ComboFix 11-02-06.02 - Abdel 08-02-2011 0:41.6.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.383.154 [GMT 1:00] Gestart vanuit: c:\documents and settings\Abdel\Mijn documenten\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Abdel\Bureaublad\CFScript.txt AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393} FILE :: "c:\program files\Common Files\Windows Live\.cache\wlcC.tmp" "c:\windows\DUMP97bb.tmp" "c:\windows\system32\ConduitEngine.tmp" . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\McAfee c:\documents and settings\All Users\Application Data\McAfee\MCLOGS\Common\McCHSvc\McCHSvc000.log c:\documents and settings\All Users\Application Data\McAfee\MCLOGS\McUICnt\McUICnt\McUICnt000.log c:\documents and settings\All Users\Application Data\McAfee\MCLOGS\PartnerCustom\McCHSvc\McCHSvc000.log c:\documents and settings\All Users\Application Data\McAfee\MCLOGS\PartnerCustom\McUICnt\McUICnt000.log c:\documents and settings\All Users\Application Data\McAfee\MCLOGS\PartnerCustom\SSScheduler\SSScheduler000.log c:\documents and settings\All Users\Application Data\McAfee\MCLOGS\SecurityScanner\McUICnt\McUICnt000.log c:\documents and settings\LocalService\Application Data\McAfee c:\documents and settings\LocalService\Application Data\McAfee\sacore\sacore.db c:\documents and settings\LocalService\Application Data\McAfee\sacore\sacore_cache.db c:\program files\ConduitEngine c:\program files\ConduitEngine\appContextMenu.xml c:\program files\ConduitEngine\ConduitEngine.dll c:\program files\ConduitEngine\ConduitEngineHelper.exe c:\program files\ConduitEngine\engineContextMenu.xml c:\program files\ConduitEngine\EngineSettings.json c:\program files\ConduitEngine\toolbar.cfg c:\windows\TEMP\logishrd\LVPrcInj01.dll . (((((((((((((((((((( Bestanden Gemaakt van 2011-01-08 to 2011-02-08 )))))))))))))))))))))))))))))) . 2011-02-06 05:55 . 2011-02-06 05:55 -------- d-----w- c:\windows\Performance 2011-02-06 05:52 . 2011-02-06 05:52 -------- d-----w- c:\documents and settings\Abdel\Local Settings\Application Data\Microsoft Corporation 2011-02-06 05:39 . 2011-02-06 05:39 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor 2011-02-06 00:24 . 2011-02-07 23:29 -------- d--h--r- c:\documents and settings\Abdel\Onlangs geopend 2011-02-03 06:21 . 2011-02-03 06:21 -------- d-----w- c:\documents and settings\Abdel\Application Data\Malwarebytes 2011-02-03 06:20 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-02-03 06:20 . 2011-02-03 06:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-02-03 06:19 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-02-03 06:19 . 2011-02-03 06:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-02-01 10:49 . 2011-02-01 10:49 -------- d-----w- c:\program files\Trend Micro 2011-01-30 07:06 . 2011-01-30 07:06 -------- d-----w- c:\documents and settings\Abdel\Application Data\TwonkyMedia 2011-01-30 07:03 . 2011-01-30 07:03 -------- d-----w- c:\program files\PacketVideo 2011-01-30 07:01 . 2011-02-08 00:14 -------- d-----w- c:\documents and settings\All Users\Application Data\twonkymedia 2011-01-30 05:46 . 2011-01-30 05:46 -------- d-----w- c:\windows\system32\GroupPolicy 2011-01-27 00:15 . 2011-01-27 00:15 -------- d-----w- c:\documents and settings\LocalService\Application Data\Fighters 2011-01-27 00:12 . 2011-01-27 00:13 -------- d-----w- c:\documents and settings\Abdel\Application Data\Fighters 2011-01-26 22:25 . 2011-01-26 22:25 -------- d-----w- c:\documents and settings\Abdel\Application Data\Panda Security 2011-01-23 05:03 . 2011-01-23 05:03 -------- d-----w- c:\program files\FilmFanaticEI 2011-01-19 06:02 . 2011-01-19 06:07 -------- d-----w- c:\documents and settings\Abdel\Application Data\TP 2011-01-16 03:05 . 2011-01-27 00:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Fighters 2011-01-16 03:04 . 2011-01-27 00:14 -------- d-----w- c:\program files\Fighters 2011-01-15 09:24 . 2011-01-15 09:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security 2011-01-15 09:23 . 2011-01-15 09:23 -------- d-----w- c:\program files\Panda Security 2011-01-14 19:54 . 2011-01-14 19:54 84718440 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlcC.tmp 2011-01-12 08:44 . 2011-01-12 08:44 -------- d-----w- c:\documents and settings\Abdel\Application Data\Uniblue 2011-01-12 08:43 . 2011-01-12 08:43 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4} 2011-01-12 08:42 . 