ComboFix 08-11-02.01 - Elisa 2008-11-02 18:04:52.3 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1914 [GMT 1:00] Gestart vanuit: C:\Users\Elisa\Desktop\ComboFix.exe * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((( Bestanden Gemaakt van 2008-10-02 to 2008-11-02 )))))))))))))))))))))))))))))) . Geen nieuwe bestanden aangemaakt in deze periode . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-02 17:08 --------- d-----w C:\Users\Elisa\AppData\Roaming\Skype 2008-11-02 17:06 44,787,488 --sha-w C:\Windows\system32\drivers\fidbox.dat 2008-11-02 16:37 --------- d-----w C:\Program Files\YouTube Downloader 2008-11-02 16:36 --------- d-----w C:\ProgramData\Kaspersky Lab 2008-11-02 15:29 567,968 --sha-w C:\Windows\system32\drivers\fidbox.idx 2008-11-02 15:07 --------- d-----w C:\Users\Elisa\AppData\Roaming\skypePM 2008-11-01 13:01 96,976 ----a-w C:\Windows\system32\drivers\klin.dat 2008-11-01 13:01 87,855 ----a-w C:\Windows\system32\drivers\klick.dat 2008-11-01 11:06 112,144 ----a-w C:\Windows\system32\drivers\kl1.sys 2008-11-01 10:47 --------- d-----w C:\Program Files\Kaspersky Lab 2008-11-01 10:38 --------- d-----w C:\ProgramData\avg8 2008-10-21 13:32 --------- d-----w C:\Users\Elisa\AppData\Roaming\LimeWire 2008-10-19 13:45 --------- d-----w C:\ProgramData\WinZip 2008-10-17 17:25 --------- d-----w C:\Program Files\7-Zip 2008-10-16 20:03 --------- d-----w C:\Program Files\Windows Mail 2008-10-12 13:27 --------- d-----w C:\Program Files\CCleaner 2008-10-12 13:26 --------- d-----w C:\Users\Elisa\AppData\Roaming\Malwarebytes 2008-10-12 13:26 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2008-10-12 13:25 --------- d-----w C:\ProgramData\Malwarebytes 2008-10-12 13:10 --------- d-----w C:\Program Files\Trend Micro 2008-10-02 03:49 826,368 ----a-w C:\Windows\System32\wininet.dll 2008-10-02 03:49 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-10-02 03:49 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-10-02 03:48 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-09-21 13:54 --------- d-----w C:\Program Files\AVG 2008-09-21 13:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-09-21 13:27 --------- d-----w C:\ProgramData\Skype 2008-09-21 13:27 --------- d-----w C:\Program Files\Skype 2008-09-21 13:27 --------- d-----w C:\Program Files\Common Files\Skype 2008-09-21 13:24 --------- d-----w C:\ProgramData\Symantec 2008-09-18 04:35 3,505,208 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-09-18 04:35 3,470,904 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-09-18 02:03 2,027,520 ----a-w C:\Windows\System32\win32k.sys 2008-09-09 22:04 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys 2008-09-09 22:03 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys 2008-08-12 03:29 441,856 ----a-w C:\Windows\System32\win32spl.dll 2008-08-12 03:29 37,376 ----a-w C:\Windows\System32\printcom.dll 2008-08-06 03:27 428,032 ----a-w C:\Windows\System32\EncDec.dll 2008-08-06 03:21 292,352 ----a-w C:\Windows\System32\psisdecd.dll 2008-08-06 03:19 1,244,672 ----a-w C:\Windows\System32\mcmde.dll 2008-07-15 20:32 174 --sha-w C:\Program Files\desktop.ini 2008-03-29 08:36 76 --sh--r C:\Windows\CT4CET.bin . ((((((((((((((((((((((((((((( snapshot@2008-10-29_20.53.12.29 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-23 04:28:09 136,704 ----a-w C:\Windows\assembly\GAC_32\mcupdate\6.0.6000.0__31bf3856ad364e35\mcupdate.exe + 2008-08-06 03:28:43 136,704 ----a-w C:\Windows\assembly\GAC_32\mcupdate\6.0.6000.0__31bf3856ad364e35\mcupdate.exe - 2008-04-23 14:12:49 864,256 ----a-w C:\Windows\assembly\GAC_MSIL\ehepg\6.0.6000.0__31bf3856ad364e35\ehepg.dll + 2008-08-06 03:22:33 864,256 ----a-w C:\Windows\assembly\GAC_MSIL\ehepg\6.0.6000.0__31bf3856ad364e35\ehepg.dll - 2008-04-23 14:12:50 135,168 ----a-w C:\Windows\assembly\GAC_MSIL\ehexthost\6.0.6000.0__31bf3856ad364e35\ehexthost.exe + 2008-08-06 03:22:34 135,168 ----a-w C:\Windows\assembly\GAC_MSIL\ehexthost\6.0.6000.0__31bf3856ad364e35\ehexthost.exe - 2008-04-23 14:12:51 77,824 ----a-w C:\Windows\assembly\GAC_MSIL\ehiExtens\6.0.6000.0__31bf3856ad364e35\ehiExtens.dll + 2008-08-06 03:22:36 77,824 ----a-w