ComboFix 11-05-21.03 - mascha 22-05-2011 10:11:13.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3069.2066 [GMT 2:00] Gestart vanuit: c:\users\mascha\Desktop\ComboFix.exe AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} FW: ESET Persoonlijke firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2011-04-22 to 2011-05-22 )))))))))))))))))))))))))))))) . . 2011-05-22 08:22 . 2011-05-22 08:22 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-05-20 12:11 . 2011-05-20 12:11 -------- d-----w- c:\users\mascha\AppData\Roaming\Malwarebytes 2011-05-20 12:11 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-20 12:11 . 2011-05-20 12:11 -------- d-----w- c:\programdata\Malwarebytes 2011-05-20 12:11 . 2011-05-20 12:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-05-20 12:11 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-20 10:52 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A113DC54-55C6-4FF0-BF1F-B242DBA787A5}\mpengine.dll 2011-05-15 16:24 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-05-15 16:24 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2011-05-15 16:24 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2011-05-15 16:24 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll 2011-05-15 16:14 . 2011-05-15 16:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-12 20:22 . 2011-04-12 20:22 161792 ----a-w- c:\windows\system32\msls31.dll 2011-04-12 20:22 . 2011-04-12 20:22 1126912 ----a-w- c:\windows\system32\wininet.dll 2011-04-12 20:22 . 2011-04-12 20:22 86528 ----a-w- c:\windows\system32\iesysprep.dll 2011-04-12 20:22 . 2011-04-12 20:22 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-04-12 20:22 . 2011-04-12 20:22 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-04-12 20:22 . 2011-04-12 20:22 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-04-12 20:22 . 2011-04-12 20:22 63488 ----a-w- c:\windows\system32\tdc.ocx 2011-04-12 20:22 . 2011-04-12 20:22 367104 ----a-w- c:\windows\system32\html.iec 2011-04-12 20:22 . 2011-04-12 20:22 74752 ----a-w- c:\windows\system32\iesetup.dll 2011-04-12 20:22 . 2011-04-12 20:22 23552 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-12 20:22 . 2011-04-12 20:22 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2011-04-12 20:22 . 2011-04-12 20:22 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-04-12 20:22 . 2011-04-12 20:22 152064 ----a-w- c:\windows\system32\wextract.exe 2011-04-12 20:22 . 2011-04-12 20:22 150528 ----a-w- c:\windows\system32\iexpress.exe 2011-04-12 20:22 . 2011-04-12 20:22 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-04-12 20:22 . 2011-04-12 20:22 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2011-04-12 20:22 . 2011-04-12 20:22 11776 ----a-w- c:\windows\system32\mshta.exe 2011-04-12 20:22 . 2011-04-12 20:22 101888 ----a-w- c:\windows\system32\admparse.dll 2011-04-12 20:22 . 2011-04-12 20:22 35840 ----a-w- c:\windows\system32\imgutil.dll 2011-04-12 20:22 . 2011-04-12 20:22 1797632 ----a-w- c:\windows\system32\jscript9.dll 2011-04-12 20:22 . 2011-04-12 20:22 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-03-18 09:23 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-03-10 17:03 . 2011-04-12 19:07 1162240 ----a-w- c:\windows\system32\mfc42u.dll 2011-03-10 17:03 . 2011-04-12 19:07 1136640 ----a-w- c:\windows\system32\mfc42.dll 2011-03-03 15:42 . 2011-04-12 19:12 739328 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-03 15:40 . 2011-05-15 16:24 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll 2011-03-03 15:40 . 2011-05-15 16:24 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2011-03-03 15:40 . 2011-05-15 16:24 542720 ----a-w- c:\windows\apppatch\AcLayers.dll 2011-03-03 15:40 . 2011-05-15 16:24 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll 2011-03-03 13:25 . 2011-04-12 19:07 2041856 ----a-w- c:\windows\system32\win32k.sys 2011-03-02 15:44 . 2011-04-12 19:13 86528 ----a-w- c:\windows\system32\dnsrslvr.dll 2011-02-22 14:13 . 2011-04-02 16:58 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-02-22 13:33 . 2011-04-02 16:58 1068544 ----a-w- c:\windows\system32\DWrite.dll 2011-02-22 13:33 . 2011-04-02 16:58 797696 ----a-w- c:\windows\system32\FntCache.dll 2011-02-22 13:24 . 2011-04-12 19:13 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-02-22 13:24 . 2011-04-12 19:13 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-02-22 13:23 . 2011-04-12 19:13 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-02-22 13:23 . 2011-04-12 19:13 69632 ----a-w- c:\windows\system32\drivers\bowser.sys . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-09 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640] "DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-09-26 1148200] "TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-09-25 1152296] "CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-09-25 189736] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-09-23 912688] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "DLCCCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2006-02-24 73728] "TVAgent"="c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-04-22 206120] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008] "ActivControl"="c:\program files\Activ Software\Activdriver\ActivControl2.exe" [2009-04-03 1040384] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-11-04 2219184] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-09 133104] R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-09 133104] R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-07-21 100184] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008] S2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2008-09-26 59376] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\aestsrv.exe [2009-03-02 81920] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-09-03 137144] S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2010-11-04 810144] S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 41336] S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456] S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952] S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2009-04-22 296320] S2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2009-04-22 116104] S3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\DRIVERS\activhidsermini.sys [2008-12-17 55424] S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736] S3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\DRIVERS\activmouse.sys [2008-12-17 4352] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-28 22072] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 09:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Inhoud van de 'Gedeelde Taken' map . 2011-05-22 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-09 19:01] . 2011-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-09 19:01] . 2011-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-09 19:01] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=91&bd=Pavilion&pf=cnnb uInternet Settings,ProxyOverride = *.local IE: &AOL-werkbalk Zoeken - c:\programdata\AOL\ieToolbar\resources\nl-NL\local\search.html IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{30F2AD64-5478-4003-A825-CCF3ECAAF934} - (no file) HKLM-Run-UCam_Menu - c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe HKLM-Run-UpdateLBPShortCut - c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe HKLM-Run-UpdatePSTShortCut - c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe HKLM-Run-UpdateP2GoShortCut - c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe HKLM-Run-UpdatePDIRShortCut - c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe AddRemove-Adobe Flash Player 10 ActiveX - c:\windows\system32\Macromed\Flash\uninstall_activeX.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-05-22 10:22 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLCCCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}] "ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl" . Voltooingstijd: 2011-05-22 10:24:54 ComboFix-quarantined-files.txt 2011-05-22 08:24 . Pre-Run: 141.186.383.872 bytes beschikbaar Post-Run: 150.969.151.488 bytes beschikbaar . - - End Of File - - 2A7388059FC985F90ED66B7D1CAD315F