ComboFix 09-05-23.04 - Sven 24/05/2009 20:20.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.255.92 [GMT 2:00] Gestart vanuit: c:\documents and settings\Sven\Bureaublad\ComboFix.exe . [color=purple]De volgende bestanden werden uitgeschakeld tijdens de run:[/color] c:\windows\system32\detujedu.dll c:\windows\system32\kolayela.dll c:\windows\system32\lehelojo.dll c:\windows\system32\miluduri.dll c:\windows\system32\weyonoru.dll (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\SalesMonitor c:\documents and settings\Eigenaar\Local Settings\Temporary Internet Files\CPV.stt c:\documents and settings\Kelly\Local Settings\Temporary Internet Files\CPV.stt c:\documents and settings\LocalService\Application Data\916653139.exe c:\documents and settings\Sven\Local Settings\Temporary Internet Files\CPV.stt c:\program files\Jcore c:\program files\Jcore\Jcore2.dll c:\program files\ThunMail c:\program files\ThunMail\testabd.dll c:\program files\ThunMail\testabd.exe c:\program files\WWShow c:\program files\WWShow\WWShow.dll c:\windows\system32\__c00F8653.dat c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\CPV.stt c:\windows\system32\dabezoda.dll c:\windows\system32\dajufiwe.dll c:\windows\system32\drivers\ovfsthbpetugvkmmkenkttkljkmeibxbersnrv.sys c:\windows\system32\enosisef.ini c:\windows\system32\esaluzis.ini c:\windows\system32\ezepuron.ini c:\windows\system32\fesisone.dll c:\windows\system32\fihasine.dll c:\windows\system32\gilinabo.dll c:\windows\system32\glsetup.exe c:\windows\system32\helileve.dll c:\windows\system32\huvesegu.dll c:\windows\system32\imabojoy.ini c:\windows\system32\irebitam.ini c:\windows\system32\ivalabus.ini c:\windows\system32\kerelizo.dll c:\windows\system32\logibeja.dll c:\windows\system32\lowakoda.dll.tmp c:\windows\system32\matiberi.dll c:\windows\system32\meyaforu.dll c:\windows\system32\nogorike.dll c:\windows\system32\nudegeno.dll c:\windows\system32\nuhasuke.dll c:\windows\system32\obanilig.ini c:\windows\system32\ogetedoz.ini c:\windows\system32\olanufit.ini c:\windows\system32\omijuzas.ini c:\windows\system32\orirudut.ini c:\windows\system32\ovfsthhsvqfnulvypbkscsfvylolhboduoqpvf.dll c:\windows\system32\ovfsthobvyutwubnpucklvcfejgqkalpdaormr.dll c:\windows\system32\ovfsthrjcydekqruejstqmyddpgqobwiuccjge.dat c:\windows\system32\ovfsthukgwshussxtvpclmkbskydnrotfnemwj.dll c:\windows\system32\ovfsthvfdunkuhgoalyawklqiojsgpfuvbmakl.dat c:\windows\system32\ovihiwip.ini c:\windows\system32\piwihivo.dll c:\windows\system32\pofuzema.dll c:\windows\system32\satukivu.dll c:\windows\system32\service-466.exe c:\windows\system32\sft.res c:\windows\system32\sizulase.dll c:\windows\system32\sohojire.dll c:\windows\system32\sovaroda.dll.tmp c:\windows\system32\subalavi.dll c:\windows\system32\tesegigo.dll c:\windows\system32\tifunalo.dll c:\windows\system32\tokurepa.dll c:\windows\system32\tuduriro.dll c:\windows\system32\tuvikize.dll c:\windows\system32\ubolafoh.ini c:\windows\system32\ufafozuv.ini c:\windows\system32\ufoyidul.ini c:\windows\system32\urofayem.ini c:\windows\system32\uvikutas.ini c:\windows\system32\uzujamon.ini c:\windows\system32\vetuyija.dll c:\windows\system32\vikezisi.dll c:\windows\system32\vuzofafu.dll c:\windows\system32\wanizofu.dll.tmp c:\windows\system32\wehokepu.dll c:\windows\system32\yojobami.dll c:\windows\system32\yuhisona.dll c:\windows\system32\zodetego.dll C:\xcrashdump.dat D:\desktop.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_ovfsthxbwqjbppyxdyidlxcpafrmsuhrmatimx -------\Legacy_FMTR (((((((((((((((((((( Bestanden Gemaakt van 2009-04-24 to 2009-05-24 )))))))))))))))))))))))))))))) . 2009-05-24 18:25 . 2009-05-24 18:26 96768 ----a-w c:\documents and settings\LocalService\Application Data\916653139.exe 2009-05-24 16:19 . 2009-05-24 16:19 -------- d--h--r c:\documents and settings\Sven\Onlangs geopend 2009-05-23 00:33 . 2009-05-24 18:20 29184 ----a-w c:\windows\system32\lklf32.dll 2009-05-22 17:57 . 2009-05-22 18:18 -------- d-----w c:\windows\BDOSCAN8 2009-05-22 13:36 . 2009-05-24 18:25 29184 ----a-w c:\windows\system32\jhxm32.dll 2009-05-22 13:36 . 