traag

[Jean-Pierre]

Even wachten tot kape de verdere stappen aan geeft,dit om misverstanden te vermijden.;-)

[kape]

Laat CCleaner nog maar eventjes wachten.

Download Combofix naar je Bureaublad.

Lees hier meer over correct gebruik van Combofix.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

• Dubbelklik op Combofix.exe om het te starten.
  Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
  Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
  Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
  Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
  Klik na afloop terug op Ja om het scannen op malware te starten.
  Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
  

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.

[onny]

doen we...

[onny]

sorry ik krijg mijn antivirus niet weg...

[kape]

sorry ik krijg mijn antivirus niet weg...

Voer het dan even uit met aangeschakelde scanner. Dan bekijken we het zo wel !

[onny]

waarom kan ik combofix niet downloaden...

[kape]

waarom kan ik combofix niet downloaden...

Krijg je een foutmelding bij het downloaden ? Zet de juiste tekst hiervan dan eens in een volgende bericht ?

[onny]

You cannot rename CombiFix as CombiFix{1}

Please use another name, preferbaly made up of alphanumeric characters.

[kape]

You cannot rename CombiFix as CombiFix{1}

Please use another name, preferbaly made up of alphanumeric characters.

Dan heb je vermoedelijk onmiddelijk op "uitvoeren" geklikt. Het is echter de bedoeling om ComboFix eerst te downloaden naar het bureaublad en dan met de rode snelkoppeling op te starten.

[onny]

ComboFix 10-05-04.06 - Onny 05-05-2010 14:10:47.1.1 - x86

Running from: c:\documents and settings\Onny\My Documents\My Received Files\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Altnet

