The log that ComboFix created is in Dutch, as my PC has the Dutch version of Windows XP installed. I hope that won't be a problem.
ComboFix 08-08-04.01 - Jeroen Delcour 2008-08-05 14:38:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.2898 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Jeroen Delcour\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Jeroen Delcour\Mijn documenten\My Documents.url
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\smdat32m.sys
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-07-05 to 2008-08-05 ))))))))))))))))))))))))))))))
.
2008-08-01 23:24 . 2008-08-01 23:24 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-01 23:12 . 2008-08-01 23:12 <DIR> d-------- C:\Deckard
2008-08-01 22:47 . 2008-08-01 22:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-08-01 22:29 . 2008-03-30 18:06 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen
2008-08-01 22:29 . 2008-03-30 03:55 <DIR> d--h----- C:\Documents and Settings\Administrator\Onlangs geopend
2008-08-01 22:29 . 2008-03-30 03:55 <DIR> d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
2008-08-01 22:29 . 2008-03-30 03:55 <DIR> d-------- C:\Documents and Settings\Administrator\Mijn documenten
2008-08-01 22:29 . 2008-03-30 03:55 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-08-01 22:29 . 2008-03-30 03:55 <DIR> d-------- C:\Documents and Settings\Administrator\Favorieten
2008-08-01 22:29 . 2008-03-30 03:55 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad
2008-08-01 22:29 . 2008-08-01 22:29 <DIR> d-------- C:\Documents and Settings\Administrator
2008-08-01 22:20 . 2008-08-01 22:20 <DIR> d-------- C:\VundoFix Backups
2008-08-01 21:03 . 2008-08-01 23:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-01 20:00 . 2008-08-01 23:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-01 18:43 . 2008-08-05 14:17 <DIR> d-------- C:\Program Files\Applications
2008-07-25 11:55 . 2008-07-25 11:55 <DIR> d-------- C:\Documents and Settings\Jeroen Delcour\Application Data\EVEMon
2008-07-22 02:42 . 2008-07-22 02:42 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-07-20 13:22 . 2008-07-20 13:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CCP
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-01 21:16 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-01 20:26 --------- d-----w C:\Documents and Settings\Jeroen Delcour\Application Data\uTorrent
2008-08-01 14:51 --------- d-----w C:\Program Files\Xfire
2008-07-25 13:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Codemasters
2008-07-25 13:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-24 16:43 --------- d-----w C:\Documents and Settings\Jeroen Delcour\Application Data\Xfire
2008-07-09 12:44 --------- d-----w C:\Documents and Settings\Jeroen Delcour\Application Data\Hamachi
2008-07-08 08:45 136,888 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-07-08 08:45 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-07-07 14:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
2008-07-04 12:38 --------- d-----w C:\Program Files\MSXML 4.0
2008-07-02 06:35 1,838 ----a-w C:\WINDOWS\system32\ealregsnapshot1.reg
2008-06-28 10:29 --------- d-----w C:\Documents and Settings\Jeroen Delcour\Application Data\Ulead Systems
2008-06-28 10:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-06-28 10:24 --------- d-----w C:\Program Files\Windows Media Components
2008-06-28 10:24 --------- d-----w C:\Program Files\Ulead Systems
2008-06-28 10:22 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-06-27 12:13 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-06-24 12:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-06-23 19:57 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-06-23 19:57 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-06-22 15:07 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-18 13:55 --------- d-----w C:\Documents and Settings\Jeroen Delcour\Application Data\SPORE Creature Creator
2008-06-18 12:29 --------- d-----w C:\Program Files\MSN Messenger
2008-06-18 12:28 --------- d-----w C:\Program Files\Windows Live
2008-06-11 21:15 --------- d-----w C:\Program Files\Common Files\BioWare
2008-05-31 14:44 94,208 ----a-w C:\WINDOWS\ScUnin.exe
2008-05-24 12:26 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-24 12:05 444,952 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-04-04 13:41 22,328 ----a-w C:\Documents and Settings\Jeroen Delcour\Application Data\PnkBstrK.sys
2006-06-23 22:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D46BEAA4-A304-40B3-A9DA-EC7F7F501F25}]
