ComboFix 09-05-02.4 - Bjorn 03/05/2009 15:11.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.32.1043.18.3071.1704 [GMT 2:00] Gestart vanuit: c:\users\Bjorn\Downloads\ComboFix.exe AV: G DATA AntiVirus 2008 *On-access scanning disabled* (Updated) FW: G DATA Persoonlijke Firewall *disabled* . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Bjorn\AppData\Roaming\.# . (((((((((((((((((((( Bestanden Gemaakt van 2009-04-03 to 2009-05-03 )))))))))))))))))))))))))))))) . 2009-04-29 21:07 . 2009-04-29 21:07 -------- d-----w c:\users\Bjorn\AppData\Roaming\Malwarebytes 2009-04-29 21:07 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-29 21:07 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-29 21:07 . 2009-04-29 21:07 -------- d-----w c:\programdata\Malwarebytes 2009-04-29 21:07 . 2009-04-29 21:07 -------- d-----w c:\users\All Users\Malwarebytes 2009-04-29 21:07 . 2009-04-29 21:07 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-04-29 21:00 . 2009-04-29 21:00 -------- d-----w c:\program files\Trend Micro 2009-04-27 08:48 . 2009-04-27 08:48 -------- d-----w c:\programdata\Office Genuine Advantage 2009-04-27 08:48 . 2009-04-27 08:48 -------- d-----w c:\users\All Users\Office Genuine Advantage 2009-04-26 08:31 . 2009-04-26 08:31 -------- d-----w c:\program files\Common Files\Windows Live 2009-04-26 08:12 . 2008-06-20 01:14 97800 ----a-w c:\windows\system32\infocardapi.dll 2009-04-26 08:12 . 2008-06-20 01:14 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2009-04-26 08:12 . 2008-06-20 01:14 622080 ----a-w c:\windows\system32\icardagt.exe 2009-04-26 08:12 . 2008-06-20 01:14 11264 ----a-w c:\windows\system32\icardres.dll 2009-04-26 08:12 . 2008-06-20 01:14 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll 2009-04-26 08:12 . 2008-06-20 01:14 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll 2009-04-26 08:12 . 2008-06-20 01:14 326160 ----a-w c:\windows\system32\PresentationHost.exe 2009-04-26 08:07 . 2008-07-27 18:03 96760 ----a-w c:\windows\system32\dfshim.dll 2009-04-26 08:07 . 2008-07-27 18:03 282112 ----a-w c:\windows\system32\mscoree.dll 2009-04-26 08:07 . 2008-07-27 18:03 41984 ----a-w c:\windows\system32\netfxperf.dll 2009-04-26 08:07 . 2008-07-27 18:03 158720 ----a-w c:\windows\system32\mscorier.dll 2009-04-26 08:07 . 2008-07-27 18:03 83968 ----a-w c:\windows\system32\mscories.dll 2009-04-16 22:56 . 2009-04-16 22:56 -------- d-----w c:\program files\Common Files\SWF Studio 2009-04-05 13:11 . 2009-04-05 13:11 -------- d-----w c:\program files\ExtraFilm Designer . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-03 12:54 . 2008-07-04 20:29 667114 ----a-w c:\windows\system32\perfh013.dat 2009-05-03 12:54 . 2008-07-04 20:29 126648 ----a-w c:\windows\system32\perfc013.dat 2009-05-03 12:47 . 2009-04-26 08:33 222 ----a-w c:\windows\Tasks\OGALogon.job 2009-05-03 12:46 . 2009-04-29 18:23 370 ----a-w c:\windows\Tasks\AWC Startup.job 2009-05-03 12:46 . 2006-11-02 13:01 6 ---ha-w c:\windows\Tasks\SA.DAT 2009-04-29 19:17 . 2008-09-20 11:41 94808 ----a-w c:\users\Bjorn\AppData\Local\GDIPFONTCACHEV1.DAT 2009-04-27 08:47 . 2009-04-26 08:33 222 ----a-w c:\windows\Tasks\OGADaily.job 2009-04-19 22:39 . 2008-07-04 10:58 -------- d-----w c:\program files\HP Games 2009-04-17 10:50 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail 2009-04-07 19:29 . 2009-03-19 20:39 -------- d-----w c:\program files\Common Files\DVDVideoSoft 2009-03-19 20:39 . 2009-03-19 20:39 -------- d-----w c:\program files\DVDVideoSoft 2009-03-17 03:38 . 2009-04-16 22:08 40960 ----a-w c:\windows\AppPatch\apihex86.dll 2009-03-17 03:38 . 2009-04-16 22:08 13824 ----a-w c:\windows\system32\apilogen.dll 2009-03-17 03:38 . 2009-04-16 22:08 24064 ----a-w c:\windows\system32\amxread.dll 2009-03-03 04:46 . 2009-04-16 22:08 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-03-03 04:46 . 2009-04-16 22:08 3547632 ----a-w c:\windows\system32\ntoskrnl.exe 2009-03-03 04:40 . 2009-04-16 22:08 827392 ----a-w c:\windows\system32\wininet.dll 2009-03-03 04:39 . 2009-04-16 22:08 183296 ----a-w c:\windows\system32\sdohlp.dll 2009-03-03 04:39 . 2009-04-16 22:08 551424 ----a-w c:\windows\system32\rpcss.dll 2009-03-03 04:39 . 2009-04-16 22:08 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll 2009-03-03 04:37 . 2009-04-16 22:08 78336 ----a-w c:\windows\system32\ieencode.dll 2009-03-03 04:37 . 2009-04-16 22:08 98304 ----a-w c:\windows\system32\iasrecst.dll 2009-03-03 04:37 . 2009-04-16 22:08 54784 ----a-w c:\windows\system32\iasads.dll 2009-03-03 04:37 . 2009-04-16 22:08 44032 ----a-w c:\windows\system32\iasdatastore.dll 2009-03-03 03:04 . 