ComboFix 09-08-10.06 - Dennis 14-08-2009 18:50.3.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.511.199 [GMT 2:00] Gestart vanuit: c:\documents and settings\Dennis\Bureaublad\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090813-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E3963-FFA4-00ED-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-00ED-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-00FE-0D24-347CA8A3377C} AV: Norton AntiVirus *On-access scanning enabled* (Updated) {B5510F6F-87E1-47F7-A411-360BC453007C} FW: Norton Internet Security *enabled* {825036E0-9F94-4752-8789-8B92454AF49B} . De volgende bestanden werden uitgeschakeld tijdens de run: c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll (((((((((((((((((((( Bestanden Gemaakt van 2009-07-14 to 2009-08-14 )))))))))))))))))))))))))))))) . 2009-08-14 13:22 . 2009-08-14 16:28 -------- d--h--r- c:\documents and settings\Dennis\Onlangs geopend 2009-08-12 17:13 . 2009-08-12 17:13 -------- d-----w- c:\program files\CCleaner 2009-08-12 16:22 . 2009-07-10 13:31 1315328 ------w- c:\windows\system32\dllcache\msoe.dll 2009-08-11 10:33 . 2009-08-11 10:33 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-08-10 19:01 . 2009-08-10 19:01 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2009-08-08 19:01 . 2009-08-08 19:01 -------- d-----w- c:\documents and settings\Dennis\Application Data\Malwarebytes 2009-08-08 19:01 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-08 19:01 . 2009-08-08 19:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-08 19:01 . 2009-08-08 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-08 19:01 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-08 18:52 . 2009-08-08 18:52 -------- d-----w- c:\program files\Trend Micro 2009-08-08 18:36 . 2008-04-13 16:44 2560 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll 2009-08-08 18:04 . 2009-08-08 18:04 -------- d-----w- c:\program files\Enigma Software Group 2009-08-05 09:01 . 2009-08-05 09:01 205312 ------w- c:\windows\system32\dllcache\mswebdvd.dll 2009-08-02 12:42 . 2009-08-02 12:42 -------- d-----w- c:\program files\SopCast 2009-07-26 19:42 . 2009-07-26 19:42 -------- d-----w- c:\program files\Nero 2009-07-26 17:24 . 2008-06-24 11:45 1414440 ----a-w- c:\windows\system32\ShellManager310E2D762.dll 2009-07-26 16:54 . 2009-07-26 16:54 -------- d-----w- c:\documents and settings\Rowdy\Application Data\Nero 2009-07-26 14:14 . 2009-07-26 14:14 -------- d-----w- c:\documents and settings\Dennis\Application Data\Nero 2009-07-26 14:10 . 2009-07-26 19:34 -------- d-----w- c:\program files\Common Files\Nero 2009-07-26 14:10 . 2009-07-26 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero 2009-07-26 12:14 . 2009-07-26 12:14 -------- d-----w- c:\documents and settings\LocalService\Application Data\Ahead 2009-07-18 15:02 . 2009-07-18 15:02 -------- d-----w- c:\documents and settings\Yethro\Application Data\SPORE Creature Creator 2009-07-18 14:58 . 2009-07-18 14:58 -------- d-sh--w- c:\documents and settings\Yethro\IETldCache 2009-07-18 14:49 . 2009-08-06 08:47 -------- d-----w- c:\documents and settings\Dennis\Local Settings\Application Data\Temp 2009-07-17 19:04 . 2009-07-17 19:04 58880 ------w- c:\windows\system32\dllcache\atl.dll 2009-07-17 12:41 . 2009-07-17 12:41 -------- d-----w- c:\documents and settings\Dennis\Application Data\Sony Creative Software 2009-07-16 15:23 . 2009-07-16 15:23 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-07-16 09:42 . 2009-07-16 09:42 -------- d-----w- c:\program files\Sony Setup 2009-07-15 20:15 . 2009-07-15 20:15 -------- d-sh--w- c:\documents and settings\Rowdy\PrivacIE . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-12 17:15 . 2006-11-25 16:24 -------- d-----w- c:\documents and settings\Dennis\Application Data\Azureus 2009-08-11 10:00 . 2007-08-23 13:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-08-05 09:01 . 2004-09-10 16:23 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-02 14:44 . 2006-11-25 16:24 -------- d-----w- c:\program files\Azureus 2009-08-02 12:18 . 2007-06-06 16:15 -------- d-----w- c:\documents and settings\Truus\Application Data\LimeWire 2009-08-01 11:23 . 2008-08-10 10:31 -------- d-----w- c:\program files\Microsoft Silverlight 2009-07-31 12:08 . 2008-07-02 13:39 34 ----a-w- c:\documents and settings\Dennis\jagex_runescape_preferences.dat 2009-07-26 19:42 . 2006-08-30 20:17 -------- d-----w- c:\program files\Common Files\Ahead 2009-07-26 12:14 . 2006-10-12 13:03 -------- d-----w- c:\documents and settings\Truus\Application Data\Ahead 2009-07-18 20:02 . 2008-11-15 15:35 848 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-07-17 19:04 . 2004-09-10 16:22 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-16 11:19 . 2008-01-27 12:44 -------- d-----w- c:\program files\Sony 2009-07-16 11:19 . 2008-02-15 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony 2009-07-13 21:43 . 2004-09-10 16:24 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-10 19:39 . 2007-02-27 20:39 57688 ----a-w- c:\documents and settings\Truus\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-03 17:00 . 2004-09-10 16:23 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-16 14:40 . 2004-09-10 16:23 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:40 . 2004-09-10 16:22 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-15 10:45 . 2004-09-10 16:23 79872 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:16 . 