2008-08-05 14:10 7680 --------- C:\Program Files\Applications\iebt.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:15 1667584]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46 13529088]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 05:46 86016]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"nwiz"="nwiz.exe" [2008-05-03 05:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16:49 16126464 C:\WINDOWS\RTHDCPL.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"some"="C:\Program Files\Applications\wcs.exe" [2008-08-01 18:43 15360]
"start"="C:\Program Files\Applications\iebtm.exe" [2008-08-01 18:43 17920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"E:\\eMule\\emule.exe"=
"E:\\Steam\\steamapps\\snuf7\\team fortress 2\\hl2.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"E:\\Steam\\steamapps\\common\\company of heroes\\RelicCOH.exe"=
"E:\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"E:\\Steam\\steamapps\\snuf7\\counter-strike source\\hl2.exe"=
"E:\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"=
"E:\\THQ\\Gas Powered Games\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe"=
"E:\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"E:\\Aspyr\\Guitar Hero III\\GH3.exe"=
"E:\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"E:\\Steam\\steamapps\\snuf7\\half-life 2 deathmatch\\hl2.exe"=
"E:\\UT2004\\System\\UT2004.exe"=
"E:\\THQ\\Dawn of War\\W40k.exe"=
"E:\\Steam\\steamapps\\snuf7\\source sdk base\\hl2.exe"=
"E:\\Mass Effect\\Binaries\\MassEffect.exe"=
"E:\\Mass Effect\\MassEffectLauncher.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"E:\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer-groepering
"3540:UDP"= 3540:UDP:PNRP (Peer Name Resolution Protocol)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 14:12]
S3 p2pgasvc;Groepsverificatie van peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-08-04 01:03]
S3 p2pimsvc;Identiteitsbeheer van peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-08-04 01:03]
S3 p2psvc;Peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-08-04 01:03]
S3 PNRPSvc;Naamomzettingsprotocol van peer-netwerken;C:\WINDOWS\system32\svchost.exe [2004-08-04 01:03]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Inhoud van de 'Gedeelde Taken' map
2008-06-21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Jeroen Delcour\Application Data\Mozilla\Firefox\Profiles\caxh4v3z.default\
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-08-05 14:39:34
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2008-08-05 14:39:58
ComboFix-quarantined-files.txt 2008-08-05 12:39:53
Pre-Run: 23,356,915,712 bytes beschikbaar
Post-Run: 23,483,535,360 bytes beschikbaar
163
Deckard's System Scanner v20071014.68
Run by Jeroen Delcour on 2008-08-05 14:52:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Jeroen Delcour.exe) --------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:52:29, on 5-8-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Applications\wcs.exe
C:\Program Files\Applications\iebtm.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Applications\wcm.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Applications\iebtmm.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Jeroen Delcour\Bureaublad\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JEROEN~1.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about
:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {D46BEAA4-A304-40B3-A9DA-EC7F7F501F25} - C:\Program Files\Applications\iebt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Applications\wcs.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Applications\iebtm.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} -
http://www.iexplorerclue.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} -
http://www.iexplorerclue.com/redirect.php (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary...t.cab56907.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 5062 bytes
-- Files created between 2008-07-05 and 2008-08-05 -----------------------------
2008-08-05 14:38:26 68096 --a------ C:\WINDOWS\zip.exe
2008-08-05 14:38:26 49152 --a------ C:\WINDOWS\VFind.exe
2008-08-05 14:38:26 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-08-05 14:38:26 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-08-05 14:38:26 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-08-05 14:38:26 98816 --a------ C:\WINDOWS\sed.exe
2008-08-05 14:38:26 80412 --a------ C:\WINDOWS\grep.exe
2008-08-05 14:38:26 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-08-05 14:33:53 0 dr-hs---- C:\cmdcons
2008-08-05 14:33:52 0 d-------- C:\WINDOWS\setup.pss
2008-08-05 14:33:35 0 d-------- C:\WINDOWS\setupupd
2008-08-01 23:24:36 0 d-------- C:\Program Files\Trend Micro
2008-08-01 22:47:02 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-08-01 22:29:35 0 d--h----- C:\Documents and Settings\Administrator\Sjablonen
