ComboFix 11-08-24.06 - Hilaire 26/08/2011 14:33:21.12.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.958.341 [GMT 2:00] Gestart vanuit: c:\users\Hilaire\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Hilaire\Desktop\CFScript.txt AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2011-07-26 to 2011-08-26 )))))))))))))))))))))))))))))) . . 2011-08-26 12:44 . 2011-08-26 12:44 -------- d-----w- c:\users\Public\AppData\Local\temp 2011-08-26 12:44 . 2011-08-26 12:44 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-08-26 12:10 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{700CE3FF-FB3F-4C1A-8CC8-F16409299363}\mpengine.dll 2011-08-25 17:21 . 2011-08-26 12:44 -------- d-----w- c:\users\Hilaire\AppData\Local\temp 2011-08-24 08:11 . 2011-07-11 13:25 2048 ----a-w- c:\windows\system32\tzres.dll 2011-08-11 12:14 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll 2011-08-11 12:14 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-08-11 12:14 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-08-11 12:14 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-08-11 12:14 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-08-11 12:14 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-08-09 17:30 . 2011-08-09 17:30 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll 2011-08-09 17:30 . 2011-08-09 17:30 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll 2011-08-09 17:30 . 2011-08-09 17:30 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll 2011-08-09 17:30 . 2011-08-09 17:30 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll 2011-08-09 17:30 . 2011-08-09 17:30 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll 2011-08-09 17:30 . 2011-08-09 17:30 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll 2011-08-09 17:30 . 2011-08-09 17:30 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll 2011-08-09 17:29 . 2011-08-09 17:30 -------- d-----w- c:\program files\QuickTime 2011-08-09 17:29 . 2011-08-09 17:29 -------- d-----w- c:\programdata\Apple Computer 2011-08-09 08:45 . 2011-08-09 08:45 -------- d-----w- c:\program files\Common Files\Java 2011-08-09 08:42 . 2011-08-09 08:42 -------- d-----w- c:\program files\Common Files\Adobe 2011-08-08 21:47 . 2011-08-08 21:47 -------- d-----w- c:\program files\FileHippo.com 2011-08-08 17:38 . 2011-08-15 08:35 -------- d-----w- c:\users\Hilaire\AppData\Local\Opera 2011-08-08 17:04 . 2011-08-08 17:04 -------- d-----w- c:\program files\YoutubeDownloader.org 2011-08-08 08:50 . 2011-08-08 08:50 -------- d-----w- c:\program files\Apple Software Update 2011-08-06 12:59 . 2011-08-06 12:59 -------- d-----w- c:\programdata\!SASCORE 2011-07-27 17:17 . 2011-07-27 17:17 -------- d-----w- c:\users\Hilaire\AppData\Roaming\SUPERAntiSpyware.com 2011-07-27 17:17 . 2011-08-18 12:30 -------- d-----w- c:\program files\SUPERAntiSpyware . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-13 17:08 . 2011-05-24 08:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-08-09 08:44 . 2010-07-17 16:36 544656 ----a-w- c:\windows\system32\deployJava1.dll 2011-07-06 17:52 . 2010-12-12 09:26 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-06 17:52 . 2010-12-12 09:26 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-04 11:43 . 2010-12-14 10:19 40112 ----a-w- c:\windows\avastSS.scr 2011-07-04 11:43 . 2010-12-14 10:19 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-07-04 11:36 . 2011-03-07 16:23 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-07-04 11:36 . 2010-12-14 10:19 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-07-04 11:35 . 2010-12-14 10:19 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-07-04 11:32 . 2010-12-14 10:19 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-07-04 11:32 . 2010-12-14 10:19 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-07-04 11:32 . 2010-12-14 10:19 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-06-02 13:34 . 2011-07-13 20:52 2043392 ----a-w- c:\windows\system32\win32k.sys 2011-08-21 15:46 . 2011-06-06 16:26 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-18 4603264] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-03 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-07-04 3493720] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-06 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SetPoint.lnk] backup=c:\windows\pss\SetPoint.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech BT Wizard] LBTWiz.exe -silent [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer] 2007-01-11 17:15 101136 ----a-w- c:\windows\KHALMNPR.Exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer] 2007-01-11 17:15 101136 ----a-w- c:\program files\Common Files\Logitech\khalshared\KHALMNPR.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sfagent] 2011-03-04 16:00 843400 ----a-w- c:\program files\Fighters\SPAMfighter\sfagent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-05-04 11:59 252136 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2010-03-03 15:49 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3610711996-1769753261-2712777353-1000] "EnableNotificationsRef"=dword:00000001 . R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 135664] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 135664] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x] R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-01-19 21504] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R4 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048] R4 Common Toolkit Tools;Common Toolkit Tools;c:\program files\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe [2011-02-02 121480] R4 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\Fighters\SPAMfighter\sfus.exe service [x] R4 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [2011-02-02 1176712] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-08-06 12880] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-18 116608] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Inhoud van de 'Gedeelde Taken' map . 2011-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 15:49] . 2011-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 15:49] . 2011-08-26 c:\windows\Tasks\User_Feed_Synchronization-{7DF20E1A-0DCE-461E-A17B-4A27F5EBEB49}.job - c:\windows\system32\msfeedssync.exe [2011-03-25 18:47] . 2010-10-02 c:\windows\Tasks\User_Feed_Synchronization-{E44D27E0-7B62-432F-8035-1BBB9729ED05}.job - c:\windows\system32\msfeedssync.exe [2011-03-25 18:47] . . ------- Bijkomende Scan ------- . mStart Page = hxxp://www.bigseekpro.com/burn4free/{7D95CA6D-DA29-4768-86D2-DA8F0A42221B} uInternet Settings,ProxyOverride = local IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.254 DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} - hxxp://www.tele2.be/mailconfig/config/bin/AccountHelper.cab FF - ProfilePath - c:\users\Hilaire\AppData\Roaming\Mozilla\Firefox\Profiles\l2kiirok.default\ FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p= FF - prefs.js: network.proxy.type - 0 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-26 14:44 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,7b,e1,8f,58,c2,45,4a,95,17,2a,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,7b,e1,8f,58,c2,45,4a,95,17,2a,\ . Voltooingstijd: 2011-08-26 14:49:48 ComboFix-quarantined-files.txt 2011-08-26 12:49 ComboFix2.txt 2011-08-25 17:21 ComboFix3.txt 2011-05-22 16:47 ComboFix4.txt 2011-03-12 18:58 ComboFix5.txt 2011-08-26 12:31 . Pre-Run: 181.789.175.808 bytes beschikbaar Post-Run: 183.006.593.024 bytes beschikbaar . Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10 - - End Of File - - 5B40730B9AD1600AECF313325834FD73