ComboFix 10-08-09.03 - Pieter 10-08-2010 19:59:59.1.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.1022.722 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Pieter\Bureaublad\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Aanwezig AV is actief
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
c:\windows\Uninstall.ini
.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NPF
(((((((((((((((((((( Bestanden Gemaakt van 2010-07-10 to 2010-08-10 ))))))))))))))))))))))))))))))
.
2010-08-10 17:56 . 2010-08-10 17:56 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-08-10 17:56 . 2010-08-10 17:56 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-08-10 17:50 . 2010-08-10 17:50 -------- d-----w- c:\documents and settings\Pieter\Tracing
2010-08-10 17:49 . 2010-08-10 17:49 -------- d-----w- c:\program files\Microsoft
2010-08-10 17:49 . 2010-08-10 17:49 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-08-10 17:49 . 2010-08-10 17:49 -------- d-----w- c:\program files\Windows Live
2010-08-10 17:47 . 2010-08-10 17:47 -------- d-----w- c:\program files\Common Files\Windows Live
2010-08-10 16:43 . 2010-08-10 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\iZotope
2010-08-10 16:37 . 2010-08-10 16:37 -------- d-----w- c:\documents and settings\Pieter\Application Data\iZotope
2010-08-10 16:37 . 2010-08-10 16:37 -------- d-----w- c:\documents and settings\Pieter\Application Data\FabFilter
2010-08-10 16:37 . 2010-08-10 16:37 -------- d-----w- c:\documents and settings\Pieter\Local Settings\Application Data\112dB
2010-08-10 16:37 . 2010-08-10 16:37 -------- d-----w- c:\documents and settings\Pieter\Application Data\Waves Audio
2010-08-10 16:37 . 2010-08-10 16:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Audio Damage
2010-08-10 16:34 . 2010-08-10 16:34 -------- d-----w- C:\VST
2010-08-10 15:49 . 2010-08-10 15:49 -------- d-----w- c:\program files\Ableton
2010-08-10 15:49 . 2010-08-10 15:49 -------- d-----w- c:\documents and settings\Pieter\Application Data\Ableton
2010-08-10 15:45 . 2010-08-10 15:45 -------- d-----w- c:\program files\STANDALONE VST
2010-08-10 15:44 . 2010-08-10 15:44 -------- d-----w- c:\program files\VST
2010-08-10 15:30 . 2010-08-10 15:30 -------- d-----w- c:\program files\uTorrent
2010-08-10 15:30 . 2010-08-10 15:30 -------- d-----w- c:\documents and settings\Pieter\Application Data\uTorrent
2010-08-10 13:49 . 2010-08-10 13:49 -------- d-----w- c:\program files\VideoLAN
2010-08-10 13:48 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-08-10 13:48 . 2006-10-26 17:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-08-10 13:48 . 2010-08-10 13:48 -------- d-----w- c:\program files\Microsoft Works
2010-08-10 13:46 . 2010-08-10 13:46 -------- d-----w- c:\windows\SHELLNEW
2010-08-10 13:44 . 2010-08-10 13:44 -------- d-----w- c:\documents and settings\Pieter\Local Settings\Application Data\Microsoft Help
2010-08-10 13:42 . 2010-08-10 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-10 13:34 . 2010-08-10 13:34 -------- d-----r- C:\MSOCache
2010-08-10 10:25 . 2010-08-10 10:25 -------- d-----w- c:\documents and settings\Pieter\Local Settings\Application Data\ESET
2010-08-10 10:24 . 2010-08-10 10:24 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-08-10 09:33 . 2010-08-10 09:33 -------- d-----w- c:\documents and settings\Pieter\Application Data\Malwarebytes
2010-08-10 09:33 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-10 09:33 . 2010-08-10 09:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-10 09:33 . 2010-08-10 09:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-10 09:33 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-10 09:04 . 2010-08-10 09:04 -------- d-sh--w- c:\documents and settings\Pieter\IECompatCache
2010-08-10 08:33 . 2010-08-10 08:33 -------- d-----w- C:\FOUND.000
2010-08-09 16:57 . 2010-08-09 16:57 388096 ----a-r- c:\documents and settings\Pieter\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-09 16:57 . 2010-08-09 16:57 -------- d-----w- c:\program files\Trend Micro
2010-08-09 16:17 . 2010-08-09 16:17 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-08-09 16:06 . 2010-08-09 16:06 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-08-09 16:05 . 2010-08-09 16:05 -------- d-sh--w- c:\documents and settings\Pieter\IETldCache
