ComboFix 09-05-02.4 - Lars 02/05/2009 14:24.6 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.895.378 [GMT 2:00] Gestart vanuit: c:\documents and settings\Lars\Bureaublad\ComboFix.exe AV: Norton AntiVirus 2006 *On-access scanning disabled* (Updated) AV: Panda Global Protection 2009 *On-access scanning disabled* (Updated) FW: Norton Internet Worm Protection *disabled* FW: Panda Personal Firewall 2009 *disabled* . (((((((((((((((((((( Bestanden Gemaakt van 2009-04-02 to 2009-05-02 )))))))))))))))))))))))))))))) . 2009-05-02 11:52 . 2009-05-02 11:52 -------- d--h--r c:\documents and settings\Lars\Onlangs geopend 2009-04-29 05:13 . 2009-04-29 05:13 -------- d-sh--w C:\FOUND.057 2009-04-28 21:25 . 2009-05-02 11:52 13880 ----a-w c:\windows\system32\drivers\COMFiltr.sys 2009-04-27 20:10 . 2009-04-27 20:10 -------- d-----w c:\documents and settings\Lars\Application Data\Datalayer 2009-04-22 15:11 . 2009-04-29 20:00 12 ----a-w c:\windows\bthservsdp.dat 2009-04-21 19:32 . 2009-04-21 19:32 -------- d-----w c:\documents and settings\Lars\Application Data\TOSHIBA 2009-04-21 19:31 . 2009-04-21 19:31 -------- d-----w c:\documents and settings\Lars\Local Settings\Application Data\Toshiba 2009-04-21 18:49 . 2007-01-12 19:16 40576 ----a-w c:\windows\system32\drivers\tosrfusb.sys 2009-04-21 18:49 . 2007-01-12 19:41 113792 ----a-w c:\windows\system32\drivers\tosrfbd.sys 2009-04-21 18:49 . 2007-01-24 12:57 73728 ----a-w c:\windows\system32\drivers\Tosrfhid.sys 2009-04-21 18:49 . 2006-11-20 15:55 36480 ----a-w c:\windows\system32\drivers\tosrfbnp.sys 2009-04-21 18:49 . 2005-01-06 11:42 18612 ----a-w c:\windows\system32\drivers\tosrfnds.sys 2009-04-21 18:49 . 2007-01-22 08:43 53376 ----a-w c:\windows\system32\drivers\TosRfSnd.sys 2009-04-21 18:49 . 2005-08-01 14:45 64896 ----a-w c:\windows\system32\drivers\tosrfcom.sys 2009-04-21 18:49 . 2006-10-10 17:33 41600 ----a-w c:\windows\system32\drivers\tosporte.sys 2009-04-21 18:49 . 2009-04-21 18:49 -------- d-----w c:\program files\Toshiba 2009-04-21 16:59 . 2009-04-21 16:59 -------- d-----w c:\program files\Trend Micro 2009-04-18 14:42 . 2009-04-18 14:42 -------- d-----w c:\program files\CCleaner 2009-04-17 13:32 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-17 13:32 . 2009-03-06 14:23 285696 ------w c:\windows\system32\dllcache\pdh.dll 2009-04-17 13:32 . 2009-02-09 11:27 111104 ------w c:\windows\system32\dllcache\services.exe 2009-04-17 13:32 . 2009-02-09 10:56 401408 ------w c:\windows\system32\dllcache\rpcss.dll 2009-04-17 13:32 . 2009-02-09 10:56 473600 ------w c:\windows\system32\dllcache\fastprox.dll 2009-04-17 13:32 . 2009-02-09 10:56 684544 ------w c:\windows\system32\dllcache\advapi32.dll 2009-04-17 13:32 . 2009-02-09 10:56 734208 ------w c:\windows\system32\dllcache\lsasrv.dll 2009-04-17 13:32 . 2009-02-09 10:56 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-17 13:32 . 2009-02-09 10:56 735744 ------w c:\windows\system32\dllcache\ntdll.dll 2009-04-17 13:29 . 2008-04-21 21:16 218624 ------w c:\windows\system32\dllcache\wordpad.exe 2009-04-16 14:30 . 2009-04-16 14:30 -------- d-----w c:\documents and settings\Lars\Application Data\Symantec 2009-04-16 14:24 . 2009-04-16 14:24 -------- d-----w c:\program files\Norton AntiVirus 2009-04-16 14:24 . 2009-04-16 14:24 10344 ----a-w c:\windows\system32\drivers\symlcbrd.sys 2009-04-16 14:24 . 2005-09-17 05:20 108168 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS 2009-04-16 14:24 . 2005-09-17 05:20 87768 ----a-w c:\windows\system32\S32EVNT1.DLL 2009-04-16 14:24 . 2009-04-16 14:24 -------- d-----w c:\program files\Symantec 2009-04-12 20:48 . 2009-04-12 20:49 117216 ----a-w c:\windows\system32\GDIPFONTCACHEV1.DAT 2009-04-12 12:07 . 2009-04-12 12:07 -------- d-----w c:\documents and settings\Lars\Application Data\SteelSeries 2009-04-12 12:06 . 2008-04-15 07:05 11136 ----a-w c:\windows\system32\drivers\Mo3Fltr.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-02 12:10 . 2006-09-08 19:40 6 ---ha-w c:\windows\Tasks\SA.DAT 2009-05-02 11:53 . 2009-02-24 07:45 220 ----a-w c:\windows\Tasks\OGALogon.job 2009-05-02 11:52 . 2008-12-23 22:48 1132 ----a-w c:\windows\system32\drivers\APPFLTR.CFG.bck 2009-05-02 11:52 . 2008-12-23 22:48 1132 ----a-w c:\windows\system32\drivers\APPFLTR.CFG 2009-04-30 14:35 . 2008-12-23 22:48 314292 ----a-w c:\windows\system32\drivers\APPFCONT.DAT.bck 2009-04-30 14:35 . 