ComboFix 10-08-18.05 - Aron 20-08-2010 10:59:59.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1043.18.3005.1701 [GMT 2:00] Gestart vanuit: c:\users\Aron\Desktop\ComboFix.exe * Aanwezig AV is actief . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\programdata\FullRemove.exe c:\windows\SEC c:\windows\SEC\172100logo.bmp c:\windows\SEC\banner.png c:\windows\SEC\Computer.png c:\windows\SEC\Media _S_ Logo.png c:\windows\SEC\Samsung.png c:\windows\SEC\Samsung2.png c:\windows\SEC\SamsungLogo.png c:\windows\SEC\Thumbs.db c:\windows\SEC\Wallpapers\Thumbs.db c:\windows\SEC\Wallpapers\wallpaper.jpg c:\windows\SEC\Wallpapers\wallpaper1.jpg c:\windows\SEC\Wallpapers\Wallpaper2.jpg . (((((((((((((((((((( Bestanden Gemaakt van 2010-07-20 to 2010-08-20 )))))))))))))))))))))))))))))) . 2010-08-20 09:16 . 2010-08-20 09:16 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-08-20 07:22 . 2010-08-20 07:22 -------- d-----w- c:\users\Aron\AppData\Local\Diagnostics 2010-08-19 20:18 . 2010-08-19 20:18 -------- d-----w- c:\users\Aron\AppData\Roaming\Malwarebytes 2010-08-19 20:16 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-19 20:16 . 2010-08-19 20:16 -------- d-----w- c:\programdata\Malwarebytes 2010-08-19 20:16 . 2010-08-19 20:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-19 20:16 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-19 20:11 . 2010-08-19 20:11 388096 ----a-r- c:\users\Aron\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-08-19 20:04 . 2010-08-19 20:04 -------- d-----w- c:\program files\Trend Micro 2010-08-19 19:40 . 2010-08-19 19:40 -------- d-----w- c:\users\Aron\AppData\Roaming\Avira 2010-08-19 19:34 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-08-19 19:34 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-08-19 19:34 . 2009-05-11 10:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-08-19 19:34 . 2009-05-11 10:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-08-19 19:34 . 2010-08-19 19:34 -------- d-----w- c:\programdata\Avira 2010-08-19 19:34 . 2010-08-19 19:34 -------- d-----w- c:\program files\Avira 2010-08-19 15:29 . 2010-08-19 15:41 -------- d-----w- c:\programdata\Blizzard Entertainment 2010-08-19 13:51 . 2010-08-19 13:51 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-08-19 13:50 . 2010-08-19 13:48 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll 2010-08-19 13:50 . 2010-08-19 13:48 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe 2010-08-19 13:50 . 2010-08-19 13:50 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe 2010-08-19 13:48 . 2010-08-19 13:48 -------- d-----w- c:\program files\Java 2010-08-19 13:48 . 2010-08-19 13:53 -------- d-----w- c:\programdata\DivX 2010-08-19 13:45 . 2010-08-19 13:45 -------- d-----w- c:\program files\Common Files\Intel 2010-08-19 13:44 . 2010-08-19 13:44 -------- d-----w- c:\windows\system32\x64 2010-08-19 12:13 . 2010-08-19 19:14 -------- d-----w- C:\World of Warcraft 2010-08-19 12:13 . 2010-08-19 13:52 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2010-08-19 12:00 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll 2010-08-19 12:00 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll 2010-08-19 11:59 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll 2010-08-19 11:57 . 2010-08-19 11:57 -------- d-----w- c:\users\Aron\AppData\Local\Apps 2010-08-19 11:57 . 2010-08-19 11:57 -------- d-----w- c:\users\Aron\AppData\Local\Deployment 2010-08-19 11:55 . 2010-08-19 11:59 -------- d-----w- c:\users\Aron\AppData\Local\Google 2010-08-19 11:42 . 2010-08-19 11:42 -------- d-----w- c:\windows\system32\Wat 2010-08-19 11:23 . 2009-11-25 10:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2010-08-19 11:23 . 2009-11-25 10:47 49472 ----a-w- c:\windows\system32\netfxperf.dll 2010-08-19 11:23 . 2009-11-25 10:47 297808 ----a-w- c:\windows\system32\mscoree.dll 2010-08-19 11:23 . 2009-11-25 10:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2010-08-19 11:23 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\system32\dfshim.dll 2010-08-19 11:20 . 2010-08-19 11:20 -------- d-----w- c:\programdata\Blizzard 2010-08-19 11:18 . 2010-08-20 06:58 -------- d-----w- c:\users\Aron\AppData\Roaming\skypePM 2010-08-19 11:15 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe 2010-08-19 11:12 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-08-19 11:10 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll 2010-08-19 11:09 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll 2010-08-19 11:09 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-08-19 11:03 . 2010-08-20 09:10 -------- d-----w- c:\users\Aron\AppData\Roaming\Skype 2010-08-19 11:01 . 2010-08-19 11:01 -------- d-----w- c:\program files\Common Files\Skype 2010-08-19 11:01 . 2010-08-19 11:01 -------- d-----r- c:\program files\Skype 2010-08-19 11:01 . 2010-08-19 11:01 -------- d-----w- c:\programdata\Skype . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-19 20:45 . 