ComboFix 11-06-02.01 - Brian 02-06-2011 21:55:08.8.1 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2038.969 [GMT 2:00] Gestart vanuit: c:\users\Brian\Desktop\ComboFix.exe AV: Panda Cloud Antivirus *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59} SP: Panda Cloud Antivirus *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2011-05-02 to 2011-06-02 )))))))))))))))))))))))))))))) . . 2011-06-02 20:08 . 2011-06-02 20:09 -------- d-----w- c:\users\Brian\AppData\Local\temp 2011-06-02 20:08 . 2011-06-02 20:08 -------- d-----w- c:\users\Public\AppData\Local\temp 2011-06-02 20:08 . 2011-06-02 20:08 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-06-02 19:45 . 2011-06-02 19:45 388096 ----a-r- c:\users\Brian\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-06-02 19:39 . 2011-06-02 19:39 -------- d-----w- c:\program files\Common Files\Java 2011-06-02 17:21 . 2011-06-02 17:21 711728 ----a-w- c:\windows\isRS-000.tmp 2011-06-01 23:22 . 2011-06-01 23:22 -------- d-----w- c:\program files\ESET 2011-05-26 20:51 . 2011-05-26 20:51 -------- d-----w- c:\programdata\F-Secure 2011-05-26 20:46 . 2011-05-26 20:46 -------- d-----w- c:\programdata\McAfee 2011-05-24 21:24 . 2011-05-24 21:24 -------- d-----w- c:\program files\Soluto 2011-05-22 23:21 . 2011-05-22 23:21 -------- d-----w- c:\program files\SubDownloader2 2011-05-22 22:03 . 2011-05-22 22:16 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-11 17:48 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-05-11 01:23 . 2011-06-02 17:44 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-05-11 01:19 . 2011-05-26 21:09 -------- d-----w- c:\programdata\Hitman Pro 2011-05-08 01:31 . 2011-05-26 21:31 -------- d-----w- c:\programdata\Spotnet . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-29 07:11 . 2010-12-04 16:26 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 07:11 . 2010-12-04 16:26 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-24 16:12 . 2011-05-01 18:03 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys 2011-04-28 18:17 . 2011-04-28 18:17 161792 ----a-w- c:\windows\system32\msls31.dll 2011-04-28 18:17 . 2011-04-28 18:17 1126912 ----a-w- c:\windows\system32\wininet.dll 2011-04-28 18:17 . 2011-04-28 18:17 86528 ----a-w- c:\windows\system32\iesysprep.dll 2011-04-28 18:17 . 2011-04-28 18:17 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-04-28 18:17 . 2011-04-28 18:17 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-04-28 18:17 . 2011-04-28 18:17 63488 ----a-w- c:\windows\system32\tdc.ocx 2011-04-28 18:17 . 2011-04-28 18:17 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-04-28 18:17 . 2011-04-28 18:17 367104 ----a-w- c:\windows\system32\html.iec 2011-04-28 18:17 . 2011-04-28 18:17 74752 ----a-w- c:\windows\system32\iesetup.dll 2011-04-28 18:17 . 2011-04-28 18:17 23552 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-28 18:17 . 2011-04-28 18:17 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2011-04-28 18:17 . 2011-04-28 18:17 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-04-28 18:17 . 2011-04-28 18:17 152064 ----a-w- c:\windows\system32\wextract.exe 2011-04-28 18:17 . 2011-04-28 18:17 150528 ----a-w- c:\windows\system32\iexpress.exe 2011-04-28 18:17 . 2011-04-28 18:17 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-04-28 18:17 . 2011-04-28 18:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2011-04-28 18:17 . 2011-04-28 18:17 11776 ----a-w- c:\windows\system32\mshta.exe 2011-04-28 18:17 . 2011-04-28 18:17 35840 ----a-w- c:\windows\system32\imgutil.dll 2011-04-28 18:17 . 2011-04-28 18:17 1797632 ----a-w- c:\windows\system32\jscript9.dll 2011-04-28 18:17 . 2011-04-28 18:17 101888 ----a-w- c:\windows\system32\admparse.dll 2011-04-28 18:17 . 2011-04-28 18:17 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-04-14 03:07 . 2010-11-04 23:16 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-03-12 21:55 . 2011-04-28 18:10 876032 ----a-w- c:\windows\system32\XpsPrint.dll 2011-03-10 17:03 . 2011-04-22 18:50 1162240 ----a-w- c:\windows\system32\mfc42u.dll 2011-03-10 17:03 . 2011-04-22 18:50 1136640 ----a-w- c:\windows\system32\mfc42.dll 2011-03-08 21:06 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon] @="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}" [HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}] 2010-12-16 16:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon] @="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}" [HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}] 2010-12-16 16:18 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-20 3563520] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304] "RtHDVCpl"="RtHDVCpl.exe" [2008-02-04 4907008] "PrintDisp"="c:\windows\system32\PrintDisp.exe" [2010-01-21 883200] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656] "PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-02-24 423232] "Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2011-05-17 231592] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-1-10 291896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ \0 . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys] @="FSFilter System Recovery" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HyvesDesktop.exe] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-01-07 11:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] 2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-858306250-2938697709-906041462-1000] "EnableNotificationsRef"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x32.sys [x] R3 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [2010-11-07 38976] R3 PSSDKLBF;PSSDKLBF;c:\windows\system32\Drivers\pssdklbf.sys [2010-11-07 53312] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-01-13 129440] S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [2011-05-24 51144] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-02-07 717296] S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2010-12-16 126536] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640] S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-12-16 140608] S2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [2009-10-29 65536] S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2010-12-16 141384] S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2010-12-16 99400] S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2010-12-16 111176] S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2010-12-16 113736] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-01-10 993848] S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-01-10 399416] S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2011-05-24 376352] S3 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-02-04 77824] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712] S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-07-29 51288] S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-06-12 43608] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - MBAMSWISSARMY *Deregistered* - MBAMSwissArmy . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache bthsvcs REG_MULTI_SZ BthServ . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ TCP: DhcpNameServer = 10.0.0.1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-02 22:08 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(4348) c:\programdata\Panda Security URL Filtering\panda_url_filtering.dll c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll c:\program files\Stardock\Fences\FencesMenu.dll c:\program files\stardock\fences\DesktopDock.dll . Voltooingstijd: 2011-06-02 22:19:16 ComboFix-quarantined-files.txt 2011-06-02 20:19 . Pre-Run: 132.491.276.288 bytes beschikbaar Post-Run: 132.972.408.832 bytes beschikbaar . - - End Of File - - 88852E9D57753DB9F4092919DFC3C85E