2010-08-09 16:01 . 2010-08-09 16:01 -------- d-----w- c:\program files\ESET
2010-08-09 16:01 . 2010-08-09 16:01 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-08-09 15:59 . 2010-05-06 10:36 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-08-09 15:59 . 2010-05-06 10:36 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-08-09 15:59 . 2010-05-06 10:37 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-08-09 15:59 . 2010-05-06 10:36 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-08-09 15:59 . 2010-05-06 10:36 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-08-09 15:59 . 2010-05-06 10:36 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-09 15:59 . 2010-05-06 10:36 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-08-09 15:59 . 2010-08-09 15:59 -------- d-----w- c:\windows\ie8updates
2010-08-09 15:59 . 2010-04-16 11:43 41984 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-08-09 15:57 . 2010-08-09 15:57 -------- d--h--w- c:\windows\ie8
2010-08-09 15:57 . 2010-08-09 15:57 -------- d-----w- c:\windows\system32\nl-NL
2010-08-09 15:42 . 2010-08-09 15:42 -------- d-----w- c:\program files\MSXML 4.0
2010-08-09 10:55 . 2010-08-09 10:55 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-08-09 10:44 . 2010-02-24 12:31 454016 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-08-09 10:41 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-08-09 10:41 . 2010-02-16 19:35 2062720 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-08-09 10:41 . 2010-02-16 19:35 2185728 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-08-09 10:41 . 2010-02-16 19:35 2021376 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-08-09 10:40 . 2010-02-16 19:35 2141696 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-08-09 10:34 . 2010-08-09 10:34 -------- d--h--w- c:\windows\$hf_mig$
2010-08-09 10:33 . 2010-08-09 10:33 -------- d-sh--w- c:\documents and settings\Pieter\UserData
2010-08-09 10:26 . 2010-08-09 10:26 -------- d-----w- c:\windows\ServicePackFiles
2010-08-09 10:26 . 2009-01-07 16:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-08-09 10:26 . 2010-08-09 10:26 -------- d-----w- c:\windows\EHome
2010-08-09 09:57 . 2010-08-09 09:57 -------- d-----r- c:\documents and settings\LocalService\Favorieten
2010-08-09 09:53 . 2010-08-09 09:53 -------- d-----w- c:\documents and settings\Pieter\Application Data\foobar2000
2010-08-09 09:53 . 2010-08-09 09:53 -------- d-----w- c:\program files\foobar2000
2010-08-09 09:51 . 2010-08-09 09:51 -------- d-----w- c:\documents and settings\NetworkService\Menu Start
2010-08-09 09:51 . 2010-08-09 09:51 -------- d-----r- c:\documents and settings\NetworkService\Favorieten
2010-08-08 18:28 . 2004-03-29 15:23 140288 ----a-w- c:\windows\system32\drivers\i2220ntx.sys
2010-08-08 18:28 . 2003-08-08 13:03 81920 ----a-w- c:\windows\system32\W32N50.DLL
2010-08-08 18:28 . 2002-05-02 10:52 17134 ----a-w- c:\windows\system32\PCANDIS5.SYS
2010-08-08 17:52 . 2010-08-08 17:52 -------- d-----w- c:\documents and settings\Pieter\Application Data\Propellerhead Software
2010-08-08 17:52 . 2010-08-08 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Propellerhead Software
2010-08-08 17:52 . 2008-03-14 11:22 368640 ----a-w- c:\windows\system32\ReWire.dll
2010-08-08 17:52 . 2008-03-14 11:22 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
2010-08-08 17:44 . 2010-08-10 15:05 49000 ----a-w- c:\documents and settings\Pieter\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-08 15:05 . 2010-08-08 15:05 0 ----a-w- c:\windows\nsreg.dat
2010-08-08 15:05 . 2010-08-08 15:05 -------- d-----w- c:\documents and settings\Pieter\Local Settings\Application Data\Mozilla
2010-08-08 15:05 . 2004-08-04 03:00 26496 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2010-08-08 14:53 . 2010-08-08 14:53 -------- d-----w- c:\documents and settings\Pieter\Application Data\AdobeUM
2010-08-08 14:53 . 2010-08-08 14:53 -------- d-----w- c:\documents and settings\Pieter\Local Settings\Application Data\Adobe
2010-08-08 14:53 . 2010-08-08 14:53 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-08 14:44 . 2010-08-08 14:44 -------- d-----w- c:\program files\CONEXANT