2008-12-23 22:48 314292 ----a-w c:\windows\system32\drivers\APPFCONT.DAT 2009-04-28 22:00 . 2009-02-24 07:45 220 ----a-w c:\windows\Tasks\OGADaily.job 2009-04-22 15:10 . 2006-09-08 19:09 85636 ----a-w c:\windows\system32\perfc013.dat 2009-04-22 15:10 . 2006-09-08 19:09 476858 ----a-w c:\windows\system32\perfh013.dat 2009-04-17 18:57 . 2009-04-16 14:54 526 ----a-w c:\windows\Tasks\Norton AntiVirus - Volledige systeemscan uitvoeren - Lars.job 2009-04-16 09:03 . 2008-12-24 16:46 284 ----a-w c:\windows\Tasks\AppleSoftwareUpdate.job 2009-04-12 20:49 . 2007-01-01 12:56 8224 ----a-w c:\documents and settings\Lars\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-10 13:00 . 2008-06-16 17:55 406 ----a-w c:\windows\Tasks\Norton Security Scan.job 2009-04-07 22:02 . 2008-12-23 22:47 496 ----a-w c:\windows\Tasks\Basis-opruiming.job 2009-04-01 17:20 . 2009-04-01 06:04 2457 ---h--w c:\windows\nl49f4d98.dat 2009-03-31 11:30 . 2009-03-31 11:30 1 ---h--w c:\windows\nlmark2.dat 2009-03-17 15:07 . 2008-12-23 22:46 87296 ----a-w c:\windows\system32\PavLspHook.dll 2009-03-09 18:22 . 2009-03-09 18:22 -------- d-----w c:\program files\Any Video Converter Professional 2009-03-09 16:31 . 2009-03-09 16:31 -------- d-----w c:\program files\Any Video Converter 2009-03-06 14:23 . 2004-09-02 03:00 285696 ----a-w c:\windows\system32\pdh.dll 2009-03-03 00:16 . 2006-01-09 18:04 826368 ----a-w c:\windows\system32\wininet.dll 2009-02-20 17:18 . 2004-09-02 03:00 78336 ----a-w c:\windows\system32\ieencode.dll 2009-02-19 21:07 . 2009-02-19 17:54 118428 ----a-w c:\documents and settings\Lars\Application Data\MyPictures.zip 2009-02-09 13:08 . 2004-09-02 03:00 1846912 ----a-w c:\windows\system32\win32k.sys 2009-02-09 11:27 . 2005-09-29 18:31 2028544 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-09 11:27 . 2005-09-29 18:31 2149888 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-09 11:27 . 2004-09-02 03:00 111104 ----a-w c:\windows\system32\services.exe 2009-02-09 10:56 . 2004-09-02 03:00 734208 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 10:56 . 2004-09-02 03:00 684544 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 10:56 . 2004-09-02 03:00 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 10:56 . 2004-09-02 03:00 735744 ----a-w c:\windows\system32\ntdll.dll 2009-02-06 16:52 . 2009-02-06 16:52 49504 ----a-w c:\windows\system32\sirenacm.dll 2009-02-06 10:39 . 2004-09-02 03:00 35328 ----a-w c:\windows\system32\sc.exe 2009-02-03 19:59 . 2004-09-02 03:00 56832 ----a-w c:\windows\system32\secur32.dll 2007-11-28 20:13 . 2008-06-16 17:56 67696 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2007-11-28 20:13 . 2008-06-16 17:56 54376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2007-11-28 20:13 . 2008-06-16 17:56 34952 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2007-11-28 20:13 . 2008-06-16 17:56 46720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2007-11-28 20:13 . 2008-06-16 17:56 172144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((( SnapShot@2009-04-28_16.35.21 ))))))))))))))))))))))))))))))))))))))))) . + 2009-05-02 11:51 . 2009-05-02 11:51 16384 c:\windows\Temp\Perflib_Perfdata_b4c.dat + 2009-05-02 11:53 . 2009-05-02 11:53 16384 c:\windows\Temp\Perflib_Perfdata_1594.dat - 2008-12-23 22:37 . 2009-04-18 09:37 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe + 2008-12-23 22:37 . 2009-04-29 20:00 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe - 2008-12-23 22:37 . 2009-04-18 09:37 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe + 2008-12-23 22:37 . 2009-04-29 20:00 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe - 2008-12-23 22:37 . 2009-04-18 09:37 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe + 2008-12-23 22:37 . 2009-04-29 20:00 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe + 2008-12-23 22:37 . 2009-04-29 20:00 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe - 2008-12-23 22:37 . 2009-04-18 09:37 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe + 2008-12-23 22:37 . 2009-04-29 20:00 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe - 2008-12-23 22:37 . 2009-04-18 09:37 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe + 2008-12-23 22:37 . 2009-04-29 20:00 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe - 2008-12-23 22:37 . 