ComboFix 11-06-17.04 - R 18-06-2011 11:40:49.4.4 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3326.2209 [GMT 2:00] Gestart vanuit: c:\users\R\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\R\Desktop\CFScript.txt SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((( Bestanden Gemaakt van 2011-05-18 to 2011-06-18 )))))))))))))))))))))))))))))) . . 2011-06-18 09:45 . 2011-06-18 09:45 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-06-18 08:48 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D7160D65-62DA-4EA3-9512-61D7B45A9476}\mpengine.dll 2011-06-15 18:55 . 2011-06-18 09:45 -------- d-----w- c:\users\R\AppData\Local\temp 2011-06-15 18:40 . 2011-06-18 09:39 -------- d-----w- C:\32788R22FWJFW 2011-06-07 19:45 . 2011-06-07 19:45 388096 ----a-r- c:\users\R\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-06-07 19:45 . 2011-06-07 19:45 -------- d-----w- c:\program files\Trend Micro 2011-05-27 19:48 . 2011-05-27 19:48 -------- d-----w- c:\users\R\AppData\Roaming\Malwarebytes 2011-05-27 19:48 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-27 19:48 . 2011-05-27 19:48 -------- d-----w- c:\programdata\Malwarebytes 2011-05-27 19:48 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-27 19:48 . 2011-06-05 10:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-05-27 19:04 . 2011-05-27 19:04 -------- d-sh--w- c:\windows\system32\%APPDATA% . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-24 17:14 . 2010-04-09 23:25 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-04-10 08:43 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\system32\dns-sd.exe 2009-04-11 06:28 593920 --sha-w- c:\windows\System32\config\systemprofile\vloadp94.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "DownloadAccelerator"="d:\program files\DAP\DAP.EXE" [2010-03-28 2811392] "BitComet"="d:\program files\BitLord\BitLord.exe" [2005-05-07 2224128] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2008-05-26 1423360] "QFan Help"="c:\program files\ASUS\Ai Suite\QFan3\QFanHelp.exe" [2008-05-06 594432] "Cpu Level Up help"="c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-11-30 881152] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe" [2010-10-05 232912] . c:\users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - d:\program files\LimeWire\LimeWire.exe [2010-7-8 503808] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux3"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders credssp.dll, mkhfqoaf.dll . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 eypquokn;Wacom Serial Pen HID Support;c:\windows\System32\svchost.exe [2008-01-21 21504] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2008-06-10 150568] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-03 691696] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs eypquokn . Inhoud van de 'Gedeelde Taken' map . 2011-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2024710546-1593516116-1520722536-1000Core.job - c:\users\R\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-10 18:24] . 2011-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2024710546-1593516116-1520722536-1000UA.job - c:\users\R\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-10 18:24] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ mStart Page = hxxp://home.sweetim.com uInternet Settings,ProxyOverride = *.local IE: &Clean Traces - d:\program files\DAP\Privacy Package\dapcleanerie.htm IE: &Download with &DAP - d:\program files\DAP\dapextie.htm IE: &Verzenden naar OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: Download &all with DAP - d:\program files\DAP\dapextie2.htm IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 62.179.104.196 213.46.228.196 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-18 11:45 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . . c:\users\R\AppData\Local\Temp\catchme.dll 53248 bytes executable . Scan succesvol afgerond verborgen bestanden: 1 . ************************************************************************** . Voltooingstijd: 2011-06-18 11:47:48 ComboFix-quarantined-files.txt 2011-06-18 09:47 ComboFix2.txt 2011-06-15 18:55 ComboFix3.txt 2011-06-14 19:27 ComboFix4.txt 2011-06-13 15:54 . Pre-Run: 29.604.581.376 bytes beschikbaar Post-Run: 29.635.477.504 bytes beschikbaar . - - End Of File - - F4A7650D4C83F71A4C030A1082AE54AC