ComboFix 12-02-25.02 - Gebruiker 27/02/2012 20:29:31.5.4 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.3071.2197 [GMT 1:00] Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Gebruiker\Bureaublad\CFScript.txt AV: Norman Security Suite *Disabled/Updated* {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1} . FILE :: "C:\user.js" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Gebruiker\Local Settings\Application Data\Babylon c:\documents and settings\Gebruiker\Local Settings\Application Data\Babylon\Setup\bab033.tbinst.dat c:\documents and settings\Gebruiker\Local Settings\Application Data\Babylon\Setup\bab091.norecovericon.dat c:\documents and settings\Gebruiker\Local Settings\Application Data\Babylon\Setup\Babylon.dat c:\documents and settings\Gebruiker\Local Settings\Application Data\Babylon\Setup\BExternal.dll c:\documents and settings\Gebruiker\Local Settings\Application Data\Babylon\Setup\HtmlScreens\cmbx.png c:\documents and settings\Gebruiker\Local Settings\Application Data\Babylon\Setup\HtmlScreens\common.js c:\documents and settings\Gebruiker\Local Settings\Application Data\Babylon\Setup\HtmlScreens\eula.html c:\documents and settings\Gebruiker\Local Settings\Application Data\Babylon\Setup\HtmlScreens\lngs.png c:\documents and settings\Gebruiker\Local Settings\Application Data\Babylon\Setup\HtmlScreens\page1.css c:\documents and settings\Gebruiker\Local Settings\Application Data\Babylon\Setup\HtmlScreens\page1.html c:\documents and settings\Gebruiker\Local Settings\Application Data\Babylon\Setup\HtmlScreens\page1.js c:\documents and settings\Gebruiker\Local Settings\Application Data\Babylon\Setup\HtmlScreens\page1Lrg.css c:\documents and settings\Gebruiker\Local Settings\Application Data\Babylon\Setup\HtmlScreens\page2.css c:\documents and settings\Gebruiker\Local Settings\Application Data\Babylon\Setup\HtmlScreens\page2.html c:\documents and settings\Gebruiker\Local Settings\Application Data\Babylon\Setup\HtmlScreens\page2.js c:\documents and settings\Gebruiker\Local Settings\Application Data\Babylon\Setup\HtmlScreens\page2Lrg.css c:\documents and settings\Gebruiker\Local Settings\Application Data\Babylon\Setup\HtmlScreens\page9.html c:\documents and settings\Gebruiker\Local Settings\Application Data\Babylon\Setup\HtmlScreens\pBar.gif c:\documents and settings\Gebruiker\Local Settings\Application Data\Babylon\Setup\HtmlScreens\title1.png c:\documents and settings\Gebruiker\Local Settings\Application Data\Babylon\Setup\HtmlScreens\title2.png c:\documents and settings\Gebruiker\Local Settings\Application Data\Babylon\Setup\HtmlScreens\toolBar.jpg c:\documents and settings\Gebruiker\Local Settings\Application Data\Babylon\Setup\HtmlScreens\vIcn.png c:\documents and settings\Gebruiker\Local Settings\Application Data\Babylon\Setup\IECookieLow.dll c:\documents and settings\Gebruiker\Local Settings\Application Data\Babylon\Setup\Setup-tbmntr903-9.0.3.34.zpb c:\documents and settings\Gebruiker\Local Settings\Application Data\Babylon\Setup\Setup.exe c:\documents and settings\Gebruiker\Local Settings\Application Data\Babylon\Setup\SetupStrings.dat c:\documents and settings\Gebruiker\Local Settings\Application Data\Babylon\Setup\sqlite3.dll c:\documents and settings\Gebruiker\Local Settings\Application Data\PackageAware c:\program files\Ask.com c:\program files\Ask.com\Updater\config.xml c:\program files\Ask.com\Updater\Updater.exe c:\program files\DealPly c:\program files\DealPly\DealPly.crx c:\program files\DealPly\DealPlyIE.dll c:\program files\DealPly\DealPlyUpdate.exe c:\program files\DealPly\DealPlyUpdateRun.exe c:\program files\DealPly\icon.ico c:\program files\DealPly\uninst.exe C:\user.js . . (((((((((((((((((((( Bestanden Gemaakt van 2012-01-27 to 2012-02-27 )))))))))))))))))))))))))))))) . . 2012-02-23 01:13 . 2010-11-10 13:48 378000 ----a-w- c:\windows\system32\drivers\tdi_nf.sys 2012-02-23 01:13 . 2010-11-10 13:47 68176 ----a-w- c:\windows\system32\drivers\ale_nf64.sys 2012-02-23 01:13 . 2010-11-10 13:47 61472 ----a-w- c:\windows\system32\drivers\ale_nf.sys 2012-02-23 01:13 . 2010-06-21 13:54 48272 ----a-w- c:\windows\system32\drivers\nnetsec.sys 2012-02-23 01:13 . 2010-05-28 11:40 30584 ----a-w- c:\windows\system32\drivers\nnetsecl.sys 2012-02-23 01:13 . 2010-05-25 13:28 34192 ----a-w- c:\windows\system32\drivers\nnetsecl64.sys 2012-02-23 00:30 . 2010-11-11 12:01 24176 ----a-w- c:\windows\system32\drivers\nvcw32mf.sys 2012-02-23 00:30 . 2010-11-10 07:06 222352 ----a-w- c:\windows\system32\nscrnsav.scr 2012-02-23 00:30 . 2012-02-23 12:05 -------- d-----w- c:\program files\Norman 2012-02-22 22:24 . 2012-02-22 22:24 -------- d-----w- c:\documents and settings\NetworkService\Menu Start 2012-02-22 20:37 . 2012-02-22 20:37 -------- d-----w- c:\windows\system32\wbem\Repository 2012-02-15 19:54 . 2012-02-15 19:54 -------- d-----w- c:\program files\Denda Games 2012-02-14 23:14 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll 2012-02-14 23:14 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll 2012-02-02 21:15 . 2012-02-15 19:08 -------- d-----w- C:\temp 2012-01-31 20:09 . 2012-01-31 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PferdeHof 2012-01-31 20:09 . 2012-01-31 20:09 -------- d-----w- c:\program files\Mijn manege 2012-01-29 21:31 . 2012-01-29 21:31 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\WMTools Downloaded Files 2012-01-29 20:55 . 2012-01-29 20:55 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Nero 2012-01-29 17:57 . 