2009-09-29 19:10 -------- d-----w- c:\programdata\WinClon 2010-08-19 19:17 . 2009-09-30 11:44 680244 ----a-w- c:\windows\system32\perfh007.dat 2010-08-19 19:17 . 2009-09-30 11:44 143450 ----a-w- c:\windows\system32\perfc007.dat 2010-08-19 19:17 . 2009-09-30 11:37 731662 ----a-w- c:\windows\system32\perfh00C.dat 2010-08-19 19:17 . 2009-09-30 11:37 144592 ----a-w- c:\windows\system32\perfc00C.dat 2010-08-19 19:17 . 2009-09-30 11:30 747758 ----a-w- c:\windows\system32\perfh013.dat 2010-08-19 19:17 . 2009-09-30 11:30 154500 ----a-w- c:\windows\system32\perfc013.dat 2010-08-19 13:50 . 2010-08-19 13:50 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe 2010-08-19 13:50 . 2010-08-19 13:49 -------- d-----w- c:\program files\DivX 2010-08-19 13:50 . 2010-08-19 13:50 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe 2010-08-19 13:50 . 2010-08-19 13:50 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe 2010-08-19 13:50 . 2010-08-19 13:50 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe 2010-08-19 13:50 . 2010-08-19 13:49 -------- d-----w- c:\program files\Common Files\DivX Shared 2010-08-19 13:50 . 2010-08-19 13:50 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe 2010-08-19 13:49 . 2010-08-19 13:49 -------- d-----w- c:\program files\Common Files\Java 2010-08-19 13:48 . 2010-08-19 13:49 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-08-19 13:45 . 2009-09-29 18:59 -------- d-----w- c:\program files\Intel 2010-08-19 11:52 . 2009-09-29 19:12 -------- d-----w- c:\program files\McAfee 2010-08-19 11:42 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail 2010-08-19 11:18 . 2010-08-19 11:18 56 ---ha-w- c:\programdata\ezsidmv.dat 2010-08-19 11:11 . 2010-08-19 11:11 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf 2010-08-19 11:04 . 2009-09-29 19:28 -------- d-----w- c:\programdata\Partner 2010-07-29 06:30 . 2010-08-19 11:11 197632 ----a-w- c:\windows\system32\ir32_32.dll 2010-07-29 06:30 . 2010-08-19 11:11 82944 ----a-w- c:\windows\system32\iccvid.dll 2010-06-30 06:25 . 2010-08-19 11:10 978432 ----a-w- c:\windows\system32\wininet.dll 2010-06-22 02:47 . 2010-08-19 11:10 310784 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-22 02:47 . 2010-08-19 11:10 307200 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-06-22 02:47 . 2010-08-19 11:10 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-06-19 06:33 . 2010-08-19 11:10 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-06-19 06:33 . 2010-08-19 11:10 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-06-19 06:23 . 2010-08-19 11:11 37376 ----a-w- c:\windows\system32\rtutils.dll 2010-06-19 04:07 . 2010-08-19 11:11 2326016 ----a-w- c:\windows\system32\win32k.sys 2010-06-16 05:48 . 2010-08-19 11:10 224256 ----a-w- c:\windows\system32\schannel.dll 2010-06-08 06:02 . 2010-08-19 11:11 1233920 ----a-w- c:\windows\system32\msxml3.dll 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\users\Aron\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-08-19 136176] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-19 7711264] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-09 1578280] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-05-01 645328] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-22 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-22 175640] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-22 169496] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-11 795936] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-19 1343400] S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-23 203280] S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [2009-08-13 44312] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472] S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-01-08 126976] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-31 187392] --- Andere Services/Drivers In Geheugen --- *NewlyCreated* - AVGNTFLT *NewlyCreated* - AVIPBB *NewlyCreated* - MBAMSWISSARMY . Inhoud van de 'Gedeelde Taken' map 2010-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2058970135-1755214191-2275654220-1001Core.job - c:\users\Aron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-19 11:57] 2010-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2058970135-1755214191-2275654220-1001UA.job - c:\users\Aron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-19 11:57] 2009-09-29 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-29 23:57] 2009-09-29 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-29 23:57] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm . - - - - ORPHANS VERWIJDERD - - - - Toolbar-Locked - (no file) . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2010-08-20 11:19:49 ComboFix-quarantined-files.txt 2010-08-20 09:19 Pre-Run: 106.271.109.120 bytes beschikbaar Post-Run: 106.274.217.984 bytes beschikbaar - - End Of File - - AA66163092DF7104E3C87708FA7B0184