ComboFix 09-05-23.01 - ief 24/05/2009 9:16.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.502.234 [GMT 2:00] Gestart vanuit: c:\documents and settings\ief\Bureaublad\ComboFix.exe FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\ief\Application Data\.# c:\windows\f23567.dat c:\windows\system32\SYSDLL.exe . (((((((((((((((((((( Bestanden Gemaakt van 2009-04-24 to 2009-05-24 )))))))))))))))))))))))))))))) . 2009-05-26 12:24 . 2009-05-26 12:24 -------- d-----w c:\documents and settings\ief\Local Settings\Application Data\IsolatedStorage 2009-05-26 03:05 . 2009-05-26 03:05 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2009-05-25 15:45 . 2009-05-25 15:45 56 ---ha-w c:\windows\system32\ezsidmv.dat 2009-05-25 15:45 . 2009-05-23 15:59 -------- d-----w c:\documents and settings\joxan\Application Data\skypePM 2009-05-25 15:44 . 2009-05-23 18:00 -------- d-----w c:\documents and settings\joxan\Application Data\Skype 2009-05-25 15:43 . 2009-05-25 15:43 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Google 2009-05-25 15:43 . 2009-05-25 15:43 -------- d-----w c:\program files\Common Files\Skype 2009-05-25 15:43 . 2009-05-25 15:43 -------- d-----r c:\program files\Skype 2009-05-24 07:54 . 2009-05-24 07:54 -------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU 2009-05-24 07:53 . 2009-05-27 09:40 -------- d-----w c:\program files\Common Files\AVSMedia 2009-05-24 07:53 . 2003-05-21 10:50 24576 ----a-w c:\windows\system32\msxml3a.dll 2009-05-24 07:53 . 2002-01-05 12:40 487424 ----a-w c:\windows\system32\msvcp70.dll 2009-05-24 05:38 . 2009-05-24 05:38 -------- d-----w c:\documents and settings\ief\Application Data\Malwarebytes 2009-05-24 05:38 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-24 05:38 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-24 05:38 . 2009-05-24 05:38 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-05-24 05:38 . 2009-05-24 05:38 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-05-24 05:25 . 2009-05-24 05:25 -------- d-----w c:\program files\Trend Micro 2009-05-23 19:14 . 2008-08-20 17:58 9200 ------w c:\windows\system32\drivers\cdralw2k.sys 2009-05-23 19:14 . 2008-08-20 17:58 9072 ------w c:\windows\system32\drivers\cdr4_xp.sys 2009-05-23 19:14 . 2008-08-20 17:58 129520 ------w c:\windows\system32\pxafs.dll 2009-05-23 19:14 . 2009-05-27 09:45 -------- d-----w c:\program files\Winamp 2009-05-23 17:09 . 2009-05-23 17:09 390664 ----a-w c:\documents and settings\ief\Application Data\Real\RealPlayer\Update\RealPlayer11.exe 2009-05-23 16:49 . 2009-05-23 16:49 -------- d-----w c:\documents and settings\joxan\Application Data\Uniblue 2009-05-23 16:49 . 2009-05-08 10:33 2568230 -c--a-w c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\Uniblue RegistryBooster.exe 2009-05-23 16:49 . 2009-05-23 16:49 -------- d-----w c:\program files\Uniblue 2009-05-23 16:49 . 2008-08-26 16:48 99624 -c--a-w c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\7390E4F0\6383BC9B\StartRegistryBooster.exe 2009-05-23 16:49 . 2008-08-26 16:48 757760 -c--a-w c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\2B86F085\6383BC9B\UBVarRB.dll 2009-05-23 16:49 . 2008-08-26 16:48 6676480 -c--a-w c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\4E45A1A4\6383BC9B\RegistryBooster.dll 2009-05-23 16:49 . 2008-08-26 16:48 497496 -c--a-w c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\AF01B0B\6383BC9B\XceedZip.dll 2009-05-23 16:49 . 2008-08-26 16:48 413696 -c--a-w c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\52CD59C9\6383BC9B\update.dll 2009-05-23 16:49 . 2008-08-26 16:48 2019624 -c--a-w c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\7CE1607E\6383BC9B\RegistryBooster.exe 2009-05-23 16:49 . 2008-08-26 16:48 111912 -c--a-w c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\65B92A91\6383BC9B\KillRBProcess.exe 2009-05-23 16:49 . 