ComboFix 09-10-28.08 - sabaj 30/10/2009 23:18.4.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3002.1896 [GMT 1:00] Gestart vanuit: c:\users\sabaj\Desktop\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((( Bestanden Gemaakt van 2009-09-28 to 2009-10-30 )))))))))))))))))))))))))))))) . 2009-10-30 22:30 . 2009-10-30 22:31 -------- d-----w- c:\users\sabaj\AppData\Local\temp 2009-10-30 22:30 . 2009-10-30 22:30 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-10-29 20:42 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-29 20:42 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-29 20:42 . 2009-10-29 20:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-29 15:25 . 2009-10-29 15:25 -------- d-----w- c:\program files\CCleaner 2009-10-28 11:13 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe 2009-10-28 11:13 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-10-25 11:31 . 2009-10-25 11:32 -------- d-----w- c:\program files\Crawler 2009-10-18 15:04 . 2009-10-18 15:04 -------- d-----w- c:\program files\Z8Games 2009-10-14 17:27 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll 2009-10-14 17:27 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-10-14 17:27 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-10-14 17:25 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll 2009-10-14 17:25 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2009-10-14 17:24 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2009-10-12 07:42 . 2009-10-12 07:42 -------- d-----w- c:\users\sabaj\AppData\Roaming\Malwarebytes 2009-10-12 07:42 . 2009-10-12 07:42 -------- d-----w- c:\programdata\Malwarebytes 2009-10-07 15:18 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll 2009-10-07 15:18 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe 2009-10-07 15:18 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-10-07 15:18 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll 2009-10-07 15:17 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll 2009-10-07 15:17 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-10-07 15:17 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll 2009-10-07 15:16 . 2009-08-06 17:23 171608 ----a-w- c:\windows\system32\wuwebv.dll 2009-10-07 15:16 . 2009-08-06 16:44 33792 ----a-w- c:\windows\system32\wuapp.exe 2009-10-03 11:43 . 2009-10-01 09:29 195440 ------w- c:\windows\system32\MpSigStub.exe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-25 20:17 . 2008-11-21 21:18 667352 ----a-w- c:\windows\system32\perfh013.dat 2009-10-25 20:17 . 2008-11-21 21:18 126854 ----a-w- c:\windows\system32\perfc013.dat 2009-10-25 20:17 . 2008-11-21 21:13 659180 ----a-w- c:\windows\system32\perfh00C.dat 2009-10-25 20:17 . 2008-11-21 21:13 122976 ----a-w- c:\windows\system32\perfc00C.dat 2009-10-15 18:06 . 2009-06-14 14:35 -------- d-----w- c:\users\sabaj\AppData\Roaming\Image Zone Express 2009-10-15 18:06 . 2008-11-21 13:37 -------- d-----w- c:\programdata\WildTangent 2009-10-14 20:30 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-10-14 19:11 . 2009-04-16 14:48 -------- d-----w- c:\programdata\Microsoft Help 2009-10-05 16:53 . 2009-09-15 20:48 -------- d-----w- c:\program files\Google 2009-09-26 14:08 . 2009-09-26 14:08 -------- d-----w- c:\users\sabaj\AppData\Roaming\CyberLink 2009-09-21 19:40 . 2009-04-16 14:47 -------- d-----w- c:\program files\Common Files\Adobe 2009-09-21 11:44 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar 2009-09-21 11:44 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery 2009-09-21 11:44 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal 2009-09-21 11:44 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration 2009-09-21 11:44 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar 2009-09-21 11:44 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender 2009-09-21 11:01 . 2009-04-16 14:58 -------- d-----w- c:\users\sabaj\AppData\Roaming\hewlett-packard 2009-09-21 10:59 . 2008-11-21 13:19 -------- d-----w- c:\programdata\Hewlett-Packard 2009-09-17 07:25 . 2009-09-15 20:25 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-15 20:25 . 2009-09-15 20:18 -------- d-----w- c:\program files\Microsoft 2009-09-15 20:25 . 2009-09-15 20:25 -------- d-----w- c:\program files\Microsoft Office Outlook Connector 2009-09-15 20:24 . 2009-09-15 20:17 -------- d-----w- c:\program files\Windows Live 2009-09-15 20:24 . 2009-09-15 20:24 -------- d-----w- c:\program files\Microsoft Sync Framework 2009-09-15 20:20 . 2009-09-15 20:20 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2009-09-15 20:17 . 2009-09-15 20:17 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-09-15 20:11 . 2009-09-15 20:11 -------- d-----w- c:\program files\Common Files\Windows Live 2009-09-15 14:36 . 2009-09-08 13:40 -------- d-----w- c:\users\sabaj\AppData\Roaming\HpUpdate 2009-09-11 15:04 . 2008-11-21 13:20 -------- d-----w- c:\programdata\NortonInstaller 2009-09-11 14:52 . 2009-09-11 14:52 -------- d-----w- c:\programdata\Symantec Temporary Files 2009-09-11 10:34 . 2009-04-16 15:18 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2009-09-11 10:34 . 