ComboFix 09-05-02.4 - Administrator 03-05-2009 18:15.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1015.633 [GMT 2:00] Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe AV: Norman Security Suite ver. 7.00 *On-access scanning enabled* (Updated) FW: Persoonlijke firewall *enabled* . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\uniq.tll . (((((((((((((((((((( Bestanden Gemaakt van 2009-04-03 to 2009-05-03 )))))))))))))))))))))))))))))) . 2009-05-02 17:14 . 2009-05-02 17:14 -------- d-----w c:\documents and settings\Administrator\Application Data\Move Networks 2009-04-22 10:54 . 2009-04-22 10:54 -------- d-----w c:\documents and settings\NetworkService\Mijn documenten 2009-04-20 11:23 . 2009-04-20 11:23 -------- d-----w c:\documents and settings\Administrator\Application Data\Sony 2009-04-20 11:23 . 2009-04-20 11:23 -------- d-----w c:\documents and settings\All Users\Application Data\Sony 2009-04-20 11:22 . 2009-04-20 11:22 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Sony 2009-04-20 11:20 . 2009-04-20 11:20 -------- d-----w c:\program files\Common Files\Sony Shared 2009-04-20 11:20 . 2009-04-20 11:20 -------- d-----w c:\program files\Sony 2009-04-20 11:06 . 2009-04-20 11:06 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Sony Ericsson 2009-04-20 11:05 . 2009-04-20 11:07 -------- d-----w c:\program files\Avanquest update 2009-04-20 11:05 . 2009-04-20 11:05 -------- d-----w c:\documents and settings\All Users\Application Data\BVRP Software 2009-04-20 10:45 . 2008-06-04 06:34 10792 ----a-w c:\windows\system32\drivers\s1018cr.sys 2009-04-20 10:45 . 2008-06-04 06:34 117544 ----a-w c:\windows\system32\drivers\s1018unic.sys 2009-04-20 10:45 . 2008-06-04 06:34 115368 ----a-w c:\windows\system32\drivers\s1018mgmt.sys 2009-04-20 10:45 . 2008-06-04 06:34 111784 ----a-w c:\windows\system32\drivers\s1018obex.sys 2009-04-20 10:45 . 2008-06-04 06:34 25768 ----a-w c:\windows\system32\drivers\s1018nd5.sys 2009-04-20 10:45 . 2008-06-04 06:34 12200 ----a-w c:\windows\system32\drivers\s1018cm.sys 2009-04-20 10:45 . 2008-06-04 06:34 12200 ----a-w c:\windows\system32\drivers\s1018cmnt.sys 2009-04-20 10:45 . 2008-06-04 06:34 15016 ----a-w c:\windows\system32\drivers\s1018mdfl.sys 2009-04-20 10:45 . 2008-06-04 06:34 122024 ----a-w c:\windows\system32\drivers\s1018mdm.sys 2009-04-20 10:45 . 2008-06-04 06:34 90408 ----a-w c:\windows\system32\drivers\s1018bus.sys 2009-04-20 10:45 . 2008-06-04 06:34 12200 ----a-w c:\windows\system32\drivers\s1018wh.sys 2009-04-20 10:45 . 2008-06-04 06:34 12200 ----a-w c:\windows\system32\drivers\s1018whnt.sys 2009-04-20 10:44 . 2009-04-20 11:20 -------- d-----w c:\program files\Sony Ericsson 2009-04-20 10:44 . 2009-04-20 10:44 -------- d-----w c:\documents and settings\All Users\Application Data\Sony Ericsson 2009-04-20 10:44 . 2009-04-20 10:44 -------- d-----w c:\documents and settings\Administrator\Application Data\InstallShield 2009-04-16 23:45 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-16 23:45 . 2009-03-06 14:23 285696 ------w c:\windows\system32\dllcache\pdh.dll 2009-04-16 23:45 . 2009-02-09 11:27 111104 ------w c:\windows\system32\dllcache\services.exe 2009-04-16 23:45 . 2009-02-09 10:56 401408 ------w c:\windows\system32\dllcache\rpcss.dll 2009-04-16 23:45 . 2009-02-09 10:56 473600 ------w c:\windows\system32\dllcache\fastprox.dll 2009-04-16 23:45 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe 2009-04-16 23:45 . 2009-02-09 10:56 684544 ------w c:\windows\system32\dllcache\advapi32.dll 2009-04-16 23:45 . 2009-02-09 10:56 734208 ------w c:\windows\system32\dllcache\lsasrv.dll 2009-04-16 23:45 . 2009-02-09 10:56 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-16 23:45 . 