ComboFix 10-01-23.06 - missbollywood 24-01-2010 19:08:41.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2814.1801 [GMT 1:00] Gestart vanuit: g:\programas\combofix\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((( Bestanden Gemaakt van 2009-12-24 to 2010-01-24 )))))))))))))))))))))))))))))) . 2010-01-24 18:17 . 2010-01-24 18:17 -------- d-----w- c:\users\missbollywood\AppData\Local\temp 2010-01-24 18:17 . 2010-01-24 18:17 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-01-24 18:17 . 2010-01-24 18:17 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-01-24 17:56 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-24 17:56 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-23 12:53 . 2010-01-23 12:53 -------- d-----w- c:\programdata\Malwarebytes 2010-01-22 19:50 . 2010-01-24 16:49 -------- d-----w- c:\program files\Ccleaner 2010-01-13 16:29 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll 2010-01-13 16:29 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-24 17:54 . 2008-01-21 06:47 667352 ----a-w- c:\windows\system32\perfh013.dat 2010-01-24 17:54 . 2008-01-21 06:47 126854 ----a-w- c:\windows\system32\perfc013.dat 2010-01-24 17:42 . 2009-09-22 17:32 8268 ----a-w- c:\users\missbollywood\AppData\Local\d3d9caps.dat 2010-01-24 17:42 . 2009-09-22 17:32 70448 ----a-w- c:\users\missbollywood\AppData\Local\GDIPFONTCACHEV1.DAT 2010-01-24 16:47 . 2009-09-29 21:53 69443 ----a-w- c:\programdata\nvModes.dat 2010-01-24 16:44 . 2008-04-07 12:49 -------- d-----w- c:\programdata\Microsoft Help 2010-01-24 16:43 . 2008-04-07 12:51 -------- d-----w- c:\program files\Microsoft Works 2010-01-24 16:40 . 2009-09-29 15:51 -------- d-----w- c:\program files\Microsoft 2010-01-24 16:33 . 2008-04-07 11:59 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-24 16:33 . 2008-04-07 12:42 -------- d-----w- c:\program files\NewTech Infosystems 2010-01-21 19:44 . 2009-09-22 22:46 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-14 15:44 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-01-02 06:38 . 2010-01-23 12:56 916480 ----a-w- c:\windows\system32\wininet.dll 2010-01-02 06:32 . 2010-01-23 12:56 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-01-02 06:32 . 2010-01-23 12:56 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-01-02 04:57 . 2010-01-23 12:56 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-12-30 15:50 . 2009-10-01 15:09 -------- d-----w- c:\programdata\CanonIJPLM 2009-12-16 14:41 . 2009-09-27 19:01 -------- d-----w- c:\users\missbollywood\AppData\Roaming\vlc 2009-12-05 18:21 . 2009-12-05 18:21 -------- d-----w- c:\users\missbollywood\AppData\Roaming\Motive 2009-12-05 18:20 . 2009-12-05 18:20 -------- d-----w- c:\program files\Common Files\Motive 2009-12-05 18:20 . 2009-12-05 18:20 -------- d-----w- c:\programdata\Motive 2009-12-05 18:20 . 2009-12-05 18:20 -------- d-----w- c:\program files\Thuishelp 2009-11-29 18:32 . 2009-09-22 22:29 -------- d-----w- c:\program files\Java 2009-11-16 22:05 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-11-09 12:31 . 2009-12-12 21:42 24064 ----a-w- c:\windows\system32\nshhttp.dll 2009-11-09 12:30 . 2009-12-12 21:42 30720 ----a-w- c:\windows\system32\httpapi.dll 2009-11-09 10:36 . 2009-12-12 21:42 411648 ----a-w- c:\windows\system32\drivers\http.sys 2009-10-29 09:17 . 2009-11-26 16:13 2048 ----a-w- c:\windows\system32\tzres.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-05-14 15:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "ccleaner"="d:\program files\ccleaner\ccleaner.exe" [2009-12-21 1803064] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "Google Update"="c:\users\missbollywood\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-01-16 135664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "RtHDVCpl"="RtHDVCpl.exe" [2008-05-20 6144000] "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-05-09 397312] "eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896] "eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768] "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048] "WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104] "PLFSetI"="c:\windows\PLFSetI.exe" [2008-06-30 200704] "LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-07-16 821768] "ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-12 147456] "CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-12 167936] "PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936] "Skytel"="Skytel.exe" [2007-11-20 1826816] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-17 13552160] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-17 92704] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "OpwareSE4"="c:\program files\ScanSoft\priter\OpwareSE4.exe" [2007-02-04 79400] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "Zesko_McciTrayApp"="c:\program files\Thuishelp\Zesko\Thuishelp.exe" [2008-04-14 1455104] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):79,93,5f,39,6a,40,ca,01 R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [22-9-2009 18:58 61424] R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [3-3-2008 12:11 16384] R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [22-9-2009 18:59 81504] R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [7-4-2008 13:11 24576] R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [25-4-2008 20:36 45056] R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [22-9-2009 19:00 122368] R2 TeamViewer4;TeamViewer 4;d:\program files\TeamViewer\Version4\TeamViewer_Service.exe [7-10-2009 13:50 185640] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [7-4-2008 22:21 210432] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [23-7-2008 7:24 44064] R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\System32\drivers\teamviewervpn.sys [25-1-2008 10:12 25088] R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [28-3-2007 6:51 43008] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [25-4-2008 20:36 131072] S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21-1-2008 3:23 21504] --- Andere Services/Drivers In Geheugen --- *Deregistered* - MBAMSwissArmy [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map 2010-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151871104-1391618752-3599190915-1000Core.job - c:\users\missbollywood\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-16 17:46] 2010-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151871104-1391618752-3599190915-1000UA.job - c:\users\missbollywood\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-16 17:46] 2010-01-24 c:\windows\Tasks\User_Feed_Synchronization-{67EB4E3E-CEC7-4233-A647-E5020555F09D}.job - c:\windows\system32\msfeedssync.exe [2010-01-23 04:56] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ mStart Page = hxxp://nl.intl.acer.yahoo.com IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: ziggo.nl\thuishelp . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-24 19:17 Windows 6.0.6002 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'Explorer.exe'(3324) c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll c:\windows\System32\SysHook.dll . Voltooingstijd: 2010-01-24 19:21:09 ComboFix-quarantined-files.txt 2010-01-24 18:21 ComboFix2.txt 2009-10-12 12:25 Pre-Run: 95.840.395.264 bytes beschikbaar Post-Run: 94.139.682.816 bytes beschikbaar - - End Of File - - 2456C427DB8A46206137603EEC6A52B6