ComboFix 10-07-14.01 - Johan 14-07-2010 21:27:01.1.2 - x86 NETWORK Microsoft® Windows Vista™ Business 6.0.6002.2.1252.31.1043.18.2045.1286 [GMT 2:00] Gestart vanuit: c:\users\Johan\Desktop\ComboFix.exe AV: PC Veilig 7.00 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15} SP: PC Veilig 7.00 *enabled* (Updated) {0651C4B0-1D7E-4682-B965-2E9523C483A5} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\ndisapi.dll c:\windows\system32\setup.ini c:\windows\xpsp1hfm.log . (((((((((((((((((((( Bestanden Gemaakt van 2010-06-14 to 2010-07-14 )))))))))))))))))))))))))))))) . 2010-07-14 19:33 . 2010-07-14 19:33 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-07-14 17:01 . 2010-07-14 17:01 -------- d-----w- c:\users\Johan\AppData\Roaming\Malwarebytes 2010-07-14 16:44 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-14 16:44 . 2010-07-14 16:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-14 16:44 . 2010-07-14 16:44 -------- d-----w- c:\programdata\Malwarebytes 2010-07-14 16:44 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-12 09:01 . 2010-07-12 09:01 -------- d-----w- c:\program files\AVG 2010-06-26 22:35 . 2010-06-26 22:35 3248280 ----a-w- c:\programdata\ParetoLogic\UUS2\DriverCure\Temp\Update.exe 2010-06-24 20:33 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2010-06-24 20:33 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll 2010-06-24 20:33 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll 2010-06-24 20:33 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2010-06-24 20:33 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll 2010-06-22 19:35 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2010-06-22 19:35 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2010-06-18 19:23 . 2010-06-18 19:23 71992 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-14 06:55 . 2007-12-14 22:26 8268 ----a-w- c:\users\Johan\AppData\Local\d3d9caps.dat 2010-07-12 18:59 . 2006-11-02 16:06 672686 ----a-w- c:\windows\system32\perfh013.dat 2010-07-12 18:59 . 2006-11-02 16:06 128908 ----a-w- c:\windows\system32\perfc013.dat 2010-07-12 18:53 . 2007-12-05 09:23 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-07-12 18:35 . 2008-04-13 17:00 -------- d-----w- c:\users\Johan\AppData\Roaming\NewsBin 2010-07-11 07:37 . 2009-01-01 11:52 -------- d-----w- c:\programdata\FLEXnet 2010-07-08 20:38 . 2008-10-06 18:54 12 ----a-w- c:\windows\bthservsdp.dat 2010-07-07 07:39 . 2009-08-14 16:02 -------- d-----w- c:\program files\Microsoft 2010-07-05 08:36 . 2008-02-05 20:57 -------- d-----w- c:\program files\Common Files\Adobe 2010-06-30 14:28 . 2010-04-01 16:09 439816 ----a-w- c:\users\Johan\AppData\Roaming\Real\Update\setup3.11\setup.exe 2010-06-29 08:15 . 2010-05-07 12:37 -------- d-----w- c:\program files\Microsoft Security Essentials 2010-06-27 21:20 . 2009-12-13 16:32 -------- d-----w- c:\users\Johan\AppData\Roaming\dvdcss 2010-06-27 02:47 . 2009-08-15 07:41 -------- d-----w- c:\programdata\DriverCure 2010-06-26 22:35 . 2009-08-15 07:41 -------- d-----w- c:\programdata\ParetoLogic 2010-06-26 22:35 . 2009-08-15 07:41 -------- d-----w- c:\program files\Common Files\ParetoLogic 2010-06-20 13:24 . 2008-03-21 22:18 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-20 13:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-06-20 13:05 . 2007-12-14 18:27 -------- d-----w- c:\programdata\Microsoft Help 2010-06-18 19:24 . 2010-04-24 06:32 -------- d-----w- c:\program files\Safari 2010-06-01 17:37 . 2010-05-07 12:40 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-26 17:06 . 2010-06-18 14:45 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-05-26 14:47 . 2010-06-18 14:45 289792 ----a-w- c:\windows\system32\atmfd.dll 2010-05-20 20:42 . 2008-09-27 23:57 -------- d-----w- c:\users\Johan\AppData\Roaming\LimeWire 2010-05-04 05:59 . 2010-06-18 14:45 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 05:55 . 2010-06-18 14:45 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-05-04 05:55 . 2010-06-18 14:45 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-05-04 04:31 . 2010-06-18 14:45 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-05-01 14:13 . 2010-06-18 14:45 2037248 ----a-w- c:\windows\system32\win32k.sys 2010-04-23 14:13 . 2010-05-26 16:48 2048 ----a-w- c:\windows\system32\tzres.dll 2010-04-16 16:43 . 