2009-05-22 13:36 32768 ----a-w c:\windows\system32\avast!Antivirus.exe 2009-05-22 00:37 . 2009-05-22 00:37 136 ----a-w c:\windows\system32\vp_setup.exe.bat 2009-05-22 00:37 . 2009-05-22 00:37 61440 ----a-w c:\windows\system32\vp_setup.exe 2009-05-21 15:39 . 2009-05-21 16:33 -------- d-----w c:\program files\Spybot - Search & Destroy 2009-05-21 15:39 . 2009-05-21 16:33 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-05-14 22:24 . 2009-05-21 15:45 -------- d-----w c:\documents and settings\Sven\Application Data\Twain 2009-05-13 21:52 . 2009-05-21 15:45 -------- d-----w c:\documents and settings\Sven\Application Data\ptidle 2009-05-13 19:09 . 2009-05-13 19:09 683801 ----a-w c:\documents and settings\All Users\Application Data\Last.fm\Client\UninstWMP\unins000.exe 2009-05-13 19:09 . 2009-05-13 19:09 184 ----a-w c:\documents and settings\All Users\Application Data\Last.fm\Client\uninst2.bat 2009-05-13 19:09 . 2009-05-13 19:09 683801 ----a-w c:\documents and settings\All Users\Application Data\Last.fm\Client\UninstITW\unins000.exe 2009-05-13 19:09 . 2009-05-13 19:09 -------- d-----w c:\documents and settings\All Users\Application Data\Last.fm 2009-05-13 19:08 . 2009-05-13 19:08 -------- d-----w c:\program files\Last.fm . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-24 17:47 . 2007-08-29 21:24 -------- d-----w c:\documents and settings\All Users\Application Data\avg7 2009-05-24 17:47 . 2007-08-29 22:21 -------- d-----w c:\documents and settings\Monique\Application Data\AVG7 2009-05-24 17:47 . 2007-08-29 22:20 -------- d-----w c:\documents and settings\Kelly\Application Data\AVG7 2009-05-24 17:47 . 2007-08-29 22:16 -------- d-----w c:\documents and settings\Eigenaar\Application Data\AVG7 2009-05-24 17:47 . 2007-08-29 21:25 -------- d-----w c:\documents and settings\Sven\Application Data\AVG7 2009-05-24 13:50 . 2009-02-24 13:50 87040 ----a-w c:\windows\system32\weyonoru.dll.vir 2009-05-23 15:40 . 2009-02-23 15:40 87040 ----a-w c:\windows\system32\miluduri.dll.vir 2009-05-23 02:05 . 2009-02-23 02:05 87040 ----a-w c:\windows\system32\lehelojo.dll.vir 2009-05-22 14:04 . 2009-02-22 14:04 87040 ----a-w c:\windows\system32\kolayela.dll.vir 2009-05-18 21:46 . 2007-12-22 13:31 -------- d-----w c:\documents and settings\All Users\Application Data\CanonIJPLM 2009-05-12 17:33 . 2001-09-07 12:00 87068 ----a-w c:\windows\system32\perfc013.dat 2009-05-12 17:33 . 2001-09-07 12:00 501868 ----a-w c:\windows\system32\perfh013.dat 2009-05-10 11:23 . 2007-08-29 20:58 111512 ----a-w c:\documents and settings\Kelly\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-27 01:59 . 2007-12-14 17:37 -------- d-----w c:\program files\Google 2009-04-19 09:53 . 2007-08-29 21:06 111512 ----a-w c:\documents and settings\Monique\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-08 21:07 . 2009-04-08 21:07 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-04-08 21:07 . 2007-12-17 02:25 -------- d-----w c:\program files\iTunes 2009-04-08 21:07 . 2009-04-08 21:07 -------- d-----w c:\program files\iPod 2009-04-08 21:07 . 2007-12-08 18:09 -------- d-----w c:\program files\Common Files\Apple 2009-04-08 20:59 . 2009-04-08 20:59 75048 ----a-w c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe 2009-03-19 14:32 . 2009-03-19 14:32 23400 ----a-w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys 2009-03-19 14:32 . 2008-01-29 10:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys 2009-03-06 14:23 . 2001-09-07 12:00 285696 ----a-w c:\windows\system32\pdh.dll 2009-03-03 00:16 . 2001-09-07 12:00 826368 ----a-w c:\windows\system32\wininet.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F30B5E7E-CFBB-44fb-A947-226E5A7A4290}] 2009-05-24 18:25 29184 ----a-w c:\windows\system32\jhxm32.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Microsoft Works Update Detection"="?\WkDetect.exe" [?] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "net"="c:\windows\system32\net.net" [2009-05-13 110932] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312] "net"="c:\windows\system32\net.net" [2009-05-13 110932] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-8-31 113664] Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-6-30 24633] Ulead Photo Express 4.0 SE Calendar Checker .lnk - c:\program files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe [2007-8-30 69632] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Participatory Culture Foundation\\Miro\\Miro_Downloader.