ComboFix 09-07-14.08 - HERMANSA 16/07/2009 16:37.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1448 [GMT 2:00] Running from: \\FAN001_X\usersdata$\hermansa\desktop\scan.exe AV: Microsoft Forefront Client Security *On-access scanning enabled* (Updated) {926A3D4F-E4E7-4F47-9902-4EDD55FFE1AF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\hermansa.DAN001\Application Data\wiaserva.log c:\documents and settings\hermansa.DAN001\Local Settings\Temporary Internet Files\SLC_hermansa.prx c:\documents and settings\hermansa.DAN001\oashdihasidhasuidhiasdhiashdiuasdhasd c:\documents and settings\hermansa\Local Settings\Temporary Internet Files\SLC_hermansa.prx c:\recycler\S-1-5-21-1374601752-2222278978-1394923232-500 c:\recycler\S-1-5-21-1685927933-4217759621-2681017343-500 c:\recycler\S-1-5-21-190828371-377554896-1671604064-500 c:\recycler\S-1-5-21-205365598-879495947-3534835413-500 c:\recycler\S-1-5-21-2225589205-2942328611-698528753-500 c:\recycler\S-1-5-21-2295602418-2485427529-2591340698-500 c:\recycler\S-1-5-21-2477990468-2748442809-927626363-500 c:\recycler\S-1-5-21-3142369026-4064122770-959252333-500 c:\recycler\S-1-5-21-3376078148-2501954535-3646181656-500 c:\recycler\S-1-5-21-3728970240-373996543-670892116-500 c:\recycler\S-1-5-21-760547096-359918316-2141840317-500 c:\recycler\S-1-5-21-809299238-3924064129-568730901-500 c:\winnt\system32\iAlmcoin.dll ----- BITS: Possible infected sites ----- hxxp://san007:8530 . ((((((((((((((((((((((((( Files Created from 2009-06-16 to 2009-07-16 ))))))))))))))))))))))))))))))) . 2009-07-16 14:21 . 2009-07-16 14:32 -------- d-----w- c:\program files\SimpleDivX 2009-07-16 13:58 . 2009-07-16 13:58 -------- d-----w- c:\temp\Ice Age 3 (2009)nl.subs.NLT-Release (Mpeg) 2009-07-16 13:31 . 2009-07-16 13:31 -------- d-----w- c:\documents and settings\hermansa.DAN001\Application Data\Media Player Classic 2009-07-16 13:30 . 2008-09-16 19:23 168448 ----a-w- c:\winnt\system32\unrar.dll 2009-07-16 13:30 . 2004-01-25 16:18 217088 ----a-w- c:\winnt\system32\yv12vfw.dll 2009-07-16 13:30 . 2009-05-29 21:37 205824 ----a-w- c:\winnt\system32\xvidvfw.dll 2009-07-16 13:30 . 2009-05-29 21:31 881664 ----a-w- c:\winnt\system32\xvidcore.dll 2009-07-16 13:30 . 2009-05-01 21:02 90112 ----a-w- c:\winnt\system32\dpl100.dll 2009-07-16 13:30 . 2008-11-06 16:37 3596288 ----a-w- c:\winnt\system32\qt-dx331.dll 2009-07-16 13:30 . 2009-05-01 21:02 685056 ----a-w- c:\winnt\system32\divx.dll 2009-07-16 13:30 . 2009-06-02 16:11 85504 ----a-w- c:\winnt\system32\ff_vfw.dll 2009-07-16 13:30 . 2009-07-16 13:33 -------- d-----w- c:\program files\K-Lite Codec Pack 2009-07-16 12:12 . 2009-07-16 12:12 -------- d-----w- c:\program files\uTorrent 2009-07-16 12:11 . 2009-07-16 14:42 -------- d-----w- c:\documents and settings\hermansa.DAN001\Application Data\uTorrent 2009-07-15 22:04 . 2009-07-15 22:04 -------- d-----w- c:\program files\Common Files\Adobe 2009-07-15 22:01 . 2009-07-16 11:59 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-07-15 22:01 . 2009-07-16 11:59 -------- d-----w- c:\program files\NOS 2009-07-15 20:27 . 2009-07-15 20:27 -------- d-----w- c:\winnt\system32\wbem\Repository 2009-07-15 18:53 . 2009-07-15 18:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-07-15 17:34 . 2009-07-15 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\15065004 2009-07-10 06:56 . 2009-07-10 06:56 -------- d-----w- c:\program files\DellTPad 2009-07-10 06:56 . 2006-11-02 06:09 1419232 ----a-w- c:\winnt\system32\WdfCoInstaller01005.dll 2009-07-10 06:55 . 2009-07-10 06:55 -------- d-----w- C:\dell 2009-07-10 06:25 . 2009-07-10 06:25 -------- d-s---w- c:\documents and settings\hermansa.DAN001\UserData 2009-07-09 13:42 . 