c:\program files\Altnet\Download Manager\dminfo3.cab

c:\program files\Altnet\Download Manager\dminstall7.cab

c:\program files\Altnet\Download Manager\dmsetup.bmp

c:\program files\Altnet\Download Manager\dmsetupbig.bmp

c:\program files\Altnet\Download Manager\jsinstall.cab

c:\program files\Altnet\Download Manager\jslegals.txt

c:\program files\Altnet\Download Manager\selectdir.txt

c:\program files\Altnet\Download Manager\selectdir1st.txt

c:\program files\Altnet\Points Manager\LocalPages\altnet.css

c:\program files\Altnet\Points Manager\LocalPages\gradient.gif

c:\program files\Altnet\Points Manager\LocalPages\local_firstuse.html

c:\program files\Altnet\Points Manager\LocalPages\local_points.html

c:\program files\Altnet\Points Manager\LocalPages\local_redeem.html

c:\program files\Altnet\Points Manager\LocalPages\local_start.html

c:\program files\Altnet\Points Manager\LocalPages\local_wallet.html

c:\program files\Altnet\Points Manager\LocalPages\notconnected.gif

c:\program files\Altnet\Points Manager\LocalPages\offline.gif

c:\program files\Altnet\Points Manager\LocalPages\pixel.gif

c:\program files\Altnet\Points Manager\settings.cab

c:\program files\Altnet\Points Manager\setup.cab

c:\program files\Altnet\Points Manager\Skin\back-over.bmp

c:\program files\Altnet\Points Manager\Skin\back.bmp

c:\program files\Altnet\Points Manager\Skin\bottom.bmp

c:\program files\Altnet\Points Manager\Skin\bottomleft.bmp

c:\program files\Altnet\Points Manager\Skin\bottomright.bmp

c:\program files\Altnet\Points Manager\Skin\close-over.bmp

c:\program files\Altnet\Points Manager\Skin\close.bmp

c:\program files\Altnet\Points Manager\Skin\forward-over.bmp

c:\program files\Altnet\Points Manager\Skin\forward.bmp

c:\program files\Altnet\Points Manager\Skin\help-bottom.bmp

c:\program files\Altnet\Points Manager\Skin\help-over.bmp

c:\program files\Altnet\Points Manager\Skin\help-sel.bmp

c:\program files\Altnet\Points Manager\Skin\help-top.bmp

c:\program files\Altnet\Points Manager\Skin\help-topleft.bmp

c:\program files\Altnet\Points Manager\Skin\help-topright.bmp

c:\program files\Altnet\Points Manager\Skin\help.bmp

c:\program files\Altnet\Points Manager\Skin\Help.xml

c:\program files\Altnet\Points Manager\Skin\left.bmp

c:\program files\Altnet\Points Manager\Skin\maximise-over.bmp

c:\program files\Altnet\Points Manager\Skin\maximise.bmp

c:\program files\Altnet\Points Manager\Skin\mb_bottom.bmp

c:\program files\Altnet\Points Manager\Skin\mb_bottomleft.bmp

c:\program files\Altnet\Points Manager\Skin\mb_bottomright.bmp

c:\program files\Altnet\Points Manager\Skin\mb_left.bmp

c:\program files\Altnet\Points Manager\Skin\mb_right.bmp

c:\program files\Altnet\Points Manager\Skin\mb_top.bmp

c:\program files\Altnet\Points Manager\Skin\mb_topleft.bmp

c:\program files\Altnet\Points Manager\Skin\mb_topright.bmp

c:\program files\Altnet\Points Manager\Skin\message.xml

c:\program files\Altnet\Points Manager\Skin\minimise-over.bmp

c:\program files\Altnet\Points Manager\Skin\minimise.bmp

c:\program files\Altnet\Points Manager\Skin\points-disabled.bmp

c:\program files\Altnet\Points Manager\Skin\points-over.bmp

c:\program files\Altnet\Points Manager\Skin\points-sel.bmp

c:\program files\Altnet\Points Manager\Skin\points.bmp

c:\program files\Altnet\Points Manager\Skin\redeem-disabled.bmp

c:\program files\Altnet\Points Manager\Skin\redeem-over.bmp

c:\program files\Altnet\Points Manager\Skin\redeem-sel.bmp

c:\program files\Altnet\Points Manager\Skin\redeem.bmp

c:\program files\Altnet\Points Manager\Skin\refresh-over.bmp

c:\program files\Altnet\Points Manager\Skin\refresh.bmp

c:\program files\Altnet\Points Manager\Skin\right.bmp

c:\program files\Altnet\Points Manager\Skin\Sav3BD.tmp

c:\program files\Altnet\Points Manager\Skin\settings-disabled.bmp

c:\program files\Altnet\Points Manager\Skin\settings-over.bmp

c:\program files\Altnet\Points Manager\Skin\settings-sel.bmp

c:\program files\Altnet\Points Manager\Skin\settings.bmp

c:\program files\Altnet\Points Manager\Skin\Skin.xml

c:\program files\Altnet\Points Manager\Skin\start-disabled.bmp

c:\program files\Altnet\Points Manager\Skin\start-over.bmp