2009-05-23 16:49 -------- dc-h--w c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1} 2009-05-22 20:52 . 2009-05-22 20:52 -------- d-----w c:\program files\ESET 2009-05-22 20:30 . 2009-05-22 20:30 1912 ---h--w c:\windows\f5087.dat 2009-05-22 20:21 . 2009-05-24 07:11 -------- d-----w c:\windows\system32\121973 2009-05-22 20:21 . 2009-05-22 20:21 2 ---h--w c:\windows\sonce123148.dat 2009-05-22 20:21 . 2009-05-22 20:21 2 ---h--w c:\windows\sonce122739.dat 2009-05-22 20:21 . 2009-05-22 20:21 2 ---h--w c:\windows\sonce122712.dat 2009-05-18 21:02 . 2009-05-19 09:35 -------- d-----w c:\program files\AskBarDis 2009-05-16 13:35 . 2006-10-10 12:11 827392 ----a-w c:\windows\vsnp325.exe 2009-05-16 13:35 . 2007-04-03 11:55 10251904 ----a-w c:\windows\system32\drivers\snp325.sys 2009-05-16 13:35 . 2006-10-10 13:49 270336 ----a-w c:\windows\tsnp325.exe 2009-05-16 13:35 . 2007-03-14 09:21 61440 ----a-w c:\windows\system32\vsnpx32.dll 2009-05-16 13:35 . 2006-04-12 10:11 147456 ----a-w c:\windows\system32\rsnp325.dll 2009-05-16 13:35 . 2009-05-16 13:35 -------- d-----w c:\program files\Common Files\snp325 2009-05-16 13:34 . 2009-05-16 13:34 -------- d-----w c:\documents and settings\joxan\Application Data\InstallShield 2009-05-16 13:29 . 2007-02-12 12:50 20480 ----a-w c:\windows\FixCamera.exe 2009-05-16 13:29 . 2006-04-18 14:53 135168 ----a-w c:\windows\amcap.exe 2009-05-16 13:29 . 2007-03-14 09:21 61440 ----a-w c:\windows\system32\vsnp325.dll 2009-05-16 13:29 . 2005-11-23 11:55 53248 ----a-w c:\windows\system32\csnp325.dll 2009-05-16 10:24 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe 2009-05-16 10:24 . 2009-03-06 14:23 285696 -c----w c:\windows\system32\dllcache\pdh.dll 2009-05-16 10:24 . 2009-02-09 11:27 111104 -c----w c:\windows\system32\dllcache\services.exe 2009-05-16 10:24 . 2009-02-09 10:56 684544 -c----w c:\windows\system32\dllcache\advapi32.dll 2009-05-16 10:24 . 2009-02-09 10:56 401408 -c----w c:\windows\system32\dllcache\rpcss.dll 2009-05-16 10:24 . 2009-02-09 10:56 473600 -c----w c:\windows\system32\dllcache\fastprox.dll 2009-05-16 10:24 . 2009-02-06 10:39 35328 -c----w c:\windows\system32\dllcache\sc.exe 2009-05-16 10:24 . 2009-02-09 10:56 734208 -c----w c:\windows\system32\dllcache\lsasrv.dll 2009-05-16 10:24 . 2009-02-09 10:56 735744 -c----w c:\windows\system32\dllcache\ntdll.dll 2009-05-16 10:24 . 2009-02-09 10:56 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll 2009-05-16 10:23 . 2008-04-21 21:16 218624 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-05-06 18:37 . 2009-05-16 20:03 -------- d-----w c:\documents and settings\ief\Application Data\Skype . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-27 09:47 . 2009-03-14 14:47 -------- d-----w c:\documents and settings\All Users\Application Data\WinZip 2009-05-25 15:44 . 2006-12-05 22:10 -------- d-----w c:\program files\Google 2009-05-25 15:43 . 2007-05-12 10:50 -------- d-----w c:\documents and settings\All Users\Application Data\Skype 2009-05-22 20:03 . 2008-03-18 12:50 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-05-18 21:02 . 2008-06-20 10:51 -------- d-----w c:\program files\Common Files\DVDVideoSoft 2009-05-16 13:35 . 2006-03-24 08:35 -------- d--h--w c:\program files\InstallShield Installation Information 2009-05-12 18:27 . 2006-03-24 06:07 92064 ----a-w c:\windows\system32\perfc013.dat 2009-05-12 18:27 . 2006-03-24 06:07 512418 ----a-w c:\windows\system32\perfh013.dat 2009-05-09 08:43 . 2007-09-08 13:27 -------- d-----w c:\documents and settings\ief\Application Data\Image Zone Express 2009-05-06 21:06 . 2008-12-25 17:14 -------- d-----w c:\documents and settings\ief\Application Data\gtk-2.0 2009-03-29 13:35 . 2006-12-20 17:17 -------- d-----w c:\documents and settings\joxan\Application Data\Apple Computer 2009-03-29 13:34 . 