2009-02-09 10:56 735744 ------w c:\windows\system32\dllcache\ntdll.dll 2009-04-16 23:42 . 2008-04-21 21:16 218624 ------w c:\windows\system32\dllcache\wordpad.exe 2009-04-12 16:25 . 2009-05-01 00:15 -------- d-----w c:\documents and settings\Gast\Tracing . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-03 16:21 . 2009-03-07 19:33 968 ----a-w c:\windows\Tasks\Google Software Updater.job 2009-05-03 16:21 . 2009-03-07 19:35 896 ----a-w c:\windows\Tasks\GoogleUpdateTaskMachine.job 2009-05-03 16:20 . 2004-09-08 07:58 6 ---ha-w c:\windows\Tasks\SA.DAT 2009-05-03 16:20 . 2008-10-11 17:05 -------- d-----w c:\program files\Norman 2009-05-02 19:38 . 2009-02-02 19:38 50688 --sha-w c:\windows\system32\jowudosu.exe 2009-04-25 23:38 . 2008-10-11 18:10 0 ----a-w c:\windows\system32\drivers\lvuvc.hs 2009-04-24 18:03 . 2008-10-08 16:26 -------- d-----w c:\program files\DivX 2009-04-22 11:32 . 2009-02-24 11:01 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-04-21 20:31 . 2008-10-15 22:57 284 ----a-w c:\windows\Tasks\AppleSoftwareUpdate.job 2009-04-20 11:52 . 2008-10-17 02:07 36096 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-20 11:47 . 2006-08-21 18:20 -------- d-----w c:\program files\Common Files\Adobe 2009-04-20 11:18 . 2004-09-08 07:54 85008 ----a-w c:\windows\system32\perfc013.dat 2009-04-20 11:18 . 2004-09-08 07:54 477944 ----a-w c:\windows\system32\perfh013.dat 2009-04-20 11:05 . 2006-08-21 18:06 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-12 18:52 . 2008-11-09 14:23 35016 -c--a-w c:\documents and settings\Gast\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-06 13:32 . 2009-02-24 11:01 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-06 13:32 . 2009-02-24 11:01 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-04 14:03 . 2009-03-29 17:03 -------- d-----w c:\program files\Everest Poker 2009-03-29 10:02 . 2009-03-29 10:00 -------- d-----w c:\program files\Microsoft 2009-03-29 10:02 . 2008-10-10 20:48 -------- d-----w c:\program files\Windows Live 2009-03-29 10:02 . 2009-03-29 10:02 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition 2009-03-29 10:00 . 2009-03-29 10:00 -------- d-----w c:\program files\Windows Live SkyDrive 2009-03-28 06:28 . 2009-03-28 06:28 -------- d-----w c:\program files\Common Files\Windows Live 2009-03-10 17:33 . 2008-10-08 12:48 -------- d-----w c:\program files\Google 2009-03-07 22:32 . 2009-03-07 22:32 -------- d-----w c:\program files\Microsoft Silverlight 2009-03-06 14:23 . 2004-08-04 08:00 285696 ----a-w c:\windows\system32\pdh.dll 2009-03-03 00:16 . 2004-08-04 08:00 826368 ----a-w c:\windows\system32\wininet.dll 2009-02-20 17:18 . 2004-08-04 08:00 78336 ----a-w c:\windows\system32\ieencode.dll 2009-02-09 14:08 . 2004-08-04 08:00 1846912 ----a-w c:\windows\system32\win32k.sys 2009-02-09 11:27 . 2004-08-04 08:00 2028544 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-09 11:27 . 2004-08-04 08:00 2149888 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-09 11:27 . 2004-08-04 08:00 111104 ----a-w c:\windows\system32\services.exe 2009-02-09 10:56 . 2004-08-04 08:00 734208 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 10:56 . 2004-08-04 08:00 684544 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 10:56 . 2004-08-04 08:00 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 10:56 . 2004-08-04 08:00 735744 ----a-w c:\windows\system32\ntdll.dll 2009-02-06 17:55 . 2009-02-06 17:55 308616 ----a-w c:\windows\WLXPGSS.SCR 2009-02-06 16:52 . 2009-02-06 16:52 49504 ----a-w c:\windows\system32\sirenacm.dll 2009-02-06 10:39 . 2004-08-04 08:00 35328 ----a-w c:\windows\system32\sc.exe 2009-02-05 12:51 . 