c:\program files\Altnet\Points Manager\Skin\start-sel.bmp

c:\program files\Altnet\Points Manager\Skin\start.bmp

c:\program files\Altnet\Points Manager\Skin\top.bmp

c:\program files\Altnet\Points Manager\Skin\topleft-pro.bmp

c:\program files\Altnet\Points Manager\Skin\topleft-reg.bmp

c:\program files\Altnet\Points Manager\Skin\topleft.bmp

c:\program files\Altnet\Points Manager\Skin\topright.bmp

c:\program files\Altnet\Points Manager\Skin\wallet-disabled.bmp

c:\program files\Altnet\Points Manager\Skin\wallet-over.bmp

c:\program files\Altnet\Points Manager\Skin\wallet-sel.bmp

c:\program files\Altnet\Points Manager\Skin\wallet.bmp

c:\program files\Need2Find

c:\program files\Need2Find\bar\1.bin\N2FFXTBR.JAR

c:\program files\Need2Find\bar\1.bin\N2NTSTBR.JAR

c:\program files\Need2Find\bar\1.bin\PARTNER.DAT

c:\program files\Need2Find\bar\Cache\006E0A45

c:\program files\Need2Find\bar\Cache\006E15CF

c:\program files\Need2Find\bar\Cache\006E1941

c:\program files\Need2Find\bar\History\search

c:\program files\Need2Find\bar\Settings\prevcfg.htm

c:\program files\WindowsUpdate

c:\windows\system32\cache329

c:\windows\system32\cache329\B_329_0_0_106800.htm

c:\windows\system32\cache329\B_329_0_0_107400.htm

c:\windows\system32\cache329\B_329_1_0_449200.gif

c:\windows\system32\cache329\B_329_1_0_449600.gif

c:\windows\system32\cache329\B_329_1_0_454300.gif

c:\windows\system32\cache329\B_329_2_0_105300.htm

c:\windows\system32\cache329\B_329_2_0_106800.htm

c:\windows\system32\cache329\B_329_2_0_107400.htm

c:\windows\system32\cache329\B_329_3_0_106800.htm

c:\windows\system32\cache329\B_329_3_0_107400.htm

c:\windows\system32\cache329\B_329_4_0_111600.htm

c:\windows\system32\cache329\B_329_4_0_152400.htm

c:\windows\system32\cache329\B_329_4_0_155300.htm

c:\windows\system32\cache329\B_329_4_0_164100.htm

c:\windows\system32\cache329\t_B_329_0_0_106800.htm

c:\windows\system32\cache329\t_B_329_0_0_107400.htm

c:\windows\system32\cache329\t_B_329_2_0_105300.htm

c:\windows\system32\cache329\t_B_329_2_0_106800.htm

c:\windows\system32\cache329\t_B_329_2_0_107400.htm

c:\windows\system32\cache329\t_B_329_3_0_106800.htm

c:\windows\system32\cache329\t_B_329_3_0_107400.htm

c:\windows\system32\cache329\t_B_329_4_0_111600.htm

c:\windows\system32\cache329\t_B_329_4_0_152400.htm

c:\windows\system32\cache329\t_B_329_4_0_155300.htm

c:\windows\system32\cache329\t_B_329_4_0_164100.htm

c:\windows\system32\P2P Networking

c:\windows\system32\P2P Networking\Cache\Database\file-10000-0x0604868124aa28653d7957c999576c60.sig

c:\windows\system32\P2P Networking\Cache\Database\file-10000-0x8f9aae4c0d3adb98b9c3dbed5d26a54a.sig

c:\windows\system32\P2P Networking\Cache\Database\file-10000-0xd2abff26033f6944cfd18b722e955e43.sig

c:\windows\system32\P2P Networking\Cache\Database\file-10001-116.sig

c:\windows\system32\P2P Networking\Cache\Database\file-10001-4273215634.sig

c:\windows\system32\P2P Networking\Cache\Database\file-1005-1020048.sig

c:\windows\system32\P2P Networking\Cache\Database\index256.dbb

c:\windows\system32\P2P Networking\P2P Networking.eng

.

((((((((((((((((((((((((( Files Created from 2010-04-05 to 2010-05-05 )))))))))))))))))))))))))))))))

.

2010-05-01 20:46 . 2010-05-01 20:46 -------- dc----w- c:\documents and settings\Onny\Application Data\Malwarebytes

2010-05-01 20:46 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-01 20:46 . 2010-05-01 20:46 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-05-01 20:45 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-01 20:45 . 2010-05-01 20:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-01 19:40 . 2010-05-01 19:40 388096 -c--a-r- c:\documents and settings\Onny\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-05-01 19:40 . 2010-05-01 19:40 -------- d-----w- c:\program files\Trend Micro

2010-05-01 16:56 . 2010-05-01 16:56 -------- dc----w- c:\documents and settings\Onny\Application Data\Uniblue

2010-05-01 13:48 . 2010-05-01 13:48 -------- dc----w- c:\documents and settings\All Users\Application Data\Fighters

2010-04-20 23:11 . 2010-04-20 23:11 242696 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys

