Bin\Nnf.exe [2010-06-24 219904]
S2 NPROSECSVC;Norman Security service;c:\program files\Norman\Ngs\Bin\Nprosec.exe [2010-05-07 103016]
S2 nregsec;Norman Registry Security driver;c:\program files\Norman\Ngs\Bin\nregsec.sys [2010-05-14 40384]
S2 NVOY;Norman Resource Provider;c:\program files\Norman\npm\bin\nvoy.exe [2010-03-15 98776]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-11-23 4497704]
S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-23 113448]
S3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2007-08-22 1242976]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-09-21 554496]
S3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys [2009-07-09 13480]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
Inhoud van de 'Gedeelde Taken' map

2010-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 15:08]

2010-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 15:08]

2010-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2528399305-1177107898-1572847662-1000Core.job
- c:\users\Medion\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-02 14:13]

2010-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2528399305-1177107898-1572847662-1000UA.job
- c:\users\Medion\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-02 14:13]

2010-11-24 c:\windows\Tasks\Norton Security Scan for Medion.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-11-24 08:48]
.
.
------- Bijkomende Scan -------
.
mSearch Bar = hxxp://www.google.com/ie
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\8423gq0s.default\
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\TabletPlugins\npwacom.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Medion\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\Medion\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true);  // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true);  // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS VERWIJDERD - - - -

HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKLM-Run-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-toolbar_eula_launcher - c:\program files\GoogleEULA\EULALauncher.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-24 14:21
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ... 

scannen van verborgen autostart items ... 

scannen van verborgen bestanden ... 

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6001 Disk: WDC_WD50 rev.01.0 -> Harddisk0\DR0 -> \Device\00000057 

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x857251F8]<< 
_asm { MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX; PUSH 0x85725008; MOV EAX, 0x806a34a0; CALL EAX;  }
1 ntkrnlpa!IofCallDriver[0x820BD05F] -> \Device\Harddisk0\DR0[0x86681A80]
3 CLASSPNP[0x8A9AB745] -> ntkrnlpa!IofCallDriver[0x820BD05F] -> [0x8575AE00]
5 acpi[0x805B16A0] -> ntkrnlpa!IofCallDriver[0x820BD05F] -> \Device\00000056[0x85766340]
\Driver\nvstor32[0x85789B50] -> IRP_MJ_CREATE -> 0x857251F8
kernel: MBR read successfully
_asm { ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL; ADD [BX+SI], AL;  }
detected disk devices:
detected hooks:
\Driver\atapi -> 0x857241f8
user != kernel MBR !!! 
sectors 976773166 (+190): user != kernel
Warning: possible MBR rootkit infection !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\Medion\AppData\Local\Temp\NYM6B9F.tmp"
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Norman\Npm\Bin\Elogsvc.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Norman\Npm\Bin\Zanda.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\WTouch\WTouchUser.exe
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\conime.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\users\Medion\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Voltooingstijd: 2010-11-24  14:28:05 - machine werd herstart
ComboFix-quarantined-files.txt  2010-11-24 13:28

Pre-Run: 312.809.644.032 bytes beschikbaar
Post-Run: 313.741.291.520 bytes beschikbaar

- - End Of File - - 97D8661811F050B85AFD5C95AE84CF86