2011-01-12 08:42 -------- d-----w- c:\program files\Uniblue 2011-01-12 08:37 . 2011-01-12 08:37 -------- d-----w- c:\documents and settings\Abdel\Local Settings\Application Data\PackageAware 2011-01-12 07:30 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys 2011-01-12 07:13 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe 2011-01-12 06:18 . 2011-01-12 10:11 -------- d-----w- c:\documents and settings\Abdel\Local Settings\Application Data\ConduitEngine 2011-01-12 06:16 . 2011-01-12 06:16 0 ----a-w- c:\windows\system32\ConduitEngine.tmp 2011-01-12 02:41 . 2008-04-14 18:02 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll 2011-01-12 02:41 . 2008-04-14 18:02 21504 ----a-w- c:\windows\system32\hidserv.dll 2011-01-12 02:40 . 2001-09-06 18:04 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys 2011-01-12 02:40 . 2001-09-06 18:04 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys 2011-01-12 02:40 . 2008-04-14 17:39 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2011-01-12 02:40 . 2008-04-14 17:39 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2011-01-12 02:40 . 2008-04-13 19:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys 2011-01-12 02:40 . 2008-04-13 19:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-01-27 00:45 . 2007-12-15 19:26 90112 ----a-w- c:\windows\DUMP97bb.tmp 2010-12-16 17:39 . 2010-12-16 17:39 365888 ----a-w- c:\windows\system32\PSUNCpl.cpl 2010-12-16 17:12 . 2010-12-16 17:12 113096 ----a-w- c:\windows\system32\drivers\PSINProt.sys 2010-12-16 17:12 . 2010-12-16 17:12 111944 ----a-w- c:\windows\system32\drivers\PSINProc.sys 2010-12-16 17:12 . 2010-12-16 17:12 130376 ----a-w- c:\windows\system32\drivers\PSINKNC.sys 2010-12-16 17:12 . 2010-12-16 17:12 97352 ----a-w- c:\windows\system32\drivers\PSINFile.sys 2010-12-16 17:12 . 2010-12-16 17:12 141768 ----a-w- c:\windows\system32\drivers\PSINAflt.sys 2010-11-18 18:15 . 2007-12-15 18:59 86016 ----a-w- c:\windows\system32\isign32.dll 2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon] @="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}" [HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}] 2010-12-16 17:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon] @="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}" [HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}] 2010-12-16 17:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408] "VoipBuster"="c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe" [2011-01-12 12948272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2010-04-28 647528] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-14 57344] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008] "Hiyo"="c:\program files\HiYo\bin\HiYo.exe" [2010-06-20 255344] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-13 202256] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608] "DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360] "PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-12-16 423232] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * [HKLM\~\startupfolder\C:^Documents and Settings^Abdel^Menu Start^Programma's^Opstarten^Adobe Media Player.lnk] path=c:\documents and settings\Abdel\Menu Start\Programma's\Opstarten\Adobe Media Player.lnk backup=c:\windows\pss\Adobe Media Player.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Abdel^Menu Start^Programma's^Opstarten^OpenOffice.org 3.0 .lnk] path=c:\documents and settings\Abdel\Menu Start\Programma's\Opstarten\OpenOffice.org 3.0 .lnk backup=c:\windows\pss\OpenOffice.org 3.0 .lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer] c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2005-07-14 13:09 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-01-11 21:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-06-27 18:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2008-04-14 17:02 15360 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE] 2008-02-12 06:40 958464 ----a-w- c:\program files\Labtec\Desktop\V5.1\MOffice.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-04-02 14:11 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2008-08-14 16:15 2407184 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2010-06-01 08:17 5252408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia FastStart] 2009-02-26 15:04 2376992 ----a-w- c:\program files\Nokia\Nokia Music\NokiaMusic.