2009-02-05 12:52 410984 ----a-w c:\windows\system32\deploytk.dll 2009-02-03 19:59 . 2004-08-04 08:00 56832 ----a-w c:\windows\system32\secur32.dll 2008-10-08 13:09 . 2008-10-08 13:09 22 -csha-w c:\windows\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-08 393216] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-05 136600] "PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 122880] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-31 122940] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-10 761945] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656] "CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 131072] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960] "Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-01-23 802816] "Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-02-15 892928] "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 184320] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "ScreenPrint32"="c:\program files\ScreenPrint32 v3\ScreenPrint32.exe" [2003-05-15 446464] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-20 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-20 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-20 137752] "Norman ZANDA"="c:\program files\Norman\Npm\Bin\ZLH.EXE" [2009-02-11 187504] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 63712] "MsmqIntCert"="mqrt.dll" - c:\windows\system32\mqrt.dll [2008-04-14 177152] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Administrator\Menu Start\Programma's\Opstarten\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-2-15 581693] DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-10-8 184320] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-10-11 67128] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] 2005-07-25 18:41 40960 ----a-w c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli AsWlnPkg [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "c:\\WINDOWS\\SMINST\\Scheduler.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"= "c:\\Program Files\\Common Files\\LogiShrd\\LVCOMSER\\LVComSer.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "63095:UDP"= 63095:UDP:Utorrent "63095:TCP"= 63095:TCP:Utorrent R0 dntrepbx;dntrepbx; [x] R1 NGS;Norman General Security Driver;c:\program files\norman\ngs\bin\ngs.sys [2009-02-11 22712] R2 gupdate1c99f5bd8902d1c;Google Updateservice (gupdate1c99f5bd8902d1c);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-07 133104] R3 NvcMFlt;NvcMFlt;c:\windows\system32\DRIVERS\nvcw32mf.sys [2009-01-22 19512] R3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\Nvc\Bin\nvcoas.exe [2009-02-05 195640] R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2008-06-04 90408] R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2008-06-04 15016] R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2008-06-04 122024] R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2008-06-04 115368] R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2008-06-04 25768] R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2008-06-04 111784] R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2008-06-04 117544] S0 NDIS_RD;Norman Firewall NDIS driver; [x] S1 NPROSEC;Norman Security driver;c:\program files\Norman\Ngs\Bin\nprosec.sys [2008-10-10 53816] S1 TDI_RD;Norman Firewall TDI driver;c:\windows\system32\drivers\TDI_RD.SYS [2008-02-07 74624] S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-04-14 14336] S2 Ndiskio;Ndiskio;c:\program files\Norman\Nse\Bin\NDISKIO.SYS [2007-01-02 20448] S2 NPROSECSVC;Norman Security service;c:\program files\Norman\Ngs\Bin\Nprosec.exe [2009-02-25 121912] S2 NVOY;Norman Resource Provider;c:\program