ComboFix 12-05-31.01 - Peter 31/05/2012 11:09:46.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2038.1006 [GMT 2:00] Gestart vanuit: c:\users\Peter\Desktop\ComboFix.exe AV: Panda Internet Security 2012 *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59} FW: Panda Personal Firewall 2012 *Disabled* {BEAC95A5-D3E6-6608-9A7D-C12F7882CA22} SP: Panda Internet Security 2012 *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Downloaded Installers c:\program files\Downloaded Installers\{B87534F6-E2C5-45F0-A692-E02B8AF47332}\setup.msi c:\windows\XSxS . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_WinDHCPsvc . . (((((((((((((((((((( Bestanden Gemaakt van 2012-04-28 to 2012-05-31 )))))))))))))))))))))))))))))) . . 2012-05-31 09:26 . 2012-05-31 09:26 -------- d-----w- c:\users\Peter\AppData\Local\temp 2012-05-31 09:26 . 2012-05-31 09:26 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-30 14:39 . 2012-05-30 14:39 -------- d-----w- c:\users\Peter\AppData\Roaming\Malwarebytes 2012-05-30 14:38 . 2012-05-30 14:38 -------- d-----w- c:\programdata\Malwarebytes 2012-05-30 14:38 . 2012-05-30 14:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-05-30 14:38 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-26 09:50 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-05-26 09:50 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll 2012-05-26 09:50 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll 2012-05-26 09:50 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll 2012-05-26 09:50 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll 2012-05-26 09:50 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe 2012-05-26 09:50 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll 2012-05-26 09:50 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-05-26 09:48 . 2012-04-02 13:36 2044928 ----a-w- c:\windows\system32\win32k.sys 2012-05-26 09:48 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-26 09:48 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-25 09:28 . 2012-05-26 09:56 -------- d-----w- c:\program files\BrowserCompanion 2012-05-25 09:27 . 2012-05-26 08:46 -------- d-----w- c:\users\Peter\AppData\Local\Smartbar 2012-05-19 10:12 . 2012-05-25 09:28 -------- d-----w- c:\programdata\boost_interprocess . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-08 16:40 . 2012-05-30 18:00 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{93CC5428-A417-406D-ABB1-8027B0B82DE8}\mpengine.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "Verjaardagen"="c:\verjaardagen\Verjaardagen.exe" [2006-02-04 788480] "AVMUSBFernanschluss"="c:\users\Peter\AppData\Local\Apps\2.0\DKXYKMA4.JA5\0O4MGAVA.0VH\frit..tion_8488884cfbcefd60_0002.0002_3f5bffebd87508a8\AVMAutoStart.exe" [2010-11-29 147456] "SansaDispatch"="c:\users\Peter\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2011-03-04 79872] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "APVXDWIN"="c:\program files\Panda Security\Panda Internet Security 2012\APVXDWIN.EXE" [2011-04-13 1000768] "SCANINICIO"="c:\program files\Panda Security\Panda Internet Security 2012\Inicio.exe" [2011-02-02 70464] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoThumbnailCache"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] 2010-03-24 11:55 55552 ----a-w- c:\windows\System32\avldr.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail] @="Service" . [HKLM\~\startupfolder\C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk] path=c:\users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnk.Startup backupExtension=.Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryBooster . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2008-01-22 10:13 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hiyo] 2010-09-15 11:34 259440 ----a-w- c:\program files\HiYo\Bin\HiYo.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] 2007-02-12 14:37 174872 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2008-05-28 07:27 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService] 2007-04-23 17:11 176128 ----a-w- c:\program files\HP\QuickPlay\QPService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2007-03-09 17:50 4390912 ----a-w- c:\windows\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2012-05-03 06:36 17355912 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-06-09 11:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SupportAgent_HCC] 2010-08-24 08:28 4024320 ----a-w- c:\program files\SmartFix\SupportAgent_HCC\SupportAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage] 2007-01-10 15:12 317128 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Google Update"="c:\users\Peter\AppData\Local\Google\Update\GoogleUpdate.exe" /c . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-425061654-2703141621-867099987-1000] "EnableNotificationsRef"=dword:00000001 . S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache hpdevmgmt REG_MULTI_SZ hpqcxs08 . Inhoud van de 'Gedeelde Taken' map . 2012-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-18 11:26] . 2012-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-18 11:26] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=73&bd=Pavilion&pf=laptop uInternet Settings,ProxyOverride = *.local IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 Trusted Zone: incredimail.com\www TCP: DhcpNameServer = 192.168.178.1 DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab DPF: {63D6DD13-C913-466D-9444-9357561E4D94} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/ma5.5.9/uploadtoepassing.cab . . ------- Bestandsassociaties ------- . JSEFile=c:\progra~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* VBEFile=c:\progra~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* VBSFile=c:\progra~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) WebBrowser-{77F8C945-4B74-4BD6-A073-E0D1997EDCE8} - (no file) SafeBoot-Wdf01000.sys MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe MSConfigStartUp-CanonSolutionMenu - c:\program files\Canon\SolutionMenu\CNSLMAIN.exe MSConfigStartUp-ChromeFrameHelper - c:\users\Peter\AppData\Local\Google\Chrome\Application\14.0.835.202\chrome_frame_helper.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-05-31 11:33 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . HKCU\Software\Microsoft\Windows\CurrentVersion\Run SansaDispatch = c:\users\Peter\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe???#??>?