ComboFix 10-12-12.03 - Hilaire 14/12/2010 18:23:42.8.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.958.329 [GMT 1:00] Gestart vanuit: c:\users\Hilaire\Downloads\ComboFix.exe gebruikte Opdracht switches :: c:\users\Hilaire\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308} SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FILE :: "c:\programdata\FB8D3E9693.sys" "c:\windows\WLXPGSS.SCR" . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\programdata\FB8D3E9693.sys c:\windows\WLXPGSS.SCR . (((((((((((((((((((( Bestanden Gemaakt van 2010-11-14 to 2010-12-14 )))))))))))))))))))))))))))))) . 2010-12-14 17:35 . 2010-12-14 17:35 -------- d-----w- c:\users\Hilaire\AppData\Local\temp 2010-12-14 17:35 . 2010-12-14 17:35 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-12-14 17:35 . 2010-12-14 17:35 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-12-14 10:19 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-12-14 10:19 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-12-14 10:19 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-12-14 10:19 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-12-14 10:19 . 2010-09-07 15:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2010-12-14 10:19 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr 2010-12-14 10:19 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe 2010-12-14 10:19 . 2010-12-14 10:19 -------- d-----w- c:\programdata\Alwil Software 2010-12-14 10:19 . 2010-12-14 10:19 -------- d-----w- c:\program files\Alwil Software 2010-12-12 09:26 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-12 09:26 . 2010-12-12 09:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-12-12 09:26 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-12 09:25 . 2010-12-12 09:25 388096 ----a-r- c:\users\Hilaire\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-11-29 09:50 . 2005-05-22 05:00 90112 ------w- c:\windows\SDUnInst.exe 2010-11-24 09:14 . 2010-11-01 23:03 1448448 ----a-w- c:\windows\system32\inetcpl.cpl 2010-11-24 09:14 . 2010-11-01 22:59 2381824 ----a-w- c:\windows\system32\mshtml.tlb 2010-11-15 17:01 . 2010-11-15 17:01 -------- d-----w- c:\users\Hilaire\AppData\Roaming\AVG10 2010-11-15 16:58 . 2010-11-15 16:58 -------- d--h--w- c:\programdata\Common Files 2010-11-15 16:52 . 2010-12-14 09:59 -------- d-----w- c:\programdata\AVG10 2010-11-15 16:51 . 2010-11-17 16:32 -------- d-----w- c:\program files\AVG 2010-11-15 16:46 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B819F3E-AFE9-49C9-8A31-34E9CFDBCABB}\mpengine.dll 2010-11-15 16:22 . 2010-11-15 16:51 -------- d-----w- c:\programdata\MFAData . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-19 09:41 . 2009-10-02 16:17 222080 ------w- c:\windows\system32\MpSigStub.exe 2010-10-08 15:15 . 2010-10-08 15:10 2516 --sha-w- c:\programdata\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-03 39408] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech BT Wizard"="LBTWiz.exe -silent" [X] "EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-01-11 101136] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-11 101136] "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2010-11-26 679936] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Password Guard v2] 2008-02-11 23:00 1838592 ----a-w- c:\progra~1\SYDATEC\PASSWO~1\pwguard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2010-03-03 15:49 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3610711996-1769753261-2712777353-1000] "EnableNotificationsRef"=dword:00000001 R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 135664] R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-01-19 21504] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S1 aswSP;aswSP; [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656] S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768] S2 Common Toolkit Service;Common Toolkit Service;c:\program files\Common Files\Common Toolkit Suite\FighterSuiteService.exe [2010-02-18 684680] S2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\Fighters\SPAMfighter\sfus.exe service [x] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Inhoud van de 'Gedeelde Taken' map 2010-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 15:49] 2010-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 15:49] 2010-12-14 c:\windows\Tasks\User_Feed_Synchronization-{7DF20E1A-0DCE-461E-A17B-4A27F5EBEB49}.job - c:\windows\system32\msfeedssync.exe [2010-10-05 22:42] 2010-10-02 c:\windows\Tasks\User_Feed_Synchronization-{E44D27E0-7B62-432F-8035-1BBB9729ED05}.job - c:\windows\system32\msfeedssync.exe [2010-10-05 22:42] . . ------- Bijkomende Scan ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = local IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} - hxxp://www.tele2.be/mailconfig/config/bin/AccountHelper.cab FF - ProfilePath - c:\users\Hilaire\AppData\Roaming\Mozilla\Firefox\Profiles\jw58p1k1.default\ FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fhl%3Dnl%26ui%3Dhtml%26zy%3Dl&bsv=1eic6yu9oa4y3&scc=1<mpl=default<mplcache=2&hl=nl FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=panda1_0yatb&p= FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE} FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-14 18:35 Windows 6.0.6002 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,7b,e1,8f,58,c2,45,4a,95,17,2a,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,7b,e1,8f,58,c2,45,4a,95,17,2a,\ . Voltooingstijd: 2010-12-14 18:38:58 ComboFix-quarantined-files.txt 2010-12-14 17:38 ComboFix2.txt 2010-12-14 10:51 ComboFix3.txt 2010-03-23 18:43 ComboFix4.txt 2010-03-03 09:22 ComboFix5.txt 2010-12-14 17:20 Pre-Run: 173.529.063.424 bytes beschikbaar Post-Run: 173.504.925.696 bytes beschikbaar - - End Of File - - CAAF895F998E62C9A6D811FACE53C36A