2007-04-28 09:04 68480 ----a-w c:\documents and settings\joxan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-28 09:23 . 2009-03-28 09:10 -------- d-----w c:\documents and settings\ief\Application Data\vlc 2009-03-28 09:09 . 2009-03-28 09:09 -------- d-----w c:\program files\VideoLAN 2009-03-15 19:10 . 2006-09-13 20:59 68480 ----a-w c:\documents and settings\ief\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-12 20:18 . 2009-03-12 20:18 75048 ----a-w c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.0.52\SetupAdmin.exe 2009-03-10 12:56 . 2009-03-10 12:56 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-10 12:55 . 2009-03-10 12:55 152576 ----a-w c:\documents and settings\ief\Application Data\Sun\Java\jre1.6.0_11\lzma.dll 2009-03-06 14:23 . 2006-03-24 06:07 285696 ----a-w c:\windows\system32\pdh.dll 2009-03-03 00:16 . 2006-03-24 06:07 826368 ----a-w c:\windows\system32\wininet.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-10 136600] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-24 185896] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312] "FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480] "tsnp325"="c:\windows\tsnp325.exe" [2006-10-10 270336] "snp325"="c:\windows\vsnp325.exe" [2006-10-10 827392] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2005-12-29 61952] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [24/03/2006 12:24 7040] S0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [6/01/2007 11:47 6097] S2 gupdate1c9dd4f96f037d0;Google Updateservice (gupdate1c9dd4f96f037d0);c:\program files\Google\Update\GoogleUpdate.exe [25/05/2009 17:43 133104] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe --> c:\program files\MAGIX\Common\Database\bin\fbserver.exe [?] S3 jbridgep;jbridgep;\??\c:\docume~1\ief\LOCALS~1\Temp\jbridgep.sys --> c:\docume~1\ief\LOCALS~1\Temp\jbridgep.sys [?] S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [16/05/2009 15:35 10251904] S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [6/01/2007 11:47 299923] S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [14/04/2008 19:50 544768] . Inhoud van de 'Gedeelde Taken' map 2008-11-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-05-24 c:\windows\Tasks\Controleren op updates voor Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20] 2009-05-24 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-14 18:05] 2009-05-24 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-25 15:43] 2009-05-23 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] 2009-05-24 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] . - - - - ORPHANS VERWIJDERD - - - - SafeBoot-procexp90.Sys . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://breedband.telenet.be mWindow Title = Telenet Internet uInternet Settings,ProxyOverride = *.local; uInternet Settings,ProxyServer = http=localhost:7171 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-24 09:18 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-3542878883-107647110-3150139286-1005\Software\Microsoft\Protected Storage System Provider\S-1-5-21-3542878883-107647110-3150139286-1005\Data\220d5cd0-853a-11d0-84bc-00c04fd43f8f\220d5cd1-853a-11d0-84bc-00c04fd43f8f\[u]0[/u]1c2e37c24587fea*ì¡**] "Behavior"=hex:02,00,00,00,02,00,00,00,10,00,00,00,57,00,69,00,6e,00,64,00,6f, 00,77,00,73,00,00,00,14,00,00,00,33,72,ae,a0,67,98,64,c4,5c,56,2b,63,66,6c,\ "Item Data"=hex:02,00,00,00,18,00,00,00,76,10,10,45,4c,60,70,43,cc,c6,b9,7a,c5, 27,6c,3d,4b,00,b4,8c,7c,a0,df,b1,30,00,00,00,a8,cc,79,80,5d,ee,c7,bc,4c,9f,\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . Voltooingstijd: 2009-05-24 9:20 ComboFix-quarantined-files.txt 2009-05-24 07:20 Pre-Run: 20.088.504.320 bytes beschikbaar Post-Run: 20.260.360.192 bytes beschikbaar WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect 224 --- E O F --- 2009-05-13 20:32