ComboFix 09-04-25.03 - Corrie 24-04-2009 23:50.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.3070.2076 [GMT 2:00] Gestart vanuit: c:\users\Corrie\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Corrie\Desktop\CFscript.txt * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((( Bestanden Gemaakt van 2009-05-24 to 2009-4-24 )))))))))))))))))))))))))))))) . 2009-04-22 19:57 . 2009-04-22 19:57 -------- d-----w c:\users\All Users\NortonInstaller 2009-04-22 19:57 . 2009-04-22 19:57 -------- d-----w c:\programdata\NortonInstaller 2009-04-21 21:42 . 2009-04-21 21:42 -------- d-----w c:\users\Corrie\AppData\Roaming\Malwarebytes 2009-04-21 21:42 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-21 21:42 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-21 21:42 . 2009-04-21 21:42 -------- d-----w c:\users\All Users\Malwarebytes 2009-04-21 21:42 . 2009-04-21 21:42 -------- d-----w c:\programdata\Malwarebytes 2009-04-20 20:42 . 2009-04-21 18:03 -------- d---a-w c:\users\All Users\TEMP 2009-04-20 20:42 . 2009-04-21 18:03 -------- d---a-w c:\programdata\TEMP 2009-04-20 20:42 . 2009-04-21 18:03 -------- d-----w c:\users\Corrie\AppData\Local\Promosoft Corporation 2009-04-19 18:44 . 2009-02-13 08:49 72704 ----a-w c:\windows\system32\secur32.dll 2009-04-19 18:44 . 2009-02-13 08:49 1255936 ----a-w c:\windows\system32\lsasrv.dll 2009-04-19 18:44 . 2009-03-17 03:38 13824 ----a-w c:\windows\system32\apilogen.dll 2009-04-19 18:44 . 2009-03-17 03:38 24064 ----a-w c:\windows\system32\amxread.dll 2009-04-16 18:43 . 2009-04-21 18:04 -------- d-----w c:\program files\RegistryFix7 2009-04-16 18:06 . 2009-04-16 18:06 -------- d-----w c:\users\All Users\AVS4YOU 2009-04-16 18:06 . 2009-04-16 18:06 -------- d-----w c:\programdata\AVS4YOU 2009-04-16 18:06 . 2009-04-16 18:06 -------- d-----w c:\users\Corrie\AppData\Roaming\AVS4YOU 2009-04-16 18:06 . 2009-04-21 18:03 -------- d-----w c:\program files\AVS4YOU 2009-04-16 18:06 . 2009-04-21 18:02 -------- d-----w c:\program files\Common Files\AVSMedia 2009-04-16 18:06 . 2008-06-19 08:53 24576 ----a-w c:\windows\system32\msxml3a.dll 2009-04-14 21:03 . 2009-04-14 21:03 -------- d-----w c:\program files\TomTom International B.V 2009-04-13 22:16 . 2008-06-20 01:14 97800 ----a-w c:\windows\system32\infocardapi.dll 2009-04-13 22:16 . 2008-06-20 01:14 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2009-04-13 22:16 . 2008-06-20 01:14 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll 2009-04-13 22:16 . 2008-06-20 01:14 37384 ----a-w c:\windows\system32\infocardcpl.cpl 2009-04-13 22:16 . 2008-06-20 01:14 11264 ----a-w c:\windows\system32\icardres.dll 2009-04-13 22:16 . 2008-06-20 01:14 622080 ----a-w c:\windows\system32\icardagt.exe 2009-04-13 22:16 . 2008-06-20 01:14 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll 2009-04-13 22:16 . 2008-06-20 01:14 326160 ----a-w c:\windows\system32\PresentationHost.exe 2009-04-13 22:07 . 2008-07-27 18:03 96760 ----a-w c:\windows\system32\dfshim.dll 2009-04-13 22:07 . 2008-07-27 18:03 282112 ----a-w c:\windows\system32\mscoree.dll 2009-04-13 22:07 . 2008-07-27 18:03 41984 ----a-w c:\windows\system32\netfxperf.dll 2009-04-13 22:07 . 2008-07-27 18:03 158720 ----a-w c:\windows\system32\mscorier.dll 2009-04-13 22:07 . 2008-07-27 18:03 83968 ----a-w c:\windows\system32\mscories.dll 2009-04-13 20:37 . 2009-04-13 20:37 -------- d-----w c:\users\Corrie\AppData\Local\WinZip 2009-04-13 20:35 . 2009-04-14 18:56 -------- d-----w c:\users\All Users\WinZip 2009-04-13 20:35 . 2009-04-14 18:56 -------- d-----w c:\programdata\WinZip 2009-04-09 22:57 . 2009-04-09 22:57 -------- d-----w c:\program files\TomTom DesktopSuite 2009-04-09 22:48 . 