2010-06-22 19:35 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll 2010-04-16 16:43 . 2010-06-22 19:35 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll 2010-04-16 16:43 . 2010-06-22 19:35 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll 2010-04-16 16:43 . 2010-06-22 19:35 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll 2008-12-12 19:39 . 2008-12-12 19:39 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll 2007-12-05 17:06 . 2007-12-05 16:59 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352] "Google Update"="c:\users\Johan\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-07-15 133104] "HijackThis startup scan"="c:\users\Johan\Downloads\HijackThis.exe" [2010-07-13 388608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "RtHDVCpl"="RtHDVCpl.exe" [2007-07-23 4452352] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184] "PMX Daemon"="ICO.EXE" [2006-11-08 49152] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-06-08 128560] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-29 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-29 8429568] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-29 81920] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-19 202256] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http:" [X] "GrpConv"="grpconv -o" [X] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584] c:\users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-7-22 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):5f,07,ac,55,34,5b,ca,01 R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-13 135664] R3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-12 29744] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368] R3 pmxmouse;pmxmouse;c:\windows\system32\DRIVERS\pmxmouse.sys [2007-06-01 18432] R3 pmxusblf;pmxusblf;c:\windows\system32\DRIVERS\pmxusblf.sys [2007-05-24 19008] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map 2010-06-27 c:\windows\Tasks\DriverCure.job - c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2010-06-17 21:28] 2010-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-13 13:47] 2010-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-13 13:47] 2010-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2986484325-352908367-2638526325-1000Core.job - c:\users\Johan\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-15 19:50] 2010-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2986484325-352908367-2638526325-1000UA.job - c:\users\Johan\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-15 19:50] 2010-07-12 c:\windows\Tasks\ParetoLogic Registration.job - c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59] 2010-07-12 c:\windows\Tasks\ParetoLogic Registration3.job - c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2010-04-06 21:30] 2010-06-26 c:\windows\Tasks\ParetoLogic Update Version2.job - c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59] 2010-04-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2986484325-352908367-2638526325-1000.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09] 2010-04-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2986484325-352908367-2638526325-1000.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09] 2010-07-14 c:\windows\Tasks\User_Feed_Synchronization-{1CCDE0E5-730E-49E1-B698-54802D367DF6}.job - c:\windows\system32\msfeedssync.exe [2010-06-18 04:30] . . ------- Bijkomende Scan ------- . uInternet Settings,ProxyOverride = *.local IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: Converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Doel van koppeling converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Doel van koppeling toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html DPF: {426784E5-24B2-4708-820D-117342FAD009} - hxxp://www.hyves.net/cab/outlookaddressbook.cab . - - - - ORPHANS VERWIJDERD - - - - HKLM-RunOnce- - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-14 21:33 Windows 6.0.6002 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Voltooingstijd: 2010-07-14 21:35:05 ComboFix-quarantined-files.txt 2010-07-14 19:35 Pre-Run: 190.856.077.312 bytes beschikbaar Post-Run: 222.535.839.744 bytes beschikbaar - - End Of File - - 626F5619D7E927D690CF01AD9AA553E1