ComboFix 12-04-12.01 - packard bell 15/04/2012 15:21:09.3.4 - x86 Gestart vanuit: c:\users\packard bell\Desktop\ComboFix.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2012-03-15 to 2012-04-15 )))))))))))))))))))))))))))))) . . 2012-04-15 13:29 . 2012-04-15 13:29 -------- d-----w- c:\users\packard bell\AppData\Local\temp 2012-04-15 13:29 . 2012-04-15 13:29 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-11 14:10 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-11 14:10 . 2012-04-11 14:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-11 13:54 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AF1CE27F-5F68-4B2F-BE07-020785C54860}\mpengine.dll 2012-04-10 14:25 . 2012-04-10 14:25 388096 ----a-r- c:\users\packard bell\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-04-10 14:25 . 2012-04-11 13:06 -------- d-----w- c:\program files\Trend Micro 2012-03-16 17:21 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-16 17:20 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-03-16 17:20 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll 2012-03-16 17:20 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll 2012-03-16 17:20 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll 2012-03-16 17:20 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe 2012-03-16 17:20 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll 2012-03-16 17:20 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-03-16 17:20 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2012-03-16 17:20 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll 2012-03-16 17:20 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2012-03-16 17:20 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll 2012-03-16 17:14 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2012-03-16 17:12 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll 2012-03-16 17:12 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-23 08:18 . 2009-10-04 15:00 237072 ----a-w- c:\windows\system32\MpSigStub.exe 2009-03-11 17:20 . 2009-03-11 17:20 208384 ----a-w- c:\program files\mozilla firefox\plugins\uc_rohan_launching.dll 2011-11-06 18:36 . 2011-03-24 17:58 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2010-07-25 08:41 . 2008-09-22 20:53 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920] "SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 1120568] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-12 39408] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-05-25 399736] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] "Steam"="c:\program files\Steam\steam.exe" [2011-08-11 1242448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-10-11 4702208] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-25 30192] "MSPService"="c:\program files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe" [2007-06-12 102400] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 366400] "toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-16 148888] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-31 981680] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296] "CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-31 460872] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2623797113-1856624273-4240771959-1002] "EnableNotificationsRef"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map . 2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 15:59] . 2012-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 15:59] . 2012-04-12 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 15:04] . 2012-04-15 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 15:04] . 2012-04-15 c:\windows\Tasks\Recovery DVD Creator.job - c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2008-01-25 16:34] . 2012-04-15 c:\windows\Tasks\Uitgebreide garantie.job - c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2008-01-25 16:38] . . ------- Bijkomende Scan ------- . uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\packard bell\AppData\Roaming\Mozilla\Firefox\Profiles\b4r7ml82.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= . - - - - ORPHANS VERWIJDERD - - - - . HKCU-Run-Nero MediaHome 4 - c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe HKLM-Run-Blubster - c:\program files\Blubster\Blubster.exe AddRemove-{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA} - c:\users\packard bell\AppData\Local\{DE097E60-7F86-4350-B083-1F09B6906C92}\setup_blazemp.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-04-15 15:29 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:00000000 . Voltooingstijd: 2012-04-15 15:33:10 ComboFix-quarantined-files.txt 2012-04-15 13:32 . Pre-Run: 208.770.785.280 bytes beschikbaar Post-Run: 208.732.999.680 bytes beschikbaar . - - End Of File - - C0F6001B77563E25C867C7D4F982FED2