2009-04-09 22:48 -------- d-----w c:\users\Corrie\AppData\Roaming\Uniblue . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-24 21:11 . 2008-02-18 18:38 7179 ----a-w c:\windows\bthservsdp.dat 2009-04-24 21:11 . 2008-05-20 19:21 -------- d-----w c:\programdata\avg8 2009-04-24 11:38 . 2008-11-26 23:01 42462 ----a-w c:\users\All Users\nvModes.dat 2009-04-24 11:38 . 2008-11-26 23:01 42462 ----a-w c:\programdata\nvModes.dat 2009-04-22 21:46 . 2007-11-27 22:46 670308 ----a-w c:\windows\System32\perfh013.dat 2009-04-22 21:46 . 2007-11-27 22:46 127900 ----a-w c:\windows\System32\perfc013.dat 2009-04-16 18:24 . 2008-03-23 11:07 103552 ----a-w c:\users\Corrie\AppData\Local\GDIPFONTCACHEV1.DAT 2009-04-16 18:20 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail 2009-04-16 18:02 . 2008-04-12 21:09 -------- d-----w c:\programdata\Microsoft Help 2009-03-30 19:49 . 2009-03-24 19:49 -------- d-----w c:\users\Corrie\AppData\Roaming\Belastingdienst 2009-03-26 19:59 . 2007-11-27 16:00 -------- d-----w c:\program files\Java 2009-03-19 20:27 . 2009-03-19 20:26 -------- d-----w c:\users\Corrie\AppData\Roaming\NewsLeecher 2009-03-19 20:25 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat 2009-03-19 20:25 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat 2009-03-17 03:38 . 2009-04-19 18:44 40960 ----a-w c:\windows\AppPatch\apihex86.dll 2009-03-09 04:19 . 2008-11-30 09:37 410984 ----a-w c:\windows\System32\deploytk.dll 2009-03-03 04:46 . 2009-04-16 17:54 3599328 ----a-w c:\windows\System32\ntkrnlpa.exe 2009-03-03 04:46 . 2009-04-16 17:54 3547632 ----a-w c:\windows\System32\ntoskrnl.exe 2009-03-03 04:40 . 2009-04-16 17:54 827392 ----a-w c:\windows\System32\wininet.dll 2009-03-03 04:39 . 2009-04-16 17:54 183296 ----a-w c:\windows\System32\sdohlp.dll 2009-03-03 04:39 . 2009-04-16 17:54 551424 ----a-w c:\windows\System32\rpcss.dll 2009-03-03 04:39 . 2009-04-16 17:54 26112 ----a-w c:\windows\System32\printfilterpipelineprxy.dll 2009-03-03 04:37 . 2009-04-16 17:54 78336 ----a-w c:\windows\System32\ieencode.dll 2009-03-03 04:37 . 2009-04-16 17:54 98304 ----a-w c:\windows\System32\iasrecst.dll 2009-03-03 04:37 . 2009-04-16 17:54 54784 ----a-w c:\windows\System32\iasads.dll 2009-03-03 04:37 . 2009-04-16 17:54 44032 ----a-w c:\windows\System32\iasdatastore.dll 2009-03-03 03:04 . 2009-04-16 17:54 666624 ----a-w c:\windows\System32\printfilterpipelinesvc.exe 2009-03-03 02:38 . 2009-04-16 17:54 17408 ----a-w c:\windows\System32\iashost.exe 2009-03-03 02:28 . 2009-04-16 17:54 26624 ----a-w c:\windows\System32\ieUnatt.exe 2009-02-27 23:40 . 2009-02-27 22:57 -------- d-----w c:\programdata\BVRP Software 2009-02-27 23:40 . 2007-11-27 14:10 -------- d--h--w c:\program files\InstallShield Installation Information 2009-02-27 23:06 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat 2009-02-27 23:03 . 2009-02-27 23:03 -------- d-----w c:\program files\Common Files\Motorola Shared 2009-02-27 23:03 . 2009-02-27 23:03 0 ----a-w C:\DBS.TXT 2009-02-27 23:02 . 2009-02-27 23:00 -------- d-----w c:\program files\Avanquest update 2009-02-27 22:57 . 2009-02-27 22:57 9232 ----a-w c:\users\Corrie\mqdmmdfl.sys 2009-02-27 22:57 . 2009-02-27 22:57 92064 ----a-w c:\users\Corrie\mqdmmdm.sys 2009-02-27 22:57 . 2009-02-27 22:57 79328 ----a-w c:\users\Corrie\mqdmserd.sys 2009-02-27 22:57 . 2009-02-27 22:57 66656 ----a-w c:\users\Corrie\mqdmbus.sys 2009-02-27 22:57 . 2009-02-27 22:57 6208 ----a-w c:\users\Corrie\mqdmcmnt.sys 2009-02-27 22:57 . 2009-02-27 22:57 5936 ----a-w c:\users\Corrie\mqdmwhnt.sys 2009-02-27 22:57 . 2009-02-27 22:57 4048 ----a-w c:\users\Corrie\mqdmcr.sys 2009-02-27 22:57 . 2009-02-27 22:57 25600 ----a-w c:\users\Corrie\usbsermptxp.sys 2009-02-27 22:57 . 