2009-07-13 17:17 -------- d-----w- c:\documents and settings\hermansa.DAN001\Local Settings\Application Data\Google 2009-07-09 12:49 . 2009-07-15 22:04 -------- d-----w- c:\documents and settings\hermansa.DAN001\Local Settings\Application Data\Adobe 2009-07-09 11:57 . 2009-07-09 11:57 -------- d-----w- c:\documents and settings\hermansa.DAN001\Local Settings\Application Data\Apple Computer 2009-07-09 11:49 . 2009-07-16 12:41 -------- d-----w- c:\documents and settings\hermansa.DAN001\SapWorkDir 2009-07-09 08:22 . 2009-07-09 10:05 -------- d-----w- c:\documents and settings\hermansa.DAN001\Application Data\SpamBayes 2009-07-09 08:15 . 2009-07-16 14:42 -------- d-----w- c:\documents and settings\hermansa.DAN001 2009-07-09 07:33 . 2009-07-09 07:33 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer 2009-07-09 07:33 . 2009-07-09 07:33 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Ahead 2009-07-09 07:33 . 2009-07-09 07:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nero 2009-07-06 12:51 . 2009-07-06 12:51 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Resources.dll 2009-07-06 12:50 . 2009-07-06 12:50 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\RPAPI.dll 2009-07-06 12:50 . 2009-07-06 12:50 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\PrivacyClean.dll 2009-07-06 12:50 . 2009-07-06 12:50 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\lbd.sys 2009-07-06 12:50 . 2009-07-06 12:50 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\AAWDriverTool.exe 2009-07-06 12:49 . 2009-07-06 12:49 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\CEAPI.dll 2009-07-06 12:49 . 2009-07-06 12:49 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe 2009-07-06 12:49 . 2009-07-06 12:49 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe 2009-07-06 12:48 . 2009-07-06 12:48 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe 2009-07-06 12:47 . 2009-07-06 12:47 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWWSC.exe 2009-07-06 12:46 . 2009-07-06 12:46 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe 2009-07-06 12:45 . 2009-07-06 12:45 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe 2009-07-04 11:52 . 2009-07-04 11:52 -------- d-----w- c:\program files\Free M4a to MP3 Converter 2009-07-03 09:01 . 2009-05-07 15:44 344064 -c----w- c:\winnt\system32\dllcache\localspl.dll 2009-07-03 09:00 . 2009-04-15 15:11 584192 -c----w- c:\winnt\system32\dllcache\rpcrt4.dll 2009-06-30 11:19 . 2009-06-30 11:19 -------- d-----w- c:\documents and settings\hermansa\Application Data\Alive Games 2009-06-20 09:58 . 2009-06-20 09:58 -------- d-----w- c:\program files\iPod 2009-06-20 09:58 . 2009-06-20 09:58 -------- d-----w- c:\program files\iTunes 2009-06-20 09:58 . 2009-06-20 09:58 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-06-20 09:56 . 2009-06-20 09:56 -------- d-----w- c:\program files\QuickTime 2009-06-20 09:51 . 2009-06-20 09:51 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe 2009-06-18 09:10 . 2009-06-18 09:10 249856 ------w- c:\winnt\Setup1.exe 2009-06-18 09:10 . 2009-06-18 09:10 73216 ----a-w- c:\winnt\ST6UNST.EXE . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-15 18:31 . 2008-07-06 06:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-07-13 07:10 . 2008-10-15 07:00 1501 ----a-w- c:\program files\Altir? 2009-07-12 13:20 . 2008-04-19 06:04 -------- d-----w- c:\documents and settings\All Users\Application Data\TrackMania 2009-07-10 07:27 . 2009-07-09 08:16 10134 ----a-r- c:\documents and settings\hermansa.DAN001\Application Data\Microsoft\Installer\{2809539D-8ABC-4B04-B5C9-0F743F8EC1A0}\ARPPRODUCTICON.exe 2009-07-10 07:27 . 