files\Norman\npm\bin\nvoy.exe [2009-01-20 126008] S3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\nse\bin\NSESVC.EXE [2009-03-27 310328] S3 NVCScheduler;Norman Virus Control Scheduler;c:\program files\Norman\Npm\Bin\Nvcsched.exe [2007-09-18 154680] --- Andere Services/Drivers In Geheugen --- *Deregistered* - mchInjDrv [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASChannel . Inhoud van de 'Gedeelde Taken' map 2009-04-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-05-03 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-07 16:26] 2009-05-03 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-07 19:35] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/ uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Verzenden naar &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ptx8i4a9.default\ FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-03 18:27 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ???HZ??????(?@???????@ scannen van verborgen bestanden ... c:\windows\system32\drivers\ovfsthrjkyiyotobmltxwkmrxwrrjlkjbobufr.sys 83968 bytes executable c:\docume~1\ADMINI~1\LOCALS~1\Temp\ovfsthiqqmbsorny.tmp 107520 bytes executable c:\docume~1\ADMINI~1\LOCALS~1\Temp\ovfsthwmcxtbxbvt.tmp 343040 bytes executable c:\docume~1\ADMINI~1\LOCALS~1\Temp\ovfsthx000 0 bytes c:\docume~1\ADMINI~1\LOCALS~1\Temp\ovfsthymdeqdsigw.tmp 133632 bytes executable c:\windows\system32\ovfsthoiqhdlfohamexkobovliwqywmchnhvqv.dll 18432 bytes executable c:\windows\system32\ovfsthpfdsndxlehoocmauillfowshhmfoalxh.dll 18944 bytes executable c:\windows\system32\ovfsthqdixvcoulirqlbjusvxitrjvbpcjcxqg.dat 43 bytes c:\windows\system32\ovfsthrcmyuunixfumhltoifhvmgrvkgiyxecl.dat 19235 bytes c:\windows\system32\ovfsthuaqgodpmuybhkvjdcsyampdbmkolqult.dll 60928 bytes executable Scan succesvol afgerond verborgen bestanden: 10 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(988) c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll c:\program files\HPQ\IAM\Bin\ASChnl.dll c:\program files\HPQ\IAM\Bin\ItMsg.dll - - - - - - - > 'lsass.exe'(1044) c:\program files\HPQ\IAM\bin\AsWlnPkg.dll - - - - - - - > 'explorer.exe'(6708) c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll c:\program files\Norman\nvc\bin\Niphk.dll c:\program files\HPQ\IAM\Bin\SFSShell.dll c:\program files\HPQ\IAM\bin\ItMsg.dll c:\windows\system32\msls31.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\program files\WIDCOMM\Bluetooth Software\btkeyind.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Norman\Npm\Bin\elogsvc.exe c:\windows\system32\dllhost.exe c:\program files\Norman\Npm\Bin\Zanda.exe c:\program files\Norman\npf\bin\npfsvc32.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\windows\system32\msdtc.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\windows\system32\mqsvc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\progra~1\HPQ\IAM\Bin\asghost.exe c:\windows\system32\mqtgsvc.exe c:\program files\Norman\Npm\Bin\Njeeves.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\Norman\npf\bin\npfuser.exe c:\windows\system32\igfxsrvc.exe c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe c:\program files\iPod\bin\iPodService.exe c:\progra~1\HPQ\Shared\HPQTOA~1.EXE c:\program files\Norman\nvc\bin\Nip.exe c:\windows\system32\wscntfy.exe c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe . ************************************************************************** . Voltooingstijd: 2009-05-03 18:30 - machine werd herstart ComboFix-quarantined-files.txt 2009-05-03 16:29 ComboFix2.txt 2009-02-24 09:13 Pre-Run: 11.139.661.824 bytes beschikbaar Post-Run: 12.772.573.184 bytes beschikbaar 301 --- E O F --- 2009-04-30 09:27