2009-02-27 22:57 22768 ----a-w c:\users\Corrie\usbsermpt.sys 2009-02-09 03:10 . 2009-03-11 19:38 2033152 ----a-w c:\windows\System32\win32k.sys 2008-11-26 22:27 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini 2008-09-24 21:39 . 2008-03-23 14:04 41702 ----a-w c:\users\Corrie\AppData\Roaming\nvModes.dat 2008-05-23 07:23 . 2008-05-23 07:23 680 ----a-w c:\users\Corrie\AppData\Local\d3d9caps.dat 2008-05-20 19:03 . 2008-05-20 19:03 47787248 ----a-w c:\program files\avg_free_stf_en_8_100a1295.exe 2008-04-12 20:25 . 2008-04-12 20:25 27810 ----a-w c:\users\Prinsenhof\AppData\Roaming\nvModes.dat 2008-04-12 20:01 . 2008-04-12 20:01 67496 ----a-w c:\users\Prinsenhof\AppData\Local\GDIPFONTCACHEV1.DAT 2008-03-26 00:14 . 2008-03-26 00:14 22 --sha-w c:\windows\SMINST\HPCD.sys . ((((((((((((((((((((((((((((( SnapShot@2009-04-22_20.35.00 ))))))))))))))))))))))))))))))))))))))))) . + 2006-11-02 07:29 . 2006-09-18 21:27 19429 c:\windows\winsxs\x86_microsoft-windows-com-dtc-tracing_31bf3856ad364e35_6.0.6001.18000_none_17df4ac2f2cf5440\msdtcvtr.bat + 2006-11-02 07:29 . 2006-09-18 21:27 19429 c:\windows\winsxs\x86_microsoft-windows-com-dtc-tracing_31bf3856ad364e35_6.0.6000.16386_none_15a888c6f5e4436c\msdtcvtr.bat + 2007-11-27 14:04 . 2009-04-24 21:14 50428 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2006-11-02 13:05 . 2009-04-24 21:14 85940 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-03-23 13:15 . 2009-04-24 21:14 10178 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2908287905-3208320803-360268843-1000_UserData.bin + 2006-11-02 07:29 . 2006-09-18 21:27 19429 c:\windows\System32\Msdtc\Trace\msdtcvtr.bat + 2008-03-23 09:49 . 2009-04-22 21:16 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-03-23 09:49 . 2009-04-22 20:28 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-03-23 09:49 . 2009-04-22 20:28 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-03-23 09:49 . 2009-04-22 21:16 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-03-23 09:49 . 2009-04-22 21:16 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-03-23 09:49 . 2009-04-22 20:28 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-03-23 14:47 . 2009-04-22 20:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-03-23 14:47 . 2009-01-21 22:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-03-23 14:47 . 2009-04-22 20:43 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-03-23 14:47 . 2009-01-21 22:05 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-03-23 14:47 . 2009-04-22 20:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-03-23 14:47 . 2009-01-21 22:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-04-22 20:25 . 2009-04-22 20:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2009-04-24 21:12 . 2009-04-24 21:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2009-04-22 20:25 . 2009-04-22 20:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-04-24 21:12 . 2009-04-24 21:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-11-27 22:09 . 2009-04-24 11:38 311396 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2006-11-02 10:33 . 2009-04-22 21:46 590082 c:\windows\System32\perfh009.dat - 2006-11-02 10:33 . 2009-04-20 22:27 590082 c:\windows\System32\perfh009.dat + 2006-11-02 10:33 . 2009-04-22 21:46 102094 c:\windows\System32\perfc009.dat - 2006-11-02 10:33 . 2009-04-20 22:27 102094 c:\windows\System32\perfc009.dat + 2006-11-02 12:43 . 2009-04-24 21:50 262144 c:\windows\System32\config\systemprofile\ntuser.dat - 2006-11-02 12:43 . 2009-04-22 20:29 262144 c:\windows\System32\config\systemprofile\ntuser.dat - 2006-11-02 12:47 . 2009-04-22 20:26 262144 c:\windows\ServiceProfiles\NetworkService\ntuser.dat + 2006-11-02 12:47 . 