ComboFix 11-05-19.02 - Mathias 21/05/2011 14:10:31.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3066.1982 [GMT 2:00] Gestart vanuit: c:\users\Mathias\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308} SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\users\Mathias\AppData\Roaming\inst.exe c:\windows\ST6UNST.000 . . (((((((((((((((((((( Bestanden Gemaakt van 2011-04-21 to 2011-05-21 )))))))))))))))))))))))))))))) . . 2011-05-21 12:18 . 2011-05-21 12:18 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-05-21 12:18 . 2011-05-21 12:18 -------- d-----w- c:\users\Ann\AppData\Local\temp 2011-05-20 16:44 . 2011-05-20 16:44 0 ---ha-w- c:\users\Mathias\AppData\Local\BIT4F96.tmp 2011-05-14 14:22 . 2011-05-14 14:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-11 14:06 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-05-07 12:06 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2011-05-07 12:06 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2011-05-07 12:04 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll 2011-04-24 15:16 . 2011-02-22 13:24 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-14 14:27 . 2009-08-18 10:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll 2011-05-14 14:27 . 2009-08-18 10:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-04-09 16:55 . 2011-04-09 16:55 15453336 ----a-w- c:\windows\system32\xlive.dll 2011-04-09 16:55 . 2011-04-09 16:55 13642904 ----a-w- c:\windows\system32\xlivefnt.dll 2011-03-03 15:40 . 2011-05-07 12:06 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll 2011-03-03 15:40 . 2011-05-07 12:06 542720 ----a-w- c:\windows\apppatch\AcLayers.dll 2011-03-03 15:40 . 2011-05-07 12:06 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2011-03-03 15:40 . 2011-05-07 12:06 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll 2011-02-22 14:13 . 2011-03-27 12:24 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-02-22 13:33 . 2011-03-27 12:24 1068544 ----a-w- c:\windows\system32\DWrite.dll 2011-02-22 13:33 . 2011-03-27 12:24 797696 ----a-w- c:\windows\system32\FntCache.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-27 68856] "Steam"="c:\program files\Steam\Steam.exe" [2010-11-20 1242448] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1328424] "RtHDVCpl"="RtHDVCpl.exe" [2008-07-25 6265376] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824] "avast5"="c:\program files\Avast\Avast\avastUI.exe" [2011-01-13 3396624] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-05-07 30192] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-9-27 813584] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TotalMedia BackUp & Recorder Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia BackUp & Recorder Monitor.lnk backup=c:\windows\pss\TotalMedia BackUp & Recorder Monitor.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer] c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-01-11 21:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2011-05-07 18:54 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyApp] 2008-08-22 08:32 192512 ----a-w- c:\program files\Launch Manager\HotkeyApp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD] 2008-05-16 09:14 430080 ----a-w- c:\program files\Launch Manager\OSD.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel] 2008-07-25 01:16 1833504 ----a-w- c:\windows\SkyTel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-10-27 22:33 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher] 2007-02-20 16:20 28672 ----a-w- c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate1c95c5a345a6080;Google Update Service (gupdate1c95c5a345a6080);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 133104] R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-05-07 30192] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 133104] R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256] R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016] R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744] R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216] R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512] R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632] R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752] R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2008-01-15 118784] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-26 691696] S1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [2008-06-27 96512] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280] S2 lxbl_device;lxbl_device;c:\windows\system32\lxblcoms.exe [2007-04-20 537520] S3 NETw5v32;Stuurprogramma voor Intel(R) Wireless WiFi Link Adapter onder Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map . 2011-05-21 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-03 10:19] . 2011-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2008-12-12 12:44] . 2011-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2008-12-12 12:44] . 2011-05-21 c:\windows\Tasks\User_Feed_Synchronization-{63222B32-036F-42AC-ADC1-EB9008B94A67}.job - c:\windows\system32\msfeedssync.exe [2011-04-24 04:43] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{7C5C0F58-E061-457D-9033-77307F5ED00C} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) MSConfigStartUp-CarboniteSetupLite - c:\program files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe MSConfigStartUp-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe MSConfigStartUp-CTZDetec - c:\program files\Creative\Creative Media Lite\CTZDetec.exe MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe MSConfigStartUp-EEventManager - c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe MSConfigStartUp-EPSON SX110 Series - c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE MSConfigStartUp-LaunchAp - c:\program files\Launch Manager\LaunchAp.exe MSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe MSConfigStartUp-NokiaMusic FastStart - c:\program files\Nokia\Nokia Music\NokiaMusic.exe MSConfigStartUp-PC Suite Tray - c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe MSConfigStartUp-RGSC - c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe MSConfigStartUp-StartCCC - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSConfigStartUp-Steam - c:\program files\games\steam\steam.exe MSConfigStartUp-Uniblue RegistryBooster 2009 - c:\program files\registrybooster\StartRegistryBooster.exe MSConfigStartUp-WisVoClt - c:\program files\Launch Manager\WisVoClt.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-05-21 14:18 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-2284424520-350645293-3932796729-1000\Software\SecuROM\License information*] "datasecu"=hex:f6,34,f8,ec,7e,f0,e5,e7,56,d6,92,60,87,30,2c,3d,68,75,4e,aa,31, 3c,fe,60,e3,92,0b,76,0a,10,75,bb,4f,f7,97,04,f8,b2,fe,01,07,ec,e7,b7,b4,3b,\ "rkeysecu"=hex:55,b2,4b,e5,97,ed,d7,c7,9b,25,aa,20,60,a7,ea,48 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Voltooingstijd: 2011-05-21 14:20:58 ComboFix-quarantined-files.txt 2011-05-21 12:20 . Pre-Run: 131.243.241.472 bytes beschikbaar Post-Run: 131.248.906.240 bytes beschikbaar . Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11 - - End Of File - - 654E3AB713A7ED034287D85179366621