2009-04-16 15:18 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2009-09-11 10:34 . 2009-04-16 15:18 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2009-09-11 10:34 . 2009-04-16 15:18 -------- d-----w- c:\program files\Symantec 2009-09-06 17:54 . 2009-06-12 17:46 -------- d-----w- c:\program files\Java 2009-08-29 00:27 . 2009-09-03 09:53 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-29 00:14 . 2009-09-03 09:53 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-08-27 05:22 . 2009-10-14 17:26 916480 ----a-w- c:\windows\system32\wininet.dll 2009-08-27 05:17 . 2009-10-14 17:26 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-08-27 05:17 . 2009-10-14 17:26 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-08-27 03:42 . 2009-10-14 17:26 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-08-22 06:32 . 2009-04-16 15:18 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys 2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL 2009-08-14 16:27 . 2009-09-09 17:58 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys 2009-08-14 15:53 . 2009-09-09 17:58 17920 ----a-w- c:\windows\system32\netevent.dll 2009-08-14 13:49 . 2009-09-09 17:58 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2009-08-14 13:49 . 2009-09-09 17:58 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2009-08-14 13:49 . 2009-09-09 17:58 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2009-08-14 13:49 . 2009-09-09 17:58 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2009-08-14 13:49 . 2009-09-09 17:58 19968 ----a-w- c:\windows\system32\ARP.EXE 2009-08-14 13:49 . 2009-09-09 17:58 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2009-08-14 13:49 . 2009-09-09 17:58 10240 ----a-w- c:\windows\system32\finger.exe 2009-08-14 13:48 . 2009-09-09 17:58 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2009-08-14 13:48 . 2009-09-09 17:58 105984 ----a-w- c:\windows\system32\netiohlp.dll 2009-08-05 20:48 . 2009-09-15 20:25 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys 2009-08-03 13:07 . 2009-08-03 13:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll 2009-08-03 13:07 . 2009-08-03 13:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll 2009-08-03 13:07 . 2009-08-03 13:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe 2008-11-21 21:39 . 2008-11-21 21:20 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-10-22 1700664] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):c6,70,ed,31,b2,3a,ca,01 R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NAV\1007020.00B\SymEFA.sys [9/09/2009 18:59 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NAV\1007020.00B\BHDrvx86.sys [9/09/2009 18:59 259632] R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NAV\1007020.00B\cchpx86.sys [9/09/2009 18:58 482432] R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091021.001\IDSvix86.sys [22/10/2009 19:57 342576] R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 3:23 21504] R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe [9/09/2009 18:59 117640] R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [21/11/2008 16:08 365952] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [26/08/2009 9:00 102448] R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [29/06/2008 15:52 112128] R3 OA004Ufd;Creative Camera OA004 Upper Filter Driver;c:\windows\System32\drivers\OA004Ufd.sys [3/06/2008 8:30 144672] R3 OA004Vid;Creative Camera OA004 Function Driver;c:\windows\System32\drivers\OA004Vid.sys [17/07/2008 16:01 269760] R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NAV\1007020.00B\symndisv.sys [9/09/2009 18:59 48688] S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [21/11/2008 14:34 193840] S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [15/09/2009 21:25 54632] S3 fsssvc;De service Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [5/08/2009 21:48 704864] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] --- Andere Services/Drivers In Geheugen --- *NewlyCreated* - MBR *Deregistered* - mbr [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Inhoud van de 'Gedeelde Taken' map 2009-10-24 c:\windows\Tasks\HPCeeScheduleForsabaj.job - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-11-21 10:34] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . - - - - ORPHANS VERWIJDERD - - - - HKU-Default-Run-SpywareTerminatorUpdate - c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe AddRemove-{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF} - c:\program files\InstallShield Installation Information\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}\setup.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-30 23:31 Windows 6.0.6002 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton AntiVirus] "ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.7.2.11\diMaster.dll\" /prefetch:1" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Voltooingstijd: 2009-10-30 23:33 ComboFix-quarantined-files.txt 2009-10-30 22:33 ComboFix2.txt 2009-08-17 16:11 Pre-Run: 232.472.907.776 bytes beschikbaar Post-Run: 232.407.322.624 bytes beschikbaar - - End Of File - - 1230F3B43A29974E7F0044C9058EB9D5