ComboFix 10-01-31.06 - Sabina 01-02-2010 18:07:30.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.766.183 [GMT 1:00] Gestart vanuit: i:\programas\combofix\ComboFix.exe SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500 c:\$recycle.bin\S-1-5-21-412824899-2333433322-2684256221-500 c:\users\Sabina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videos.url c:\users\Sabina\FAVORI~1\Videos.url c:\users\Sabina\Favorites\Videos.url c:\windows\Downloaded Program Files\popcaploader.inf c:\windows\TEMP\logishrd\LVPrcInj01.dll . (((((((((((((((((((( Bestanden Gemaakt van 2010-01-01 to 2010-02-01 )))))))))))))))))))))))))))))) . 2010-02-01 17:18 . 2010-02-01 17:18 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-02-01 17:02 . 2010-02-01 17:02 -------- d-----w- c:\program files\Common Files\xing shared 2010-02-01 16:27 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-01 16:27 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-02-01 16:14 . 2007-03-12 02:12 256000 ----a-w- c:\windows\system32\drivers\WUSB54GCx86.sys 2010-02-01 16:02 . 2010-02-01 16:11 -------- d-----w- c:\program files\NETGEAR 2010-02-01 16:01 . 2010-02-01 16:01 -------- d-----w- c:\programdata\NETGEAR 2010-02-01 16:00 . 2010-02-01 16:00 -------- d-----w- c:\windows\Downloaded Installations 2010-02-01 15:56 . 2010-02-01 16:32 -------- d-----w- c:\program files\Nieuwe map 2010-01-13 11:14 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll 2010-01-13 11:14 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-01 17:19 . 2008-01-19 15:59 12 ----a-w- c:\windows\bthservsdp.dat 2010-02-01 17:02 . 2009-10-06 12:58 -------- d-----w- c:\program files\Common Files\Real 2010-02-01 16:58 . 2010-02-01 16:58 402952 ----a-w- c:\users\Sabina\AppData\Roaming\Real\RealPlayer\setup\AU_setup11.exe 2010-02-01 16:27 . 2010-02-01 16:27 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-02-01 16:14 . 2007-06-29 19:29 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-02-01 15:45 . 2007-06-30 04:55 691928 ----a-w- c:\windows\system32\perfh013.dat 2010-02-01 15:45 . 2007-06-30 04:55 136154 ----a-w- c:\windows\system32\perfc013.dat 2010-01-27 21:22 . 2007-10-24 13:54 680 ----a-w- c:\users\Sabina\AppData\Local\d3d9caps.dat 2010-01-26 21:12 . 2009-09-30 22:03 -------- d-----w- c:\users\Sabina\AppData\Roaming\dvdcss 2010-01-24 11:15 . 2009-11-06 10:18 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-13 16:05 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-01-02 06:38 . 2010-01-23 18:23 916480 ----a-w- c:\windows\system32\wininet.dll 2010-01-02 06:32 . 2010-01-23 18:23 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-01-02 06:32 . 2010-01-23 18:23 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-01-02 04:57 . 2010-01-23 18:23 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-12-26 14:40 . 2009-12-06 21:41 -------- d-----w- c:\programdata\Messenger Plus! 2009-12-24 17:17 . 2009-12-24 17:17 970504 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2009-12-06 21:38 . 2009-12-06 21:38 -------- d-----w- c:\program files\Messenger Plus! Live 2009-12-06 21:37 . 2008-04-15 14:48 -------- d-----w- c:\program files\Windows Live 2009-12-06 21:35 . 2009-12-06 21:35 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-12-06 21:04 . 2009-12-06 20:56 -------- d-----w- c:\users\Sabina\AppData\Roaming\TeamViewer 2009-12-06 20:55 . 2009-12-06 20:55 -------- d-----w- c:\program files\TeamViewer 2009-12-06 19:56 . 2008-07-23 19:35 -------- d-----w- c:\users\Sabina\AppData\Roaming\LimeWirePlus 2009-12-06 17:27 . 2007-06-29 19:39 -------- d-----w- c:\program files\Google 2009-12-06 17:07 . 2009-12-06 17:07 -------- d-----w- c:\users\Sabina\AppData\Roaming\Malwarebytes 2009-12-06 17:07 . 2009-12-06 17:07 -------- d-----w- c:\programdata\Malwarebytes 2009-12-06 16:56 . 2009-12-06 16:56 -------- d-----w- c:\program files\CCleaner 2009-12-06 16:21 . 2008-04-15 14:38 -------- d-----w- c:\program files\Java 2009-12-01 11:49 . 2009-12-01 11:49 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb5202.tmp.exe 2009-11-24 23:54 . 2008-12-28 20:59 1280480 ----a-w- c:\windows\system32\aswBoot.exe 2009-11-24 23:50 . 