2012-01-29 17:57 -------- d-----w- c:\program files\Common Files\xing shared 2012-01-29 17:57 . 2012-01-29 17:58 -------- d-----w- c:\program files\Real . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-29 17:57 . 2011-04-19 12:00 499712 ----a-w- c:\windows\system32\msvcp71.dll 2012-01-12 17:20 . 2008-04-15 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys 2012-01-11 12:05 . 2011-07-23 20:59 11139944 ----a-w- c:\windows\system32\libmfxsw32.dll 2011-12-17 19:42 . 2008-04-15 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2011-12-17 19:42 . 2008-04-15 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2011-12-17 19:42 . 2008-04-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-12-16 12:23 . 2008-04-15 12:00 385024 ------w- c:\windows\system32\html.iec 2011-12-10 14:24 . 2011-04-20 13:43 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-26 21:50 . 2011-07-26 21:50 639864 ----a-w- c:\program files\utorrent.exe 2011-06-09 10:03 . 2011-07-23 21:13 143240 ----a-w- c:\program files\Common Files\ApnStub.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136] "EADM"="c:\program files\Origin\Origin.exe" [2011-11-07 28846216] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2007-12-20 16860672] "Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-12-10 1412608] "CPU Power Monitor"="c:\program files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2008-01-09 627200] "Cpu Level Up help"="c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-11-30 881152] "ASUS Energy Saving"="c:\program files\ASUS\Ai Suite\EnergySaving\PwSave.exe" [2008-01-24 1352192] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016] "SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-08-03 111208] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Norman ZANDA"="c:\program files\Norman\Npm\Bin\ZLH.EXE" [2011-03-22 189824] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-01-03 35736] "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-01-29 296056] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-12 421736] "C-Media Mixer"="Mixer.exe" [2002-10-15 1818624] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Ulead Photo Express 3.0 SE Calendar Checker.lnk - c:\program files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe [2011-5-22 61440] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\TmNationsForever\\TmForever.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R1 NGS;Norman General Security Driver;c:\program files\Norman\Ngs\Bin\ngs.sys [23/02/2012 2:13 26744] R1 NPROSEC;Norman Security driver;c:\program files\Norman\Ngs\Bin\nprosec.sys [23/02/2012 2:13 74144] R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [24/02/2010 11:22 185472] R2 Ndiskio;Ndiskio;c:\program files\Norman\Nse\Bin\Ndiskio.sys [23/02/2012 1:30 22880] R2 NNFSVC;Norman Network Filtering service;c:\program files\Norman\Ngs\Bin\nnf.exe [23/02/2012 2:13 223000] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27/01/2010 3:09 50704] R2 NPROSECSVC;Norman Security service;c:\program files\Norman\Ngs\Bin\nprosec.exe [23/02/2012 2:13 90144] R2 nregsec;Norman Registry Security driver;c:\program files\Norman\Ngs\Bin\nregsec.sys [23/02/2012 2:13 40384] R2 NVOY;Norman Resource Provider;c:\program files\Norman\Npm\Bin\nvoy.exe [23/02/2012 1:30 100336] R3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\Nse\Bin\Nsesvc.exe [23/02/2012 1:55 288072] R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [23/02/2012 1:30 24176] R3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\nvc\bin\Nvcoas.exe [23/02/2012 1:30 198168] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [16/08/2011 14:23 119528] R3 Scheduler;Norman Scheduler Service;c:\program files\Norman\Npm\Bin\scheduler.exe [23/02/2012 2:10 99312] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 12:16 130384] S2 PCSUService;PC Speed Up Service;c:\program files\PC Speed Up\PCSUService.exe [21/11/2011 14:56 206336] S3 NVCScheduler;Norman Virus Control Scheduler;"c:\program files\Norman\Npm\bin\NVCSCHED.EXE" --> c:\program files\Norman\Npm\bin\NVCSCHED.EXE [?] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [15/04/2008 13:00 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 12:16 753504] . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - mchInjDrv . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM . Inhoud van de 'Gedeelde Taken' map . 2012-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-07-30 15:57] . 2012-02-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1085031214-1409082233-1417001333-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 15:02] . 2012-02-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1085031214-1409082233-1417001333-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 15:02] . . ------- Bijkomende Scan ------- . TCP: Interfaces\{391FC46A-7123-4291-B96B-4537281F1DC2}: NameServer = 195.238.2.22 195.238.2.21 . - - - - ORPHANS VERWIJDERD - - - - . AddRemove-DealPly - c:\program files\DealPly\uninst.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-02-27 20:32 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . Voltooingstijd: 2012-02-27 20:33:59 ComboFix-quarantined-files.txt 2012-02-27 19:33 ComboFix2.txt 2012-02-27 19:22 ComboFix3.txt 2012-02-27 14:16 . Pre-Run: 515.634.823.168 bytes beschikbaar Post-Run: 515.619.475.456 bytes beschikbaar . - - End Of File - - 6B600C33B3F0DC5F71C4C98B6DFF0AEC