2008-08-01 22:29:35 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-08-01 22:29:35 0 d--h----- C:\Documents and Settings\Administrator\Onlangs geopend
2008-08-01 22:29:35 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-08-01 22:29:35 0 d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
2008-08-01 22:29:35 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-08-01 22:29:35 0 d-------- C:\Documents and Settings\Administrator\Mijn documenten
2008-08-01 22:29:35 0 dr------- C:\Documents and Settings\Administrator\Menu Start
2008-08-01 22:29:35 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-08-01 22:29:35 0 d-------- C:\Documents and Settings\Administrator\Favorieten
2008-08-01 22:29:35 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-08-01 22:29:35 0 d-------- C:\Documents and Settings\Administrator\Bureaublad
2008-08-01 22:29:35 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-08-01 22:29:35 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-08-01 22:29:26 0 d--hs---- C:\WINDOWS\CSC
2008-08-01 22:20:26 0 d-------- C:\VundoFix Backups
2008-08-01 21:03:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-01 20:00:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-01 18:43:44 0 d-------- C:\Program Files\Applications
2008-07-25 11:55:01 0 d-------- C:\Documents and Settings\Jeroen Delcour\Application Data\EVEMon
2008-07-20 13:22:51 0 d-------- C:\Documents and Settings\All Users\Application Data\CCP
-- Find3M Report ---------------------------------------------------------------
2008-08-05 14:39:14 0 d-------- C:\Program Files\Common Files
2008-08-01 23:16:05 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-01 22:26:08 0 d-------- C:\Documents and Settings\Jeroen Delcour\Application Data\uTorrent
2008-08-01 16:51:09 0 d-------- C:\Program Files\Xfire
2008-07-25 15:08:35 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-24 18:43:41 0 d-------- C:\Documents and Settings\Jeroen Delcour\Application Data\Xfire
2008-07-09 14:44:45 0 d-------- C:\Documents and Settings\Jeroen Delcour\Application Data\Hamachi
2008-07-04 14:38:53 0 d-------- C:\Program Files\MSXML 4.0
2008-07-02 08:35:34 1838 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-06-28 12:29:48 0 d-------- C:\Documents and Settings\Jeroen Delcour\Application Data\Ulead Systems
2008-06-28 12:24:34 0 d-------- C:\Program Files\Windows Media Components
2008-06-28 12:24:22 0 d-------- C:\Program Files\Ulead Systems
2008-06-28 12:22:37 0 d-------- C:\Program Files\Common Files\Ulead Systems
2008-06-27 14:13:04 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
2008-06-23 22:08:49 60812 --a------ C:\WINDOWS\War3Unin.dat
2008-06-23 21:57:09 2829 --a------ C:\WINDOWS\War3Unin.pif
2008-06-23 21:57:09 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-06-22 17:07:38 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-18 15:55:52 0 d-------- C:\Documents and Settings\Jeroen Delcour\Application Data\SPORE Creature Creator
2008-06-18 14:29:39 0 d-------- C:\Program Files\MSN Messenger
2008-06-18 14:28:47 0 d-------- C:\Program Files\Windows Live
2008-06-18 12:43:36 0 d-------- C:\Documents and Settings\Jeroen Delcour\Application Data\Mozilla
2008-06-14 22:33:22 681 --a------ C:\WINDOWS\mozver.dat
2008-06-11 23:15:13 0 d-------- C:\Program Files\Common Files\BioWare
2008-06-10 21:49:03 455928 --a------ C:\WINDOWS\system32\perfh013.dat
2008-06-10 21:49:03 76816 --a------ C:\WINDOWS\system32\perfc013.dat
2008-05-31 16:44:49 967 --a------ C:\WINDOWS\ScUnin.pif
2008-05-31 16:44:49 94208 --a------ C:\WINDOWS\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2008-05-31 16:44:49 27427 --a------ C:\WINDOWS\scunin.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D46BEAA4-A304-40B3-A9DA-EC7F7F501F25}]
05-08-2008 14:10 7680 --------- C:\Program Files\Applications\iebt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [03-05-2008 05:46]
"nwiz"="nwiz.exe" [03-05-2008 05:46 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [21-03-2007 16:49 C:\WINDOWS\RTHDCPL.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [19-07-2008 16:38]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [03-05-2008 05:46]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [28-03-2008 23:37]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30-03-2008 10:36]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [04-08-2004 01:15]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 01:03]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"some"=C:\Program Files\Applications\wcs.exe
"start"=C:\Program Files\Applications\iebtm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 20-12-2001 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc
*Newly Created Service* - CATCHME
-- End of Deckard's System Scanner: finished at 2008-08-05 14:52:41 ------------