2010-08-08 14:28 . 2010-08-08 14:28 -------- d-----w- c:\documents and settings\Pieter\Local Settings\Application Data\Help
2010-08-08 14:19 . 2010-08-08 14:19 -------- d-----w- c:\windows\Downloaded Installations
2010-08-08 14:17 . 2005-03-23 08:01 245760 ----a-w- c:\windows\system32\Check.exe
2010-08-08 14:17 . 2010-08-08 14:17 -------- d-----w- c:\program files\acer
2010-08-08 14:17 . 2010-08-08 14:17 -------- d-----w- c:\program files\Launch Manager
2010-08-08 14:17 . 2004-12-10 09:49 147456 ----a-w- c:\windows\UNINST32.EXE
2010-08-08 14:17 . 2004-12-08 12:10 16896 ----a-w- c:\windows\system32\drivers\DKbFltr.SYS
2010-08-08 14:17 . 2002-12-19 13:58 49152 ----a-w- c:\windows\system32\QtBtLib.dll
2010-08-08 14:15 . 2010-08-08 14:15 17119 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-08-08 14:15 . 2010-08-08 14:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2010-08-08 14:14 . 2010-08-08 14:14 -------- d-----w- C:\Acer
2010-08-08 14:14 . 2005-03-24 14:54 78208 ----a-w- c:\windows\system32\drivers\epm-shd.sys
2010-08-08 14:14 . 2004-09-01 21:57 221258 ----a-w- c:\windows\system32\Epm-Po.dll
2010-08-08 14:14 . 2004-07-19 11:10 4096 ----a-w- c:\windows\system32\drivers\epm-psd.sys
2010-08-08 14:13 . 2010-08-08 14:13 -------- d-----w- c:\program files\ATI Technologies
2010-08-08 14:08 . 2001-09-06 17:04 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-08-08 14:08 . 2004-08-04 03:00 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-10 18:04 . 2005-04-06 12:45 12 ----a-w- c:\windows\bthservsdp.dat
2010-08-10 08:35 . 2005-04-06 12:02 54782 ----a-w- c:\windows\system32\perfc013.dat
2010-08-10 08:35 . 2005-04-06 12:02 366400 ----a-w- c:\windows\system32\perfh013.dat
2010-08-08 18:33 . 2005-04-06 12:14 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-08 14:06 . 1979-12-31 22:00 471 ----a-w- c:\windows\CLEANUP.CMD
2010-08-08 14:06 . 1979-12-31 22:00 797 ----a-w- c:\windows\HotFix.bat
2010-06-14 14:30 . 2005-04-06 12:13 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-07 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-07 126976]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 688218]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 110592]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-08 339968]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 188416]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-03-24 2880512]
"LManager"="c:\program files\Launch Manager\QtZgAcer.EXE" [2005-03-28 319488]
"eRecoveryService"="c:\windows\System32\Check.exe" [2005-03-23 245760]
"acerWireless"="c:\program files\acer\Wireless\Utility\WlanUtil.exe" [2004-06-09 417792]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-04-07 2145000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"BrowserChoice"="c:\windows\system32\browserchoice.exe" [2010-02-12 293376]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7-4-2010 21:08 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [7-4-2010 21:09 95872]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7-4-2010 21:08 810120]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://global.acer.com
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Pieter\Application Data\Mozilla\Firefox\Profiles\xgln2goq.default\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
GMER - Rootkit Detector and Remover
Rootkit scan 2010-08-10 20:06
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,41,6b,03,b5,ea,bf,db,42,a1,e2,f5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,41,6b,03,b5,ea,bf,db,42,a1,e2,f5,\
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3784)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\Ati2evxx.exe
c:\acer\eManager\anbmServ.exe
c:\windows\system32\rundll32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\acer\eRecovery\Monitor.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Voltooingstijd: 2010-08-10 20:08:37 - machine werd herstart
ComboFix-quarantined-files.txt 2010-08-10 18:08
Pre-Run: 29.376.315.392 bytes beschikbaar
Post-Run: 29.431.726.080 bytes beschikbaar
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
- - End Of File - - 27B8C9F21667B459D122E8C28E0AA709