C:\Windows\assembly\GAC_MSIL\ehiExtens\6.0.6000.0__31bf3856ad364e35\ehiExtens.dll - 2008-04-23 14:12:55 4,382,720 ----a-w C:\Windows\assembly\GAC_MSIL\ehshell\6.0.6000.0__31bf3856ad364e35\ehshell.dll + 2008-08-06 03:22:41 4,382,720 ----a-w C:\Windows\assembly\GAC_MSIL\ehshell\6.0.6000.0__31bf3856ad364e35\ehshell.dll - 2008-04-23 14:13:09 1,269,760 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Shell\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.Shell.dll + 2008-08-06 03:22:59 1,269,760 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.Shell\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.Shell.dll - 2008-04-23 14:13:09 2,351,104 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.UI.dll + 2008-08-06 03:23:00 2,351,104 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.UI.dll - 2008-04-23 14:13:08 217,088 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.dll + 2008-08-06 03:22:59 217,088 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.dll - 2008-04-23 05:11:35 21,504 ----a-w C:\Windows\ehome\ehdebug.dll + 2008-08-06 03:17:56 21,504 ----a-w C:\Windows\ehome\ehdebug.dll - 2008-04-23 14:12:49 864,256 ----a-w C:\Windows\ehome\ehepg.dll + 2008-08-06 03:22:33 864,256 ----a-w C:\Windows\ehome\ehepg.dll - 2008-04-23 14:12:50 135,168 ----a-w C:\Windows\ehome\ehexthost.exe + 2008-08-06 03:22:34 135,168 ----a-w C:\Windows\ehome\ehexthost.exe - 2008-04-23 04:27:00 372,224 ----a-w C:\Windows\ehome\ehglid.dll + 2008-08-06 03:27:39 372,224 ----a-w C:\Windows\ehome\ehglid.dll - 2008-04-23 14:12:51 77,824 ----a-w C:\Windows\ehome\ehiExtens.dll + 2008-08-06 03:22:36 77,824 ----a-w C:\Windows\ehome\ehiExtens.dll - 2008-04-23 05:11:36 105,472 ----a-w C:\Windows\ehome\ehPresenter.dll + 2008-08-06 03:17:59 105,472 ----a-w C:\Windows\ehome\ehPresenter.dll - 2008-04-23 05:11:36 254,464 ----a-w C:\Windows\ehome\ehReplay.dll + 2008-08-06 03:18:00 254,464 ----a-w C:\Windows\ehome\ehReplay.dll - 2008-04-23 05:11:36 10,103,808 ----a-w C:\Windows\ehome\ehres.dll + 2008-08-06 03:18:12 10,103,808 ----a-w C:\Windows\ehome\ehres.dll - 2008-04-23 14:12:55 4,382,720 ----a-w C:\Windows\ehome\ehshell.dll + 2008-08-06 03:22:41 4,382,720 ----a-w C:\Windows\ehome\ehshell.dll - 2008-04-23 05:11:36 18,944 ----a-w C:\Windows\ehome\ehtrace.dll + 2008-08-06 03:18:12 18,944 ----a-w C:\Windows\ehome\ehtrace.dll - 2008-04-23 05:11:36 521,216 ----a-w C:\Windows\ehome\ehui.dll + 2008-08-06 03:18:12 521,216 ----a-w C:\Windows\ehome\ehui.dll - 2008-04-23 05:11:36 1,498,112 ----a-w C:\Windows\ehome\ehuihlp.dll + 2008-08-06 03:18:13 1,498,112 ----a-w C:\Windows\ehome\ehuihlp.dll - 2008-04-23 05:11:51 6,656 ----a-w C:\Windows\ehome\McrMgr.dll + 2008-08-06 03:19:18 6,656 ----a-w C:\Windows\ehome\McrMgr.dll - 2008-04-23 03:56:48 172,544 ----a-w C:\Windows\ehome\McrMgr.exe + 2008-08-06 02:50:30 173,056 ----a-w C:\Windows\ehome\McrMgr.exe - 2008-04-23 04:28:09 136,704 ----a-w C:\Windows\ehome\mcupdate.exe + 2008-08-06 03:28:43 136,704 ----a-w C:\Windows\ehome\mcupdate.exe - 2008-04-23 14:13:08 217,088 ----a-w C:\Windows\ehome\Microsoft.MediaCenter.dll + 2008-08-06 03:22:59 217,088 ----a-w C:\Windows\ehome\Microsoft.MediaCenter.dll - 2008-04-23 14:13:09 1,269,760 ----a-w C:\Windows\ehome\Microsoft.MediaCenter.Shell.dll + 2008-08-06 03:22:59 1,269,760 ----a-w C:\Windows\ehome\Microsoft.MediaCenter.Shell.dll - 2008-04-23 14:13:09 2,351,104 ----a-w C:\Windows\ehome\Microsoft.MediaCenter.UI.dll + 2008-08-06 03:23:00 2,351,104 ----a-w C:\Windows\ehome\Microsoft.MediaCenter.UI.dll - 2008-06-14 11:54:56 51,200 ----a-w C:\Windows\inf\infpub.dat + 2008-11-01 10:48:31 51,200 ----a-w C:\Windows\inf\infpub.dat - 2008-06-14 11:54:55 86,016 ----a-w C:\Windows\inf\infstor.dat + 2008-11-01 10:48:31 86,016 ----a-w C:\Windows\inf\infstor.dat - 2008-06-14 11:54:55 86,016 ----a-w C:\Windows\inf\infstrng.dat + 2008-11-01 10:48:31 86,016 ----a-w C:\Windows\inf\infstrng.dat - 2008-10-29 19:07:02 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-11-02 16:35:49 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2008-10-29 19:07:02 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2008-11-02 16:35:49 