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OFFICEKB] 2008-02-12 06:40 387584 ----a-w- c:\program files\Labtec\Desktop\V5.1\KBDAP32A.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2004-11-02 19:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection] 2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM] 2009-05-20 13:11 111928 ----a-r- c:\program files\SweetIM\Messenger\SweetIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2010-03-13 15:01 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymedia.exe"= "c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymediaserver.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Documents and Settings\\Abdel\\Application Data\\HiYo\\Data\\hiyo_install.exe"= R2 gupdate1c9bcd1df11ba3c;Google Updateservice (gupdate1c9bcd1df11ba3c);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-14 133104] R3 Common Toolkit Tools;Common Toolkit Tools;c:\program files\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe [2011-01-18 121480] R3 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [2010-01-09 38976] R3 PSSDKLBF;PSSDKLBF;c:\windows\system32\Drivers\pssdklbf.sys [2010-01-09 53312] S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2010-12-16 130376] S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-12-16 140608] S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2010-12-16 141768] S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2010-12-16 97352] S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2010-12-16 111944] S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2010-12-16 113096] S2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [2011-01-18 1143944] S2 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe [2008-10-20 102400] . Inhoud van de 'Gedeelde Taken' map 2010-10-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2011-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-14 07:22] 2011-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-14 07:22] 2011-02-08 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07] 2011-02-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1844237615-1085031214-725345543-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09] 2011-02-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1844237615-1085031214-725345543-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09] 2011-02-08 c:\windows\Tasks\RegistryBooster.job - c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-12-27 08:44] 2011-02-08 c:\windows\Tasks\SLOW-PCfighter-Abdel-Startup.job - c:\program files\Fighters\SLOW-PCfighter\SLOW-PCfighter.exe [2010-11-17 13:32] 2011-02-07 c:\windows\Tasks\User_Feed_Synchronization-{8E8BFBBB-0D6A-4110-A535-34224D2826E0}.job - c:\windows\system32\msfeedssync.exe [2007-12-15 02:31] . . ------- Bijkomende Scan ------- . mStart Page = hxxp://www.yahoo.com mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr10/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr10/*http://www.yahoo.com IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-08 01:17 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\*–€|ÿÿÿÿ;•€|é•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" [HKEY_LOCAL_MACHINE\software\T*w*o*n*k*y*B*e*a*m*"!\Internet Explorer] "Path"="c:\\Program Files\\PacketVideo\\TwonkyBeam\\Internet Explorer" "Language"="1043" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(848) c:\windows\System32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(6480) c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCP80.dll c:\program files\Windows Media Player\wmpband.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\webcheck.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\virusfighter\Bin\Zanda.exe c:\program files\Raxco\PerfectDisk\PDAgent.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMediaServer.exe c:\windows\System32\Ati2evxx.exe c:\windows\system32\WgaTray.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Voltooingstijd: 2011-02-08 02:23:21 - machine werd herstart ComboFix-quarantined-files.txt 2011-02-08 01:21 ComboFix2.txt 2011-02-07 10:37 ComboFix3.txt 2011-02-06 08:50 ComboFix4.txt 2011-02-05 23:51 ComboFix5.txt 2011-02-07 23:36 Pre-Run: 49.114.148.864 bytes beschikbaar Post-Run: 49.152.622.592 bytes beschikbaar - - End Of File - - 235ABA394A7C56AFA17312568E6080B5