2009-07-09 08:16 10134 ----a-r- c:\documents and settings\hermansa.DAN001\Application Data\Microsoft\Installer\{40257B6A-CC1E-4D6B-9B31-8846C7F07D90}\ARPPRODUCTICON.exe 2009-07-10 06:57 . 2009-07-10 06:57 0 ---ha-w- c:\winnt\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf 2009-07-10 06:57 . 2009-07-10 06:57 0 ---ha-w- c:\winnt\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-07-09 07:33 . 2005-07-08 06:43 26712 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-08 11:39 . 2008-05-21 15:09 -------- d-----w- c:\program files\SAP Download Manager 2009-07-07 19:23 . 2008-04-01 07:37 -------- d-----w- c:\documents and settings\hermansa\Application Data\AdobeUM 2009-06-30 11:19 . 2009-07-09 08:16 -------- d-----w- c:\documents and settings\hermansa.DAN001\Application Data\Alive Games 2009-06-26 15:24 . 2008-04-05 14:33 -------- d-----w- c:\program files\TrackMania Nations ESWC 2009-06-23 07:00 . 2008-10-20 06:15 752 ----a-w- c:\program files\Altir 2009-06-22 06:12 . 2009-07-09 08:16 766 ----a-r- c:\documents and settings\hermansa.DAN001\Application Data\Microsoft\Installer\{CCACBEBD-7CB2-4EEF-8367-458734605E38}\ARPPRODUCTICON.exe 2009-06-22 06:12 . 2009-07-09 08:16 766 ----a-r- c:\documents and settings\hermansa.DAN001\Application Data\Microsoft\Installer\{CCACBEBD-7CB2-4EEF-8367-458734605E38}\Abaculus.exe 2009-06-22 06:12 . 2008-09-26 09:45 766 ----a-r- c:\documents and settings\hermansa\Application Data\Microsoft\Installer\{CCACBEBD-7CB2-4EEF-8367-458734605E38}\ARPPRODUCTICON.exe 2009-06-22 06:12 . 2008-09-26 09:45 766 ----a-r- c:\documents and settings\hermansa\Application Data\Microsoft\Installer\{CCACBEBD-7CB2-4EEF-8367-458734605E38}\Abaculus.exe 2009-06-20 09:58 . 2008-09-12 20:06 -------- d-----w- c:\program files\Common Files\Apple 2009-06-18 07:09 . 2009-06-16 12:14 -------- d-----w- c:\program files\Xobni 2009-06-16 08:02 . 2009-06-15 07:56 -------- d-----w- c:\program files\icytower1.4 2009-06-15 14:40 . 2009-07-09 08:16 -------- d-----w- c:\documents and settings\hermansa.DAN001\Application Data\PSpad 2009-06-15 14:40 . 2009-05-15 20:47 -------- d-----w- c:\documents and settings\hermansa\Application Data\PSpad 2009-06-04 06:50 . 2008-02-01 11:18 -------- d-----w- c:\program files\DIKA 2009-05-27 16:43 . 2008-04-01 07:46 -------- d-----w- c:\program files\Google 2009-05-16 16:53 . 2009-05-16 16:53 664 ----a-w- c:\winnt\system32\d3d9caps.dat 2009-05-07 15:44 . 2003-03-01 14:48 344064 ----a-w- c:\winnt\system32\localspl.dll 2009-05-06 08:04 . 2009-05-20 06:00 212992 ----a-w- C:\DmnCtrl081.exe 2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\winnt\system32\GPhotos.scr 2009-04-29 04:52 . 2004-01-21 14:16 659456 ----a-w- c:\winnt\system32\wininet.dll 2009-04-29 04:52 . 2005-02-04 13:32 81920 ----a-w- c:\winnt\system32\ieencode.dll 2009-04-28 12:39 . 2008-05-21 12:25 208896 ----a-w- C:\DmnCtrl061.exe 2007-12-11 07:55 . 2008-05-21 15:50 626688 ----a-w- c:\program files\Common Files\sapconsaccess.dll 2007-12-11 07:55 . 2008-05-21 15:50 3125248 ----a-w- c:\program files\Common Files\sapxlhelper.dll 2007-12-11 07:55 . 2008-05-21 15:50 192512 ----a-w- c:\program files\Common Files\sapconsr3.dll 2007-12-11 07:55 . 2008-05-21 15:49 40960 ----a-w- c:\program files\Common Files\DigitalSignature.ocx 2007-12-11 07:55 . 2008-05-21 15:49 1229312 ----a-w- c:\program files\Common Files\SAPActiveXL_nosig.xlt 2007-12-11 07:55 . 2008-05-21 15:49 1167872 ----a-w- c:\program files\Common Files\SAPActiveXL.xlt . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\winnt\system32\ctfmon.exe" [2004-08-03 15360] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartPcinfo"="c:\program files\DIKA\Tools\start_pcinfo.divb" [X] "SecurityRebootReminder"="c:\program files\DIKA\Tools\SecurityRebootReminder.divb" [X] "AeXAgentLogon"="c:\program files\Altiris\Altiris Agent\AeXAgentActivate.exe" [2008-01-31 143360] "Synchronization Manager"="c:\winnt\system32\mobsync.exe" [2004-08-03 143360] "Microsoft Forefront Client Security Antimalware Service"="c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe" [2008-07-09 1036848] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-13 515416] "beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2009-02-02 2035712] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-08-18 200704] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SigmatelSysTrayApp"="stsystra.exe" - c:\winnt\stsystra.exe [2007-02-19 303104] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\winnt\system32\CTFMON.EXE" [2004-08-03 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 36040] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "HideShutdownScripts"= 0 (0x0) "MaxGPOScriptWait"= 1800 (0x708) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoMSAppLogo5ChannelNotify"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoChooseProgramsPage"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "DisablePersonalDirChange"= 1 (0x1) "NoAutoUpdate"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "ForceStartMenuLogOff"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun] "1"= kazaa.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\winnt\system32\AMInit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-180556409-416039384-821170639-3582\Scripts\Logon\0\0] "Script"=CheckOutlookCache.divb [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-180556409-416039384-821170639-3582\Scripts\Logon\0\1] "Script"=laptop.divb [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-180556409-416039384-821170639-3582\Scripts\Logon\0\2] "Script"=connect.divb [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-180556409-416039384-821170639-3582\Scripts\Logon\0\3] "Script"=logon.divb [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-180556409-416039384-821170639-3582\Scripts\Logon\0\4] "Script"=Change printer Branch Office.divb [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FCSAM] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"= "c:\\Program Files\\TmNationsForever\\TmForever.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\Microsoft Office\\OFFICE11\\OUTLOOK.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 Lbd;Lbd;c:\winnt\system32\drivers\Lbd.sys [6/02/2009 15:44 64160] R2 cpextender;Check Point SSL Network Extender;c:\program files\CheckPoint\SSL Network Extender\slimsvc.exe [10/06/2007 17:48 331870] R2 CVPNDRV;Cisco Systems Inc. IPSec Driver;c:\winnt\system32\drivers\CVPNDrv.sys [28/10/2002 19:02 263751] R2 DB2MGMTSVC_DB2COPY1;DB2 Management Service (DB2COPY1);c:\program files\IBM\SQLLIB\BIN\db2mgmtsvc.exe [23/07/2007 2:47 35616] R2 EFUploadSrv;ExtraFilm upload service;c:\program files\ExtraFilm Designer BE NL\EFUploadSrv.exe [1/10/2008 15:01 1712128] R2 FCSAM;Microsoft Forefront Client Security Antimalware Service;c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe [9/07/2008 18:05 18704] R2 FcsSas;Microsoft Forefront Client Security State Assessment Service;c:\program files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe [6/04/2007 4:12 73120] R2 MOM;MOM;c:\program files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe [21/07/2005 11:14 134656] R3 VNA;Check Point Virtual Network Adapter;c:\winnt\system32\drivers\vna.sys [10/06/2007 17:48 110160] S2 gupdate1c9863030d86ed4;Google Update Service (gupdate1c9863030d86ed4);c:\program files\Google\Update\GoogleUpdate.exe [3/02/2009 20:49 133104] S3 ACSSCR;ACR38 Smart Card Reader;c:\winnt\system32\drivers\a38usb.sys [2/03/2009 17:00 33536] S3 AEIWL;IBM High Rate Wireless LAN MiniPCI Combo Card Driver;c:\winnt\system32\drivers\AEIWLNDS.sys [21/05/2004 11:28 611328] S3 cdiskdun;cdiskdun;\??