2009-04-18 09:37 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe + 2008-12-23 22:37 . 2009-04-29 20:00 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe - 2008-12-23 22:37 . 2009-04-18 09:37 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe - 2008-12-23 22:37 . 2009-04-18 09:37 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe + 2008-12-23 22:37 . 2009-04-29 20:00 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Tracks Eraser Pro"="c:\program files\Acesoft\Tracks Eraser Pro\te.exe" [2003-11-03 276992] "FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-22 1591808] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-21 39408] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032] "ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-03-24 1488112] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512] "preload"="c:\windows\RUNXMLPL.exe" [2005-05-19 32768] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016] "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-09-02 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-09-02 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-02 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-02 455168] "Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-06-07 208896] "eLockMonitor"="c:\acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe" [2006-03-31 16384] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 345088] "eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-23 136600] "Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2006-07-19 94208] "PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 222208] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-09-11 218032] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960] "ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-07-18 438272] "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2007-09-25 93208] "APVXDWIN"="c:\program files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE" [2008-12-03 869632] "SCANINICIO"="c:\program files\Panda Security\Panda Global Protection 2009\Inicio.exe" [2008-07-07 50432] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240] "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472] "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-04-21 91432] "SteelSeries World of Warcraft MMO Gaming Mouse"="d:\games\World of Warcraft\WoWMHID.exe" [2009-02-27 299008] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 52848] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-07-21 16261632] "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2006-07-19 94208] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2007-1-1 45056] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-1-4 671744] BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-6-7 553021] Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2006-12-5 421888] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] 2008-03-18 14:58 58672 ----a-w c:\windows\system32\avldr.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]R\[u]0[/u]\[u]0[/u]A\[u]0[/u]????????????????????????????????n\[u]0[/u]\[u]0[/u]\[u]0[/u]\[u]0[/u]???????\[u]0[/u]\[u]0[/u]\[u]0[/u]\[u]0[/u]???????\[u]0[/u]\[u]0[/u]\[u]0[/u]\[u]0[/u]???????\[u]0[/u]\[u]0[/u]\[u]0[/u]\[u]0[/u]???????\[u]0[/u]\[u]0[/u]\[u]0[/u] \[u]0[/u]?????? [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Games\\World of Warcraft\\WoW-1.12.0-enGB-downloader.exe"= "d:\\Games\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Sony\\Media Manager for PSP 2.0\\MediaManager.exe"= "d:\\Games\\World of Warcraft\\Repair.exe"= "d:\\Games\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R3 35bb5678-2089-4364-89a9-45f8195fb0e9;35bb5678-2089-4364-89a9-45f8195fb0e9; [x] R3 3f1e5fd8-2c4b-4c48-8288-0e704e92a69e;3f1e5fd8-2c4b-4c48-8288-0e704e92a69e; [x] R3 epindd;epindd;c:\windows\system32\drivers\epindd.sys [2006-01-12 8448] R3 flash;flash;c:\windows\system32\drivers\flash.sys [2005-11-17 8064] R3 GTPTSER;GT PT SER;c:\windows\system32\DRIVERS\gtptser.sys [2007-03-28 8064] R3 GTUQBUS;GT UQ BUS;c:\windows\system32\DRIVERS\gtuqbus.sys [2007-03-28 36992] R3 Mo3Fltr;MMO Mouse;c:\windows\system32\drivers\Mo3Fltr.sys [2008-04-15 11136] S0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot.sys [2008-06-19 28544] S1 APPFLT;App Filter