ComboFix 10-10-02.02 - v730523 08/10/2010 10:49:40.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.1982.1234 [GMT 2:00] Gestart vanuit: E:\ComboFix.exe AV: *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} SP: *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((( Bestanden Gemaakt van 2010-09-08 to 2010-10-08 )))))))))))))))))))))))))))))) . 2010-10-08 09:02 . 2010-10-08 09:02 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-10-07 13:33 . 2010-10-08 09:03 -------- d-----w- c:\users\v730523\AppData\Local\temp 2010-10-06 18:15 . 2010-10-06 18:15 -------- d-----w- c:\users\v730523\AppData\Roaming\Malwarebytes 2010-10-06 18:14 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-06 18:14 . 2010-10-06 19:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-10-06 18:14 . 2010-10-06 18:14 -------- d-----w- c:\programdata\Malwarebytes 2010-10-06 18:14 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-04 11:48 . 2010-10-04 11:50 -------- d-----w- c:\users\v730523\AppData\Local\Temp(9) 2010-10-02 19:20 . 2010-10-02 19:20 -------- d-----w- c:\programdata\PassMark 2010-10-02 19:20 . 2010-10-02 19:20 -------- d-----w- c:\program files\BurnInTest 2010-09-21 17:16 . 2010-09-21 17:16 552 ----a-w- c:\users\v730523\AppData\Local\d3d8caps.dat . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-08 08:35 . 2008-02-26 01:54 667352 ----a-w- c:\windows\system32\perfh013.dat 2010-10-08 08:35 . 2008-02-26 01:54 126854 ----a-w- c:\windows\system32\perfc013.dat 2010-10-08 08:32 . 2010-04-29 13:48 -------- d-----w- c:\program files\a-squared Anti-Malware 2010-10-08 08:13 . 2010-10-02 19:59 28029 ----a-w- c:\programdata\nvModes.dat 2010-10-08 07:51 . 2010-10-08 07:51 0 ---ha-w- c:\users\v730523\BITFDEF.tmp 2010-10-07 14:07 . 2009-07-11 18:48 -------- d-----w- c:\users\v730523\AppData\Roaming\MxBoost 2010-10-07 13:56 . 2010-03-09 12:38 -------- d-----w- c:\users\v730523\AppData\Roaming\LimeWire 2010-10-06 18:29 . 2008-06-09 12:37 70808 ----a-w- c:\users\v730523\AppData\Local\GDIPFONTCACHEV1.DAT 2010-10-06 18:21 . 2008-07-25 17:55 1356 ----a-w- c:\users\v730523\AppData\Local\d3d9caps.dat 2010-10-06 18:12 . 2010-04-19 18:11 -------- d-----w- c:\program files\Zynga 2010-10-06 18:12 . 2010-03-09 12:36 -------- d-----w- c:\program files\ToggleDU 2010-10-05 10:59 . 2009-11-06 17:03 -------- d-----w- c:\program files\Microsoft Silverlight 2010-10-05 10:59 . 2008-02-25 18:04 -------- d-----w- c:\program files\Norton Internet Security 2010-10-05 10:59 . 2008-02-25 18:03 -------- d-----w- c:\program files\Symantec 2010-10-05 10:59 . 2008-02-25 18:03 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-10-05 10:59 . 2008-08-21 07:17 -------- d-----w- c:\program files\Google 2010-10-05 10:59 . 2008-02-25 18:03 -------- d-----w- c:\programdata\Symantec 2010-10-04 14:28 . 2009-08-15 13:55 -------- d-----w- c:\programdata\Google Updater 2010-10-02 20:00 . 2008-04-17 10:37 -------- d-----w- c:\programdata\NVIDIA 2010-09-21 17:16 . 2010-09-21 17:16 552 ----a-w- c:\users\v730523\AppData\Local\d3d8caps.tmp 2010-08-17 16:42 . 2008-02-25 19:03 -------- d-----w- c:\program files\Common Files\Java 2010-08-17 16:38 . 2008-02-25 19:04 -------- d-----w- c:\program files\Java 2010-08-12 23:17 . 2008-06-09 12:18 -------- d-----w- c:\program files\Microsoft Works 2010-08-12 23:08 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-07-24 16:34 . 2009-08-02 21:35 24467 ----a-w- c:\users\v730523\AppData\Roaming\mdb.bin 2010-07-17 03:00 . 2010-05-31 07:15 423656 ----a-w- c:\windows\system32\deployJava1.dll 2008-02-26 02:32 . 2008-02-26 02:18 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-09-07 251336] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896] "Hiyo"="c:\program files\HiYo\bin\HiYo.exe" [2009-07-14 206128] "a-squared"="c:\program files\A-SQUARED ANTI-MALWARE\a2guard.exe" [2010-07-30 3634568] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Users^v730523^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=c:\users\v730523\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=c:\windows\pss\LimeWire On Startup.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-10-14 23:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] 2008-10-17 14:52 51048 ----a-w- c:\program files\Common Files\Symantec Shared\CCAPP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler] 2008-06-16 07:03 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-10-14 20:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant] 2007-09-13 07:47 480560 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay] 2007-09-04 11:54 554320 ----a-w- c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl] 2007-09-19 12:31 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService] 2007-09-30 17:34 181544 ----a-w- c:\program files\HP\QuickPlay\QPService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-12-27 08:36 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage] 2007-01-08 14:53 311296 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-05 133104] R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888] R3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008] S1 a2injectiondriver;a2injectiondriver;c:\program files\a-squared Anti-Malware\a2dix86.sys [2010-08-15 41816] S1 a2util;a-squared Malware-IDS utility driver;c:\program files\a-squared Anti-Malware\a2util32.sys [2010-05-10 11776] S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080813.001\IDSvix86.sys [2008-03-20 261680] S2 a2AntiMalware;a-squared Anti-Malware Service;c:\program files\a-squared Anti-Malware\a2service.exe [2010-07-30 1935656] S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352] S3 a2acc;a2acc;c:\program files\A-SQUARED ANTI-MALWARE\a2accx86.sys [2010-06-28 71008] --- Andere Services/Drivers In Geheugen --- *NewlyCreated* - COMHOST [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-08-23 15:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Inhoud van de 'Gedeelde Taken' map 2010-10-08 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-21 13:55] 2010-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-05 18:37] 2010-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-05 18:37] 2010-10-08 c:\windows\Tasks\HPCeeScheduleForv730523.job - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-02-25 10:58] 2010-09-13 c:\windows\Tasks\Norton Internet Security - Volledige systeemscan uitvoeren - v730523.job - c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-27 00:19] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=81&bd=Pavilion&pf=laptop IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://ips.poi.de/ips-opdata/layout/fnac/objects/jordan.cab FF - ProfilePath - c:\users\v730523\AppData\Roaming\Mozilla\Firefox\Profiles\ttd3g2co.default\ FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\users\v730523\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS VERWIJDERD - - - - WebBrowser-{3AD798D0-4642-4C55-BC14-CFE7DD19E0D1} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file) HKCU-Run-Magentic - c:\progra~1\Magentic\bin\Magentic.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-10-08 11:03 Windows 6.0.6002 Service Pack 2 NTFS detected NTDLL code modification: ZwOpenFile scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'Explorer.exe'(3500) c:\program files\IncrediMail\bin\B4ImApp.dll . Voltooingstijd: 2010-10-08 11:08:35 ComboFix-quarantined-files.txt 2010-10-08 09:08 Pre-Run: 78.437.007.360 bytes beschikbaar Post-Run: 78.365.802.496 bytes beschikbaar - - End Of File - - 591EDCA1FFCBA13896144DBE3B0126F1