2009-04-16 22:08 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe 2009-03-03 02:38 . 2009-04-16 22:08 17408 ----a-w c:\windows\system32\iashost.exe 2009-03-03 02:28 . 2009-04-16 22:08 26624 ----a-w c:\windows\system32\ieUnatt.exe 2009-03-01 12:49 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat 2009-03-01 12:49 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat 2009-03-01 12:49 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat 2009-02-13 08:49 . 2009-04-16 22:08 72704 ----a-w c:\windows\system32\secur32.dll 2009-02-13 08:49 . 2009-04-16 22:08 1255936 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 03:10 . 2009-03-12 18:19 2033152 ----a-w c:\windows\system32\win32k.sys 2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536] "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-17 13535776] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-17 92704] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-04-07 132760] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "GDFirewallTray"="c:\program files\G DATA TotalCare\Firewall\GDFirewallTray.exe" [2007-10-25 1189552] "AVKTray"="c:\program files\G DATA TotalCare\AVKTray\AVKTray.exe" [2007-12-04 607816] "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-10-18 155648] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-28 98304] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-07-03 6266880] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ G DATA Firewall Tray.lnk - c:\program files\G DATA TotalCare\Firewall\GDFirewallTray.exe [2008-9-20 1189552] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{9CE20B6C-CE56-4622-A84F-5D141DB94B03}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{68B45825-60AC-4E88-8BC9-F273FDAA1B37}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{B5B193D1-B14E-438C-B354-EFD96287CE4B}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{7F85EB03-C64F-4805-B927-4212ED59347D}"= UDP:c:\program files\Phototools\Phototools Creator\Phototools Creator.exe:c:\program files\Phototools\Phototools Creator\Phototools Creator "{F0882557-9DC0-4F14-9A96-1976FD92CDB4}"= TCP:c:\program files\Phototools\Phototools Creator\Phototools Creator.exe:c:\program files\Phototools\Phototools Creator\Phototools Creator [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R3 G DATA Tuner Service;G DATA Tuner Service;c:\program files\G DATA TotalCare\AVKTuner\AVKTunerService.exe [2007-12-19 792136] S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\DRIVERS\gdwfpcd32.sys [2008-04-14 39880] S2 AVKProxy;G DATA AntiVirus Proxy;c:\program files\Common Files\G DATA\AVKProxy\AVKProxy.exe [2007-12-04 722504] S2 AVKService;G DATA Scheduler;c:\program files\G DATA TotalCare\AVK\AVKService.exe [2007-12-04 427592] S2 AVKWCtl;AntiVirus-bewaker;c:\program files\G DATA TotalCare\AVK\AVKWCtl.exe [2007-12-11 1095240] S2 EFUploadSrv;ExtraFilm upload service;c:\program files\ExtraFilm Designer\EFUploadSrv.exe [2008-11-27 1712128] S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504] S2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [2008-09-20 41928] S3 GDFwSvc;G DATA Persoonlijke Firewall;c:\program files\G DATA TotalCare\Firewall\GDFwSvc.exe [2007-12-12 1496648] S3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2008-09-20 46024] S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2008-09-20 42952] S3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2008-09-20 32200] S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-08-15 552448] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . Inhoud van de 'Gedeelde Taken' map 2009-05-03 c:\windows\Tasks\AWC Startup.job - c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-04-29 14:12] 2009-04-27 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 15:04] 2009-05-03 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 15:04] . - - - - ORPHANS VERWIJDERD - - - - HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=83&bd=Pavilion&pf=cndt . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-03 15:14 Windows 6.0.6001 Service Pack 1 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... c:\windows\TEMP\TMP000000627187901E075A6E71 524288 bytes c:\windows\TEMP\TMP0000006342818B14C4C7C887 524288 bytes c:\windows\TEMP\TMP00000065D1151253463495A6 524288 bytes Scan succesvol afgerond verborgen bestanden: 3 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'Explorer.exe'(5424) c:\program files\G DATA TotalCare\Shredder\Reisswlf.dll . Voltooingstijd: 2009-05-03 15:16 ComboFix-quarantined-files.txt 2009-05-03 13:16 Pre-Run: 386.494.058.496 bytes beschikbaar Post-Run: 386.467.397.632 bytes beschikbaar 166 --- E O F --- 2009-05-03 10:10