Plugin;c:\windows\system32\Drivers\APPFLT.SYS [2008-06-25 73728] S1 DSAFLT;DSA Filter Plugin;c:\windows\system32\Drivers\DSAFLT.SYS [2008-06-18 52992] S1 FNETMON;NetMon Filter Plugin;c:\windows\system32\Drivers\fnetmon.SYS [2008-03-28 22072] S1 IDSFLT;Ids Filter Plugin;c:\windows\system32\Drivers\IDSFLT.SYS [2008-06-18 193792] S1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\Drivers\NETFLTDI.SYS [2008-07-11 12:58 158848] S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2008-03-04 41144] S1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\Drivers\WNMFLT.SYS [2008-06-18 46720] S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\[u]0[/u]00.fcl [2008-10-07 18:31 61424] S2 BRA_Scheduler;Brother BRAdminPro Scheduler;c:\program files\Brother\BRAdmin Professional 3\bratimer.exe [2007-09-03 65536] S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;c:\windows\system32\eLock2BurnerLockDriver.sys [2006-06-08 17664] S2 eLock2FSCTLDriver;eLock2FSCTLDriver;c:\windows\system32\eLock2FSCTLDriver.sys [2006-06-06 90112] S2 Gwmsrv;Panda Goodware Cache Manager; [x] S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-11-14 596336] S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-11-14 596336] S2 LBeepKE;LBeepKE;c:\windows\system32\Drivers\LBeepKE.sys [2006-09-01 3712] S2 LockServ;LockServ;c:\acer\Empowering Technology\eLock\LockServ.exe [2006-06-28 520192] S2 PavProc;Panda Process Protection Driver;c:\windows\system32\DRIVERS\PavProc.sys [2008-02-07 179640] S2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Global Protection 2009\PskSvc.exe [2008-06-25 28928] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-04-28 101936] S3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\DRIVERS\neti1634.sys [2008-06-26 197888] S3 PavTPK.sys;PavTPK.sys; [x] --- Andere Services/Drivers In Geheugen --- *Deregistered* - ComFiltr [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] panda REG_MULTI_SZ Gwmsrv [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c90376e-0be4-11de-81bf-0016cf6dabe1}] \Shell\AutoRun\command - F:\LaunchU3.exe -a . Inhoud van de 'Gedeelde Taken' map 2009-04-10 c:\windows\Tasks\Norton Security Scan.job - c:\program files\Norton Security Scan\Nss.exe [2007-09-18 21:42] 2009-04-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-05-02 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 15:04] 2009-04-28 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 15:04] 2009-04-07 c:\windows\Tasks\Basis-opruiming.job - c:\program files\Panda Security\Panda Global Protection 2009\PlaTasks.exe [2008-12-23 15:55] 2009-04-17 c:\windows\Tasks\Norton AntiVirus - Volledige systeemscan uitvoeren - Lars.job - c:\progra~1\NORTON~2\Navw32.exe [2005-10-21 15:34] . . ------- Bijkomende Scan ------- . uStart Page = about:blank uSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms} mStart Page = hxxp://www.google.be/ mSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms} uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local; uInternet Settings,ProxyServer = http=localhost:7171 uSearchURL,(Default) = hxxp://g.msn.be/0SENLBE/SAOS01?FORM=TOOLBR IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - c:\documents and settings\Lars\Application Data\Mozilla\Firefox\Profiles\am9cx2eg.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://search.bearshare.com/be/ FF - prefs.js: network.proxy.http - localhost FF - prefs.js: network.proxy.http_port - 7171 FF - prefs.js: network.proxy.type - 1 FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll . . ------- Bestandsassociaties ------- . JSEFile=NOTEPAD.EXE %1 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-02 14:27 Windows 5.1.2600 Service Pack 3 FAT NTAPI scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(1136) c:\windows\system32\avldr.dll - - - - - - - > 'explorer.exe'(1940) c:\windows\system32\MSNCHATHOOK.DLL c:\windows\system32\sysenv.dll c:\windows\system32\CryptoAPI.dll c:\windows\system32\MFC71U.DLL c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\acer\Empowering Technology\ePower\SysHook.dll . Voltooingstijd: 2009-05-02 14:30 ComboFix-quarantined-files.txt 2009-05-02 12:30 ComboFix2.txt 2009-04-29 18:16 ComboFix3.txt 2009-04-28 16:37 Pre-Run: 29.561.290.752 bytes beschikbaar Post-Run: 29.555.654.656 bytes beschikbaar 307 --- E O F --- 2009-04-29 20:00