2008-12-28 20:59 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-11-24 23:50 . 2008-12-28 20:59 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-11-24 23:49 . 2008-12-28 20:59 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2009-11-24 23:49 . 2008-12-28 20:59 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-11-24 23:48 . 2008-12-28 20:59 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-11-24 23:47 . 2008-12-28 20:59 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-11-09 13:22 . 2009-12-17 10:42 24064 ----a-w- c:\windows\system32\nshhttp.dll 2009-11-09 13:20 . 2009-12-17 10:42 31232 ----a-w- c:\windows\system32\httpapi.dll 2009-11-09 11:04 . 2009-12-17 10:42 411136 ----a-w- c:\windows\system32\drivers\http.sys 2007-06-30 05:05 . 2007-06-30 04:58 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-05-03 1116728] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] "ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-11-24 1738040] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-19 13535776] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-19 92704] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-01 198160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2010-02-01 17:01 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher] 2007-02-20 16:20 28672 ----a-w- c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-108141639-2147044473-1544866279-1002] "EnableNotificationsRef"=dword:00000002 R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [28-12-2008 21:59 114768] R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\System32\drivers\jswpslwf.sys [1-10-2008 16:44 20384] R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [28-12-2008 21:59 20560] R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [28-12-2008 21:59 53328] R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [7-10-2009 13:50 185640] R3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\System32\drivers\WUSB54GCx86.sys [1-2-2010 17:14 256000] S2 gupdate1ca46845efe2348;Google Update Service (gupdate1ca46845efe2348);c:\program files\Google\Update\GoogleUpdate.exe [6-10-2009 13:56 133104] S3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\System32\drivers\DNIMP50.sys [16-11-2006 14:36 21504] S3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\System32\drivers\DNISP50.sys [16-11-2006 14:36 20480] S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe --> c:\program files\NETGEAR\WN111v2\jswpsapi.exe [?] S3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\System32\drivers\neti1634.sys [22-10-2008 20:59 197888] S3 RTL8187;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187.sys [29-10-2008 22:43 205312] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ . Inhoud van de 'Gedeelde Taken' map 2010-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-06 12:55] 2010-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-06 12:55] 2010-02-01 c:\windows\Tasks\Uitgebreide garantie.job - c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2007-06-29 16:38] 2010-02-01 c:\windows\Tasks\User_Feed_Synchronization-{8377282A-4C55-430D-9B74-9314DAB975E8}.job - c:\windows\system32\msfeedssync.exe [2010-01-23 04:56] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ mStart Page = hxxp://www.yahoo.com IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.gamenext.nl/online/online2/bejeweled2/popcaploader_v10.cab . - - - - ORPHANS VERWIJDERD - - - - SafeBoot-PskSvcRetail ************************************************************************** scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'Explorer.exe'(9596) c:\windows\TEMP\logishrd\LVPrcInj01.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\rundll32.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\system32\WUDFHost.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe c:\windows\system32\conime.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Voltooingstijd: 2010-02-01 18:34:26 - machine werd herstart ComboFix-quarantined-files.txt 2010-02-01 17:34 Pre-Run: 276.505.698.304 bytes beschikbaar Post-Run: 276.721.950.720 bytes beschikbaar - - End Of File - - C9CA8A3370CB1B590CBE66D19BDE4A71