2010-04-20 23:09 . 2010-04-20 23:09 1689952 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll

2010-04-19 21:28 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll

2010-04-13 16:09 . 2010-04-13 16:09 -------- dc----w- c:\documents and settings\Onny\Local Settings\Application Data\Temp

2010-04-13 16:09 . 2010-04-13 16:09 -------- dc----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

2010-04-13 16:04 . 2010-04-13 16:04 -------- dc----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

2010-04-13 15:59 . 2010-04-13 15:57 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-04-13 15:37 . 2010-04-13 15:37 152576 -c--a-w- c:\documents and settings\Onny\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2010-04-13 15:35 . 2010-04-13 15:35 79488 -c--a-w- c:\documents and settings\Onny\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2010-04-07 16:30 . 2010-04-07 16:30 4255072 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-05 13:10 . 2007-03-30 14:06 3484 ----a-w- c:\windows\system32\d3d9caps.dat

2010-05-05 13:09 . 2010-03-12 16:20 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-05-04 16:01 . 2007-06-09 10:24 -------- dc----w- c:\documents and settings\All Users\Application Data\Google Updater

2010-05-03 17:00 . 2010-03-28 03:46 -------- dc----w- c:\documents and settings\All Users\Application Data\avg9

2010-04-20 23:10 . 2008-11-27 17:08 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-04-13 16:03 . 2007-03-07 16:36 -------- d-----w- c:\program files\Google

2010-04-13 15:56 . 2007-06-09 17:29 -------- d-----w- c:\program files\Java

2010-04-02 20:34 . 2007-03-07 18:44 3260 ----a-w- c:\windows\system32\d3d8caps.dat

2010-04-02 20:22 . 2010-04-02 20:22 2229 ----a-w- c:\windows\system32\0178.vbs

2010-04-02 20:05 . 2010-04-02 15:50 -------- dc----w- c:\documents and settings\Onny\Application Data\LimeWire

2010-04-02 15:46 . 2010-04-02 15:36 -------- d-----w- c:\program files\LimeWire

2010-04-02 15:37 . 2010-04-02 15:37 -------- d-----w- c:\program files\Common Files\Java

2010-03-28 21:08 . 2010-03-28 21:08 -------- d-----w- c:\program files\3dfx Interactive

2010-03-28 07:34 . 2010-03-28 07:34 -------- d-----w- c:\program files\MSXML 4.0

2010-03-28 04:01 . 2008-11-27 17:07 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-03-28 04:01 . 2008-11-27 17:07 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-03-28 04:00 . 2008-11-27 17:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-03-28 03:47 . 2008-11-27 17:06 -------- d-----w- c:\program files\AVG

2010-03-28 02:12 . 2010-03-28 02:12 -------- dc----w- c:\documents and settings\Onny\Application Data\Nero

2010-03-28 02:05 . 2010-03-28 02:00 -------- d-----w- c:\program files\Common Files\Nero

2010-03-28 02:00 . 2010-03-28 02:00 -------- dc----w- c:\documents and settings\All Users\Application Data\Nero

2010-03-28 02:00 . 2010-03-28 02:00 -------- d-----w- c:\program files\Nero

2010-03-27 18:57 . 2010-03-27 09:37 -------- d-----w- c:\program files\Microsoft Silverlight

2010-03-27 13:10 . 2005-11-30 15:36 87263 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat

2010-03-27 09:37 . 2010-03-27 09:35 -------- d-----w- c:\program files\Microsoft

2010-03-27 09:37 . 2010-03-27 09:37 -------- d-----w- c:\program files\Microsoft Office Outlook Connector

2010-03-27 09:36 . 2010-03-27 09:34 -------- d-----w- c:\program files\Windows Live

2010-03-27 09:34 . 2010-03-27 09:34 -------- d-----w- c:\program files\Windows Live SkyDrive

2010-03-26 21:34 . 2010-03-26 21:33 -------- dcsh--w- c:\program files\Common Files\WindowsLiveInstaller

2010-03-26 21:31 . 2010-03-26 21:31 -------- dc----w- c:\documents and settings\All Users\Application Data\WLInstaller

2010-03-18 21:29 . 2009-06-21 15:01 -------- d-----w- c:\program files\VS Revo Group

2010-03-13 21:00 . 2006-03-03 19:43 -------- d-----w- c:\program files\Yahoo!