2004-09-10 16:22 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 07:22 . 2004-09-10 16:44 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:16 . 2004-09-10 16:23 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-03 19:11 . 2004-09-10 16:23 1295360 ----a-w- c:\windows\system32\quartz.dll 2009-06-02 20:18 . 2009-06-02 20:18 92 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\uninst2.bat 2009-06-02 20:18 . 2009-06-02 20:18 683801 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\UninstITW\unins000.exe 2009-06-02 14:03 . 2006-08-02 10:26 57688 ----a-w- c:\documents and settings\Dennis\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-24 18:45 . 2004-09-10 16:24 99768 ----a-w- c:\windows\system32\perfc013.dat 2009-05-24 18:45 . 2004-09-10 16:24 530502 ----a-w- c:\windows\system32\perfh013.dat 2009-05-24 18:44 . 2009-05-24 18:44 132656 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-05-24 18:36 . 2009-05-24 18:33 52770576 ----a-w- c:\documents and settings\Dennis\Application Data\Sony Setup\64993CD0-67D1-4244-A2BC-FD73F4DA5B62\dotnetfx3.exe . ((((((((((((((((((((((((((((( SnapShot@2009-08-14_10.33.26 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-14 14:54 . 2009-08-14 14:54 16384 c:\windows\Temp\Perflib_Perfdata_434.dat + 2009-08-14 14:57 . 2009-08-14 14:57 16384 c:\windows\Temp\Perflib_Perfdata_154.dat - 2009-08-14 10:29 . 2009-08-14 10:29 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat + 2009-08-14 12:36 . 2009-08-14 12:36 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat - 2009-08-14 10:29 . 2009-08-14 10:29 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat + 2009-08-14 12:36 . 2009-08-14 12:36 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat + 2009-08-14 12:36 . 2009-08-14 12:36 188416 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat + 2009-08-14 12:36 . 2009-08-14 12:36 233472 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT - 2009-08-14 10:29 . 2009-08-14 10:29 233472 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT - 2009-08-14 10:29 . 2009-08-14 10:29 233472 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT + 2009-08-14 12:36 . 2009-08-14 12:36 233472 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT + 2004-09-10 16:23 . 2008-04-14 17:02 1571840 c:\windows\system32\dllcache\sfcfiles.dll + 2009-08-14 12:36 . 2009-08-14 12:36 7385088 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT - 2009-08-14 10:29 . 2009-08-14 10:29 7385088 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-12 68856] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 94208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "ATIPTA"="c:\ati technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 339968] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-11 148888] "PCMService"="c:\apps\Powercinema\PCMService.exe" [2004-10-08 81920] "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576] "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-12-01 180269] "snp2std"="c:\windows\vsnp2std.exe" [2006-12-04 675840] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2009-04-02 868352] "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-03-17 61952] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2004-09-10 77824] "AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-09-15 2557952] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\Program Files\\PokerOffice\\bin\\javaw.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Electronic Arts\\Need for Speed ProStreet\\nfs.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "23954:TCP"= 23954:TCP:BitComet 23954 TCP "23954:UDP"= 23954:UDP:BitComet 23954 UDP R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [18-1-2009 14:54 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18-1-2009 14:54 20560] --- Andere Services/Drivers In Geheugen --- *Deregistered* - mchInjDrv HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Inhoud van de 'Gedeelde Taken' map 2009-08-03 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 11:34] 2009-08-14 c:\windows\Tasks\Easy Onderhoud.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-02-04 15:09] 2006-07-31 c:\windows\Tasks\Herinnering voor registratie 2.job - c:\windows\system32\OOBE\oobebaln.exe [2004-09-10 17:03] 2006-08-15 c:\windows\Tasks\Herinnering voor registratie 3.job - c:\windows\system32\OOBE\oobebaln.exe [2004-09-10 17:03] . . ------- Bijkomende Scan ------- . uStart Page = www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyServer = proxy:8080 uInternet Settings,ProxyOverride = ;*.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html IE: Transfer by Image Converter 2 - c:\program files\Sony\Image Converter 2\menu.htm . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-14 19:02 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(520) c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll - - - - - - - > 'lsass.exe'(576) c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll - - - - - - - > 'explorer.exe'(2300) c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll c:\program files\CyberLink\Shared Files\CLRCEngine.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Voltooingstijd: 2009-08-14 19:07 ComboFix-quarantined-files.txt 2009-08-14 17:07 ComboFix2.txt 2009-08-14 12:50 ComboFix3.txt 2009-08-14 10:40 Pre-Run: 59.893.403.648 bytes beschikbaar Post-Run: 59.848.744.960 bytes beschikbaar 216 --- E O F --- 2009-08-12 17:30