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2008-10-29 19:09:19 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-11-02 16:38:04 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - 2008-10-29 19:51:35 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-11-02 17:07:46 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-11-02 17:07:46 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2008-10-29 19:07:53 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-11-02 16:38:12 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-10-29 19:07:53 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-11-02 16:38:12 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-10-29 19:07:53 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-11-02 16:38:12 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-10-29 19:47:23 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat + 2008-11-02 17:04:36 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat + 2008-11-01 10:46:36 147,984 ----a-w C:\Windows\System32\drivers\klif.sys + 2007-10-16 10:05:28 20,496 ----a-w C:\Windows\System32\drivers\klim6.sys + 2008-02-08 17:35:42 23,604 ----a-w C:\Windows\System32\drivers\klopp.dat + 2007-10-16 10:05:28 20,496 ----a-w C:\Windows\System32\DriverStore\FileRepository\klim6.inf_bb6bc382\klim6.sys - 2008-10-16 20:04:57 283,320 ----a-w C:\Windows\System32\FNTCACHE.DAT + 2008-11-01 10:41:22 282,000 ----a-w C:\Windows\System32\FNTCACHE.DAT + 2008-02-08 17:37:44 219,664 ----a-w C:\Windows\System32\klogon.dll + 2008-10-05 03:24:02 3,695,008 ----a-w C:\Windows\System32\Macromed\Flash\NPSWF32.dll + 2008-10-05 03:24:04 235,936 ----a-w C:\Windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2008-11-01 11:26:35 84,661 ----a-w C:\Windows\System32\Macromed\Flash\uninstall_plugin.exe - 2008-10-29 19:14:17 103,924 ----a-w C:\Windows\System32\perfc009.dat + 2008-11-02 16:40:52 103,924 ----a-w C:\Windows\System32\perfc009.dat - 2008-10-29 19:14:17 122,796 ----a-w C:\Windows\System32\perfc013.dat + 2008-11-02 16:40:52 122,796 ----a-w C:\Windows\System32\perfc013.dat - 2008-10-29 19:14:17 610,142 ----a-w C:\Windows\System32\perfh009.dat + 2008-11-02 16:40:52 610,142 ----a-w C:\Windows\System32\perfh009.dat - 2008-10-29 19:14:17 689,618 ----a-w C:\Windows\System32\perfh013.dat + 2008-11-02 16:40:52 689,618 ----a-w C:\Windows\System32\perfh013.dat - 2008-10-29 19:12:17 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT + 2008-10-30 17:09:39 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT - 2008-10-29 19:09:42 7,998 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2804593020-856812328-1304062013-1000_UserData.bin + 2008-11-02 16:38:30 8,602 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2804593020-856812328-1304062013-1000_UserData.bin - 2008-10-29 19:09:41 63,588 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-11-02 16:38:29 65,862 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-10-29 19:09:38 39,042 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-11-02 16:38:26 40,720 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin - 2008-10-29 19:14:43 137,296,021 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin + 2008-10-30 13:45:17 137,297,396 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin + 2008-08-06 03:28:23 864,256 ----a-w C:\Windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6000.16724_none_d9ab5d3ed1ce7791\ehepg.dll + 2008-08-06 03:22:33 864,256 ----a-w C:\Windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6000.20889_none_d9f91bf3eb183db4\ehepg.dll + 2008-08-06 03:28:25 135,168 ----a-w C:\Windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.16724_none_bcf0d9f4c1bddadc\ehexthost.exe + 2008-08-06 03:22:34 135,168 ----a-w C:\Windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.20889_none_bd3e98a9db07a0ff\ehexthost.exe + 2008-08-06 03:28:27 77,824 ----a-w C:\Windows\winsxs\msil_ehiextens_31bf3856ad364e35_6.0.6000.16724_none_fbd3e0d909c338d1\ehiExtens.dll + 2008-08-06 03:22:36 77,824 ----a-w C:\Windows\winsxs\msil_ehiextens_31bf3856ad364e35_6.0.6000.20889_none_fc219f8e230cfef4\ehiExtens.dll + 2008-08-06 03:28:32 4,374,528 ----a-w C:\Windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6000.16724_none_899e787f448205e3\ehshell.dll + 2008-08-06 03:22:41 4,382,720 ----a-w C:\Windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6000.20889_none_89ec37345dcbcc06\ehshell.dll + 2008-08-05 09:51:30 4,046,848 ----a-w C:\Windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6001.18115_none_8b90875b419f943a\ehshell.dll + 2008-08-06 04:03:14 4,046,848 ----a-w C:\Windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6001.22237_none_8c0684e25acb9e94\ehshell.dll + 2008-08-06 03:28:49 1,196,032 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.16724_none_4e9c1c3698c67c79\Microsoft.MediaCenter.Shell.dll + 2008-08-06 03:22:59 1,269,760 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.20889_none_4ee9daebb210429c\Microsoft.MediaCenter.Shell.dll + 2008-08-06 03:28:50 2,342,912 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.16724_none_312a6ae65a1a7993\Microsoft.MediaCenter.UI.dll + 2008-08-06 03:23:00 2,351,104 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.20889_none_3178299b73643fb6\Microsoft.MediaCenter.UI.dll + 2008-08-05 09:51:56 1,957,888 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.18115_none_331c79c2573807ea\Microsoft.MediaCenter.UI.dll + 2008-08-06 04:03:38 1,957,888 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.22237_none_3392774970641244\Microsoft.MediaCenter.UI.dll + 2008-08-06 03:28:48 217,088 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.16724_none_2385c3d9cf32e5a9\Microsoft.MediaCenter.dll + 2008-08-06 03:22:59 217,088 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.20889_none_23d3828ee87cabcc\Microsoft.MediaCenter.dll + 2008-08-06 03:28:43 136,704 ----a-w C:\Windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6000.16724_none_c6a4f64faeb4680c\mcupdate.exe + 2008-08-06 03:22:54 136,704 ----a-w C:\Windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6000.20889_none_c6f2b504c7fe2e2f\mcupdate.exe + 2008-08-05 09:51:47 140,288 ----a-w C:\Windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6001.18115_none_c897052babd1f663\mcupdate.exe + 2008-08-06 04:03:31 140,288 ----a-w C:\Windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6001.22237_none_c90d02b2c4fe00bd\mcupdate.exe + 2008-08-06 03:27:39 252,416 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.16724_none_12bf9ca3a298d741\ehReplay.dll + 2008-08-06 03:18:00 254,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.20889_none_130d5b58bbe29d64\ehReplay.dll + 2008-08-05 09:49:54 254,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.18115_none_14b1ab7f9fb66598\ehReplay.dll + 2008-08-06 03:56:06 254,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.22237_none_1527a906b8e26ff2\ehReplay.dll + 2008-08-06 03:27:40 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.16724_none_32320cf9dce03b9f\McrMgr.dll + 2008-08-06 03:27:11 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.16724_none_32320cf9dce03b9f\McrMgr.exe + 2008-08-06 03:19:18 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.20889_none_327fcbaef62a01c2\McrMgr.dll + 2008-08-06 02:50:30 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.20889_none_327fcbaef62a01c2\McrMgr.exe + 2008-01-19 07:34:44 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.18115_none_34241bd5d9fdc9f6\McrMgr.dll + 2008-08-05 09:49:28 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.18115_none_34241bd5d9fdc9f6\McrMgr.exe + 2008-08-06 03:57:56 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.22237_none_349a195cf329d450\McrMgr.dll + 2008-08-06 03:27:54 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.22237_none_349a195cf329d450\McrMgr.exe + 2008-08-06 03:27:39 21,504 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.16724_none_2de5dbb18528130f\ehdebug.dll + 2008-08-06 03:17:56 21,504 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.20889_none_2e339a669e71d932\ehdebug.dll + 2008-08-06 03:27:39 372,224 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.16724_none_2d43ff096d0817ea\ehglid.dll + 2008-08-06 03:17:58 372,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.20889_none_2d91bdbe8651de0d\ehglid.dll + 2008-08-05 09:49:54 373,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.18115_none_2f360de56a25a641\ehglid.dll + 2008-08-06 03:56:06 373,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.22237_none_2fac0b6c8351b09b\ehglid.dll + 2008-08-06 03:27:39 105,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.16724_none_24d0bc2864e02dde\ehPresenter.dll + 2008-08-06 03:17:59 105,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.20889_none_251e7add7e29f401\ehPresenter.dll + 2008-08-05 09:49:54 105,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.18115_none_26c2cb0461fdbc35\ehPresenter.dll + 2008-08-06 03:56:06 105,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.22237_none_2738c88b7b29c68f\ehPresenter.dll + 2008-08-06 03:21:59 10,094,080 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.16724_none_50142885535e3590\ehres.dll + 2008-08-06 03:18:12 10,103,808 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.20889_none_5061e73a6ca7fbb3\ehres.dll + 2008-08-06 03:27:39 18,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.16724_none_36c4edb116c5f8a5\ehtrace.dll + 2008-08-06 03:18:12 18,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.20889_none_3712ac66300fbec8\ehtrace.dll + 2008-08-06 03:27:39 517,632 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.16724_none_cccc40dbcc4dcbaa\ehui.dll + 2008-08-06 03:18:12 521,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.20889_none_cd19ff90e59791cd\ehui.dll + 2008-08-05 09:49:54 522,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.18115_none_cebe4fb7c96b5a01\ehui.dll + 2008-08-06 03:56:08 522,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.22237_none_cf344d3ee297645b\ehui.dll + 2008-08-06 03:27:39 1,497,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.16724_none_3a1333122e23804c\ehuihlp.dll + 2008-08-06 03:18:13 1,498,112 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.20889_none_3a60f1c7476d466f\ehuihlp.dll + 2008-08-06 03:27:40 1,244,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.16724_none_3d328dcd626a3334\mcmde.dll + 2008-08-06 03:19:18 1,244,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.20889_none_3d804c827bb3f957\mcmde.dll + 2008-08-12 03:29:17 37,376 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6000.16728_none_377f607173cc72c2\printcom.dll + 2008-08-12 03:29:18 441,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6000.16728_none_377f607173cc72c2\win32spl.dll + 2008-08-12 03:17:47 37,376 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6000.20893_none_37b84c568d275770\printcom.dll + 2008-08-12 03:18:17 444,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6000.20893_none_37b84c568d275770\win32spl.dll + 2008-01-19 07:36:07 37,888 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6001.18119_none_39716f4d70ea0119\printcom.dll + 2008-08-12 03:39:08 443,392 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6001.18119_none_39716f4d70ea0119\win32spl.dll + 2008-08-12 03:25:35 37,888 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6001.22241_none_39d29a048a2729fe\printcom.dll + 2008-08-12 03:25:37 443,392 ----a-w C:\Windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6001.22241_none_39d29a048a2729fe\win32spl.dll + 2008-08-06 03:27:39 428,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.16724_none_de803b00914caa46\EncDec.dll + 2008-08-06 03:18:16 428,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.20889_none_decdf9b5aa967069\EncDec.dll + 2008-08-05 09:49:58 428,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.18115_none_e07249dc8e6a389d\EncDec.dll + 2008-08-06 04:00:35 428,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.22237_none_e0e84763a79642f7\EncDec.dll + 2008-08-06 03:27:43 292,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.16724_none_da055cba59f5adf1\psisdecd.dll + 2008-08-06 03:21:05 292,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.20889_none_da531b6f733f7414\psisdecd.dll + 2008-08-05 09:49:58 293,376 ----a-w C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.18115_none_dbf76b9657133c48\psisdecd.dll + 2008-08-06 04:00:45 293,376 ----a-w C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.22237_none_dc6d691d703f46a2\psisdecd.dll . -- Snapshot teruggezet naar huidige datum -- . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-29 1232896] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-08-12 21741864] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-09-07 159744] "OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-08-28 36864] "SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-03-06 141848] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-03-06 166424] "Persistence"="C:\Windows\system32\igfxpers.exe" [2008-03-06 133656] "SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-03-29 77824] "DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-29 1838592] "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-13 16384] "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 278528] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-04-02 155648] "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-03-29 50688] QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2007-09-07 1180952] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-09-10 525664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{05076827-9ABA-41E6-9AEF-DC5EC6B4D290}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect "{242A5852-4223-448E-8DDB-3629444EBD95}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program "{7AAE9332-E017-4927-A0E9-D3F13881B5EA}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine "{2AB8E56B-351C-4DDA-A8CA-8ADC6252F992}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server "{4FD5B20B-67A5-4E32-AB05-BD0DEC1F73A9}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{903C4CD0-2268-4B4F-B367-971F17DB8540}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{084CF9F6-1B5E-467F-8B7E-AFAE103D6E1C}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{1316C82F-17EE-4D57-AD54-1F5C21C3ADB9}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{667256DC-1F23-4B23-96CB-D3CDCC1E1C36}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{198D3351-4E37-4A4F-B5B7-19E1C6A4A66C}"= C:\Program Files\Skype\Phone\Skype.exe:Skype "TCP Query User{C9BBE5C9-0B5B-4617-B037-AEFED7A4117A}C:\\kav\\kis7.0\\english\\setup.exe"= UDP:C:\kav\kis7.0\english\setup.exe:Kaspersky Internet Security 7.0 Setup "UDP Query User{9515FDB6-B194-4AA0-91B2-0D7441E4588F}C:\\kav\\kis7.0\\english\\setup.exe"= TCP:C:\kav\kis7.0\english\setup.exe:Kaspersky Internet Security 7.0 Setup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 20496] R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-11-12 73728] R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;C:\Windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616] R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-08-28 235520] R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-08-28 7424] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-29 278528] . Inhoud van de 'Gedeelde Taken' map 2008-11-02 C:\Windows\Tasks\User_Feed_Synchronization-{8B62664C-4413-4617-8657-F8668ED27C5E}.job - C:\Windows\system32\msfeedssync.exe [2006-11-02 10:45] . . ------- Bijkomende Scan ------- . FireFox -: Profile - C:\Users\Elisa\AppData\Roaming\Mozilla\Firefox\Profiles\8f58gsot.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.hln.be/ FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjava11.dll FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjava12.dll FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjava13.dll FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjava14.dll FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjava32.dll FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npoji610.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-02 18:08:07 Windows 6.0.6000 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- PROCES: C:\Windows\Explorer.exe -> ?:\Windows\system32\msi.dll . Voltooingstijd: 2008-11-02 18:10:22 ComboFix-quarantined-files.txt 2008-11-02 17:10:15 ComboFix2.txt 2008-10-29 19:54:13 Pre-Run: Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application. Post-Run: 51,065,053,184 bytes beschikbaar 350 --- E O F --- 2008-10-30 13:45:17