2010-03-12 17:14 . 2007-06-25 23:52 44376 -c--a-w- c:\documents and settings\Onny\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-03-12 16:43 . 2007-06-09 10:32 -------- d-----w- c:\program files\Common Files\Adobe

2010-03-12 16:18 . 2010-03-12 16:18 -------- d-----w- c:\program files\CleanMyPC

2010-03-10 20:17 . 2010-03-10 20:17 -------- d-----w- c:\program files\Common Files\Windows Live

2010-03-10 06:15 . 2003-07-16 16:43 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-02-25 06:24 . 2006-06-23 09:33 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-24 13:11 . 2003-07-16 16:29 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-02-17 07:10 . 2003-07-16 16:33 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-16 13:25 . 2002-08-29 01:04 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-12 10:03 . 2010-03-27 16:00 293376 ------w- c:\windows\system32\browserchoice.exe

2010-02-12 04:33 . 2007-07-11 18:48 100864 ----a-w- c:\windows\system32\6to4svc.dll

2010-02-11 12:02 . 2003-07-16 16:41 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Registry Cleaner Scheduler"="c:\program files\CleanMyPC\Registry Cleaner\RCHelper.exe" [2009-11-28 1401096]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-12-12 1840424]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-09 68856]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-04-13 149280]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Onny\Start Menu\Programs\Startup\

LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2007-8-7 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2008-11-06 06:25 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norman ZANDA]

2005-05-25 12:11 135168 ----a-w- c:\virusfighter\Bin\Zlh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2007-04-27 07:41 282624 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-06-09 10:25 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"TapiSrv"=3 (0x3)

"Norman ZANDA"=2 (0x2)

"Norman NJeeves"=3 (0x3)

"Nero BackItUp Scheduler 3"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [27-11-2008 19:07 216200]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [27-11-2008 19:08 242896]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [28-3-2010 5:54 916760]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [28-3-2010 5:53 308064]

R3 3dfxvs;3dfxvs;c:\windows\system32\drivers\3dfxvsm.sys [27-3-2010 11:59 148352]

R3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [28-3-2010 12:48 96256]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13-4-2010 18:04 135664]

S3 cwbmidi_device;Crystal WDM MPU-401 UART Driver;c:\windows\system32\drivers\cwbmidi.sys [30-11-2005 17:29 3072]

S3 cwbwdm_device;Crystal WDM Audio Codec Driver;c:\windows\system32\drivers\cwbwdm.sys [30-11-2005 17:29 72832]

S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9-6-2007 12:25 29744]

S3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\system32\drivers\NtApm.sys [30-11-2005 17:30 9344]

.

Contents of the 'Scheduled Tasks' folder

2009-01-28 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 13:42]

2010-05-05 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-07 19:04]

2010-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-13 16:03]

2010-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-13 16:03]

2010-05-05 c:\windows\Tasks\User_Feed_Synchronization-{DD56B12A-EB2D-4EED-8238-224D803A6D89}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.leparissa.nl/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-05-05 15:08

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\æwÿÿÿÿpæw4²Ôw*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2488)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\IoctlSvc.exe

c:\windows\system32\wdfmgr.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\AVG\AVG9\avgnsx.exe

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Common Files\Nero\Lib\NMIndexingService.exe

c:\program files\Java\jre6\bin\jucheck.exe

.

**************************************************************************

.

Completion time: 2010-05-05 15:20:11 - machine was rebooted

ComboFix-quarantined-files.txt 2010-05-05 13:19

Pre-Run: 59.202.015.232 bytes free

Post-Run: 61.249.155.072 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - D4379C1123053AFE6D627B8A30E5B101