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\iPod\\bin\\iPodService.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "2145:UDP"= 2145:UDP:Windows Media Format SDK (wmplayer.exe) "2144:UDP"= 2144:UDP:Windows Media Format SDK (wmplayer.exe) --- Andere Services/Drivers In Geheugen --- *Deregistered* - ALG *Deregistered* - Apple Mobile Device *Deregistered* - AudioSrv *Deregistered* - avast!Antivirus *Deregistered* - BITS *Deregistered* - Bonjour Service *Deregistered* - Browser *Deregistered* - CryptSvc *Deregistered* - DcomLaunch *Deregistered* - Dhcp *Deregistered* - Diskeeper *Deregistered* - Dnscache *Deregistered* - ERSvc *Deregistered* - EventSystem *Deregistered* - FastUserSwitchingCompatibility *Deregistered* - helpsvc *Deregistered* - IJPLMSVC *Deregistered* - ImapiService *Deregistered* - iPod Service *Deregistered* - lanmanserver *Deregistered* - lanmanworkstation *Deregistered* - LmHosts *Deregistered* - Netman *Deregistered* - Nla *Deregistered* - PolicyAgent *Deregistered* - ProtectedStorage *Deregistered* - RasMan *Deregistered* - RpcSs *Deregistered* - SamSs *Deregistered* - Schedule *Deregistered* - seclogon *Deregistered* - SENS *Deregistered* - SharedAccess *Deregistered* - ShellHWDetection *Deregistered* - Spooler *Deregistered* - srservice *Deregistered* - SSDPSRV *Deregistered* - stisvc *Deregistered* - TapiSrv *Deregistered* - TermService *Deregistered* - Themes *Deregistered* - TrkWks *Deregistered* - W32Time *Deregistered* - WebClient *Deregistered* - winmgmt *Deregistered* - wscsvc *Deregistered* - wuauserv *Deregistered* - WZCSVC . Inhoud van de 'Gedeelde Taken' map 2009-05-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34] 2009-05-23 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] 2009-05-24 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] . - - - - ORPHANS VERWIJDERD - - - - BHO-{15421B84-3488-49A7-AD18-CBF84A3EFAF6} - c:\program files\WWShow\WWShow.dll BHO-{D88E1558-7C2D-407A-953A-C044F5607CEA} - c:\program files\Jcore\Jcore2.dll BHO-{f0daaa77-1170-4108-8bd1-ffac3add947c} - c:\windows\system32\nuhasuke.dll HKCU-Run-first drive - c:\docume~1\Sven\APPLIC~1\STYLEW~1\eq send jugs.exe HKCU-Run-ptidle - c:\documents and settings\Sven\Application Data\ptidle\ptidle.exe HKCU-Run-DigiFast - c:\documents and settings\Sven\Application Data\digifast\digifast.exe HKCU-Run-:OG: - c:\documents and settings\Sven\Application Data\Microsoft\Windows\vryhts.exe HKLM-Run-WARN POP TRUST LIES - c:\documents and settings\All Users\Application Data\Camp Mess Warn Pop\test dupe.exe HKLM-Run-darayobazo - c:\windows\system32\vikezisi.dll HKLM-Run-30acbc91 - c:\windows\system32\piwihivo.dll HKLM-Run-CPM339f8f0d - c:\windows\system32\weyonoru.dll HKU-Default-Run-svc - c:\program files\ThunMail\testabd.exe SharedTaskScheduler-{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\weyonoru.dll Notify-__c00F8653 - c:\windows\system32\__c00F8653.dat SafeBoot-procexp90.Sys . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://www.google.be/ uInternet Settings,ProxyOverride = *.local IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-24 20:25 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(2788) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\system32\avast!Antivirus.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Executive Software\Diskeeper\DkService.exe c:\program files\Canon\IJPLM\ijplmsvc.exe c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\msiexec.exe . ************************************************************************** . Voltooingstijd: 2009-05-24 20:32 - machine werd herstart ComboFix-quarantined-files.txt 2009-05-24 18:32 Pre-Run: 15.464.185.856 bytes beschikbaar Post-Run: 15.813.259.264 bytes beschikbaar WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn 310 --- E O F --- 2009-05-12 17:35