ComboFix 09-10-30.01 - Linda 01/11/2009 21:52.1.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.2814.1685 [GMT 1:00] Gestart vanuit: c:\users\Linda\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500 c:\$recycle.bin\S-1-5-21-2301109366-1617529019-1371763514-500 . (((((((((((((((((((( Bestanden Gemaakt van 2009-10-01 to 2009-11-01 )))))))))))))))))))))))))))))) . 2009-11-01 21:01 . 2009-11-01 21:02 -------- d-----w- c:\users\Linda\AppData\Local\temp 2009-11-01 21:01 . 2009-11-01 21:01 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-11-01 20:52 . 2009-04-11 06:32 19944 ----a-w- c:\windows\system32\drivers\atapi.sys 2009-10-31 16:09 . 2009-10-31 16:09 -------- d-----w- c:\program files\Lavalys 2009-10-31 16:01 . 2009-10-31 16:01 -------- d-----w- c:\program files\uTorrent 2009-10-31 16:00 . 2009-10-31 16:07 -------- d-----w- c:\users\Linda\AppData\Roaming\uTorrent 2009-10-31 15:42 . 2009-10-31 15:42 -------- d-----w- c:\program files\Trend Micro 2009-10-28 03:12 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe 2009-10-28 03:12 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-10-27 07:15 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll 2009-10-27 07:15 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe 2009-10-27 07:15 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-10-27 07:15 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll 2009-10-27 07:15 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll 2009-10-27 07:15 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-10-27 07:15 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll 2009-10-27 07:15 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll 2009-10-27 07:15 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe 2009-10-20 18:54 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll 2009-10-20 18:54 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-10-20 18:54 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-10-20 18:52 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll 2009-10-20 18:52 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2009-10-20 18:52 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2009-10-14 01:10 . 2009-10-14 01:10 -------- d-----w- c:\users\Linda\Office Genuine Advantage 2009-10-11 14:44 . 2009-11-01 19:10 -------- d-----w- c:\users\Linda\Tracing 2009-10-03 12:50 . 2009-10-01 09:29 195440 ------w- c:\windows\system32\MpSigStub.exe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-01 20:50 . 2007-01-04 09:35 679966 ----a-w- c:\windows\system32\perfh013.dat 2009-11-01 20:50 . 2007-01-04 09:35 132520 ----a-w- c:\windows\system32\perfc013.dat 2009-11-01 16:34 . 2008-06-04 18:26 27335 ----a-w- c:\users\Linda\AppData\Roaming\nvModes.dat 2009-10-31 15:38 . 2008-06-07 18:28 -------- d-----w- c:\program files\Java 2009-10-20 19:24 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-10-20 19:18 . 2008-06-07 12:58 -------- d-----w- c:\programdata\Microsoft Help 2009-10-09 12:11 . 2008-06-12 12:11 -------- d-----w- c:\users\Linda\AppData\Roaming\LimeWire 2009-09-28 16:30 . 2009-09-28 16:30 -------- d-----w- c:\programdata\Electronic Arts 2009-09-28 16:29 . 2009-05-23 18:09 -------- d-----w- c:\program files\Electronic Arts 2009-09-26 11:40 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar 2009-09-26 11:40 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar 2009-09-26 11:40 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration 2009-09-26 11:40 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal 2009-09-26 11:40 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery 2009-09-26 11:40 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender 2009-09-26 11:38 . 2007-01-04 02:15 -------- d-----w- c:\programdata\NVIDIA 2009-09-26 11:37 . 2009-09-26 11:37 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2009-09-20 11:13 . 2007-01-04 02:24 -------- d-----w- c:\programdata\Sonic 2009-09-14 21:31 . 2009-09-14 21:31 -------- d-----w- c:\program files\Microsoft Office Outlook Connector 2009-09-14 21:30 . 2008-06-06 13:53 -------- d-----w- c:\program files\Windows Live 2009-09-14 21:19 . 2009-04-24 22:13 -------- d-----w- c:\program files\Messenger Plus! Live 2009-09-09 17:12 . 2008-07-30 18:32 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-03 12:15 . 2009-09-03 12:14 -------- d-----w- c:\program files\Mobistar Internet Everywhere 2009-08-29 00:27 . 2009-09-03 12:21 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-29 00:14 . 2009-09-03 12:21 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-08-27 05:22 . 2009-10-20 18:53 916480 ----a-w- c:\windows\system32\wininet.dll 2009-08-27 05:17 . 2009-10-20 18:53 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-08-27 05:17 . 2009-10-20 18:53 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-08-27 03:42 . 2009-10-20 18:53 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL 2009-08-14 16:27 . 2009-09-09 04:16 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys 2009-08-14 15:53 . 2009-09-09 04:16 17920 ----a-w- c:\windows\system32\netevent.dll 2009-08-14 13:49 . 2009-09-09 04:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2009-08-14 13:49 . 2009-09-09 04:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2009-08-14 13:49 . 2009-09-09 04:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2009-08-14 13:49 . 2009-09-09 04:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2009-08-14 13:49 . 2009-09-09 04:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2009-08-14 13:49 . 2009-09-09 04:16 19968 ----a-w- c:\windows\system32\ARP.EXE 2009-08-14 13:49 . 2009-09-09 04:16 10240 ----a-w- c:\windows\system32\finger.exe 2009-08-14 13:48 . 2009-09-09 04:16 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2009-08-14 13:48 . 2009-09-09 04:16 105984 ----a-w- c:\windows\system32\netiohlp.dll 2009-08-05 20:48 . 2009-09-14 21:30 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys 2007-01-04 02:25 . 2007-01-04 02:25 141824 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll 2007-01-04 10:31 . 2007-01-04 09:42 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 1120568] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-06 68856] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] "EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-09 845360] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184] "toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672] "PowerManager"="c:\program files\Power Manager\PM.exe" [2007-05-16 29696] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-08-16 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-16 8478720] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-16 81920] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):b5,fe,77,1b,9f,3e,ca,01 R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [19/07/2008 20:59 96520] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [19/07/2008 20:59 231192] R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187B.sys [4/01/2007 10:29 288256] R3 vm331avs;Bison Webcam;c:\windows\System32\drivers\vm331avs.sys [4/01/2007 3:09 943016] S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [14/09/2009 22:30 54632] S3 fsssvc;De service Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [5/08/2009 21:48 704864] S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\System32\drivers\ewusbfake.sys [3/09/2009 13:15 103040] --- Andere Services/Drivers In Geheugen --- *NewlyCreated* - MBR *Deregistered* - mbr [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Inhoud van de 'Gedeelde Taken' map 2009-11-01 c:\windows\Tasks\AWC Startup.job - c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2008-12-03 15:11] 2009-11-01 c:\windows\Tasks\Recovery DVD Creator.job - c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2007-01-04 16:34] 2009-11-01 c:\windows\Tasks\Uitgebreide garantie.job - c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2007-01-04 16:38] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game07.zylom.com/activex/zylomgamesplayer.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-01 22:02 Windows 6.0.6002 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(788) c:\windows\System32\avgrsstx.dll - - - - - - - > 'lsass.exe'(656) c:\windows\System32\avgrsstx.dll . Voltooingstijd: 2009-11-01 22:04 ComboFix-quarantined-files.txt 2009-11-01 21:04 Pre-Run: 89.823.285.248 bytes beschikbaar Post-Run: 89.798.516.736 bytes beschikbaar - - End Of File - - ADDCFDEBFE38E9916054225975D2BA99