\c:\docume~1\hermansa\LOCALS~1\Temp\cdiskdun.sys --> c:\docume~1\hermansa\LOCALS~1\Temp\cdiskdun.sys [?] S3 DB2NTSECSERVER_DB2COPY1;DB2 Security Server (DB2COPY1);c:\program files\IBM\SQLLIB\BIN\db2sec.exe [23/07/2007 2:48 14112] S3 EL556ND5;3Com 10/100 MiniPCI Ethernet Adapter Driver;c:\winnt\system32\drivers\EL556ND5.sys [1/03/2003 16:54 55999] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 951632] S3 LucentSoftModem;Lucent Technologies Soft Modem;c:\winnt\system32\drivers\LTSM.sys [1/03/2003 16:54 802683] S3 OracleOraHome81ClientCache;OracleOraHome81ClientCache;#%c:\ora81\BIN\ONRSD.EXE --> #%c:\ora81\BIN\ONRSD.EXE [?] S3 PCX500;Cisco Wireless LAN Adapters Driver;c:\winnt\system32\drivers\pcx500.sys [10/02/2005 9:25 113664] S3 PCX500MP;Cisco 350 Series Lower Device Filter;c:\winnt\system32\drivers\pcx500mp.sys [5/08/2002 16:46 4990] S3 WDHAALBA;WDHAALBAMiniPCI Winmodem;c:\winnt\system32\drivers\WDHAALBA.sys [1/03/2003 16:54 701386] --- Other Services/Drivers In Memory --- *NewlyCreated* - PROCEXP113 *Deregistered* - PROCEXP113 *Deregistered* - uphcleanhlp [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5084F01D-458E-45EB-A6FD-692D4C9D2789}] c:\winnt\system32\msiexec.exe /qn /fpu {5084F01D-458E-45EB-A6FD-692D4C9D2789} . Contents of the 'Scheduled Tasks' folder 2009-07-13 c:\winnt\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 13:44] 2009-06-26 c:\winnt\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-07-16 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 18:49] 2009-07-16 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 18:49] 2009-07-16 c:\winnt\Tasks\GoogleUpdateTaskUser.job - c:\documents and settings\hermansa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 19:26] 2009-07-16 c:\winnt\Tasks\MP Scheduled Quick Scan.job - c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2008-07-09 16:05] 2009-07-16 c:\winnt\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2008-07-09 16:05] 2009-07-16 c:\winnt\Tasks\MP Scheduled Signature Update.job - c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2008-07-09 16:05] . - - - - ORPHANS REMOVED - - - - WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) Notify-ckpNotify - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://intranet.sd.dika.be/ uInternet Settings,ProxyServer = proxy.dika.be:80 uInternet Settings,ProxyOverride = 172.30.4.88;10.*;172.31.1.3;172.31.1.103;193.109.234.*;195.85.246.*;*.dika.be;*.sd.be;*.myaspex.com;*.aspex.be;*.accdesk.be;*.testaspex.be;*.ontwikkel.be;intranet.*;dika.acc.*;pub.acc.*;portal.sd.dika.be;sd.webex.com;*.voka.be IE: Add to Google Photos Screensa&ver - c:\winnt\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} - hxxps://ssl.gsinet.be/SNX/CSHELL/extender.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab . . ------- File Associations ------- . VBSFile=c:\winnt\System32\Wdivb.exe "%1" %* . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-16 16:43 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1096) c:\winnt\system32\AMINIT.dll c:\winnt\system32\CSGina.dll c:\winnt\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(1152) c:\winnt\system32\AMINIT.dll . Completion time: 2009-07-16 16:45 ComboFix-quarantined-files.txt 2009-07-16 14:45 Pre-Run: 43.027.775.488 bytes free Post-Run: 44.292.751.360 bytes beschikbaar 297 --- E O F --- 2009-07-16 07:04