2009-04-24 21:14 262144 c:\windows\ServiceProfiles\NetworkService\ntuser.dat - 2006-11-02 12:47 . 2009-04-22 20:35 262144 c:\windows\ServiceProfiles\LocalService\ntuser.dat + 2006-11-02 12:47 . 2009-04-24 21:13 262144 c:\windows\ServiceProfiles\LocalService\ntuser.dat . -- Snapshot teruggezet naar huidige datum -- . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "TomTomHOME.exe"="f:\tomtom home 2\TomTomHOMERunner.exe" [2009-04-08 251240] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-11 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032] "OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-08-17 4702208] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-9-5 727592] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-25 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{7A131B37-F3CD-421B-B65F-5852191FD9B0}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{A037478E-C82F-4D4F-AC8D-B7A96FBD320B}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play "{59B4F034-9F79-43F0-AE8D-5BDAD212E282}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program "{C95D6BEA-00AE-424D-8F60-A474C3FE329D}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{DA66005E-48BB-46B2-82A6-C99F419E2AAB}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{54FFA355-ABCB-4DDD-BD5D-4C43B64A7863}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{E9DC2E78-67E8-42E2-9448-44DDFCB44F31}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{AAE42EF1-BFBD-413B-A0DA-8DF8BB0FEE63}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{9D693A93-6F65-4C52-85FA-7E4BC212FBA5}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{0641D5F4-1252-4D43-A764-6DAFA0BB3071}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{B55D611C-C102-4EA5-A3A0-5676334A858B}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{059DC97F-6400-4960-9900-959333DAFE26}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{7B794434-A586-45B7-A8E3-BAE1E350714A}"= UDP:f:\tomtom home 2\Uninstall TomTom HOME.exe:TomTom HOME 2 verwijderen "{5AE33FB5-AEAB-41B6-BCAE-4BE7985B4241}"= TCP:f:\tomtom home 2\Uninstall TomTom HOME.exe:TomTom HOME 2 verwijderen "{D0BB41A4-FE62-4F73-BA23-B95869D3580D}"= UDP:c:\users\Corrie\AppData\Local\Temp\7zSEEC2.tmp\SymNRT.exe:Norton Removal Tool "{85E90091-87D4-4115-BCD5-D703CA62A0D0}"= TCP:c:\users\Corrie\AppData\Local\Temp\7zSEEC2.tmp\SymNRT.exe:Norton Removal Tool "{E0A9FF7D-6537-433D-B070-CDF69E9A2C8A}"= UDP:c:\users\Corrie\AppData\Local\Temp\7zS2829.tmp\SymNRT.exe:Norton Removal Tool "{3228C559-54AA-40CA-A115-FAEE2A61B927}"= TCP:c:\users\Corrie\AppData\Local\Temp\7zS2829.tmp\SymNRT.exe:Norton Removal Tool S2 TomTomHOMEService;TomTomHOMEService;f:\tomtom home 2\TomTomHOMEService.exe [2009-04-08 92008] S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f91cc4bb-d759-11dd-83f9-001e37a7a3e3}] \shell\AutoRun\command - J:\InstallTomTomHOME.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Inhoud van de 'Gedeelde Taken' map . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.startpagina.nl/ mSearch Bar = IE: &AOL-werkbalk Search - c:\program files\aol\aol toolbar 5.0\resources\nl-NL\local\search.html IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: delft.nl\ega . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-24 23:53 Windows 6.0.6001 Service Pack 1 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'Explorer.exe'(2632) c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\system32\btmmhook.dll . Voltooingstijd: 2009-04-24 23:54 ComboFix-quarantined-files.txt 2009-04-24 21:54 ComboFix2.txt 2009-04-22 20:36 Pre-Run: 70.714.220.544 bytes beschikbaar Post-Run: 70.684.782.592 bytes beschikbaar 255 --- E O F --- 2009-04-24 21:01