ComboFix 09-08-27.A0 - Eigenaar 28/08/2009 15:37.1.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.1.1252.32.1043.18.1023.782 [GMT 2:00] Gestart vanuit: c:\documents and settings\Eigenaar\Mijn documenten\ComboFix.exe . (((((((((((((((((((( Bestanden Gemaakt van 2009-07-28 to 2009-08-28 )))))))))))))))))))))))))))))) . 2009-08-28 12:44 . 2009-08-28 12:44 -------- d-----w- C:\Motorola_CableModem 2009-08-28 12:37 . 2009-08-28 12:37 1961720 ----a-w- c:\documents and settings\Eigenaar\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe 2009-08-28 12:21 . 2009-08-28 12:21 18384 ----a-w- c:\documents and settings\Eigenaar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-28 12:20 . 2009-08-28 12:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters 2009-08-28 11:47 . 2009-08-28 11:47 -------- d-----w- c:\windows\Profiles 2009-08-28 11:47 . 2009-08-28 12:51 -------- d-----w- c:\program files\Common Files\Adobe 2009-08-28 11:47 . 2009-08-28 11:47 -------- d-----w- c:\windows\system32\Adobe 2009-08-28 11:47 . 2009-08-28 11:47 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\InterTrust 2009-08-28 11:46 . 1998-11-13 09:08 308224 ----a-w- c:\windows\IsUn0413.exe 2009-08-27 20:12 . 2009-08-27 20:12 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Malwarebytes 2009-08-27 20:11 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-27 20:11 . 2009-08-27 20:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-27 20:11 . 2009-08-27 20:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-27 20:11 . 2009-08-03 11:36 18456 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-27 19:53 . 2009-08-27 19:53 -------- d-----w- c:\program files\LimeWire 2009-08-27 18:00 . 2002-06-28 20:15 5888 ----a-r- c:\windows\system32\drivers\siside.sys 2009-08-27 18:00 . 2009-08-27 18:00 -------- dc----w- c:\windows\system32\DRVSTORE 2009-08-27 16:36 . 2009-08-27 16:36 552 ----a-w- c:\windows\system32\d3d8caps.dat 2009-08-27 14:48 . 2009-08-27 14:48 -------- d-----w- c:\windows\system32\URTTEMP 2009-08-27 14:47 . 2003-10-21 23:30 32256 -c--a-w- c:\windows\system32\dllcache\msgsvc.dll 2009-08-27 14:47 . 2003-10-21 23:30 32256 ----a-w- c:\windows\system32\msgsvc.dll 2009-08-27 14:46 . 2004-04-10 19:24 26112 ----a-w- c:\windows\system32\xpsp1hfm.exe 2009-08-27 14:46 . 2009-08-27 14:46 -------- d-----w- c:\windows\PeerNet 2009-08-27 14:45 . 2005-01-28 11:44 895736 -c--a-w- c:\windows\system32\dllcache\wmvdmod.dll 2009-08-27 14:45 . 2005-01-28 11:44 774904 -c--a-w- c:\windows\system32\dllcache\wmsdmod.dll 2009-08-27 14:45 . 2005-01-28 11:44 396528 -c--a-w- c:\windows\system32\dllcache\wmadmod.dll 2009-08-27 14:45 . 2002-12-11 17:12 316040 ----a-w- c:\windows\system32\mp43dmod.dll 2009-08-27 14:45 . 2002-12-11 15:34 241664 -c--a-w- c:\windows\system32\dllcache\mpg4dmod.dll 2009-08-27 14:45 . 2002-12-11 15:34 241664 ----a-w- c:\windows\system32\mpg4dmod.dll 2009-08-27 14:45 . 2002-12-11 13:16 384512 ----a-w- c:\windows\system32\mp4sdmod.dll 2009-08-27 14:45 . 2009-08-27 14:45 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\Innovative Solutions 2009-08-27 14:45 . 2009-08-27 14:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Innovative Solutions 2009-08-27 14:45 . 2009-08-27 14:45 -------- d-----w- c:\program files\Innovative Solutions 2009-08-27 14:42 . 2009-08-27 14:42 263680 -c--a-w- c:\windows\system32\dllcache\mstask.dll 2009-08-27 14:42 . 2009-08-27 14:42 263680 ----a-w- c:\windows\system32\mstask.dll 2009-08-27 14:42 . 2009-08-27 14:42 173568 -c--a-w- c:\windows\system32\dllcache\schedsvc.dll 2009-08-27 14:42 . 2009-08-27 14:42 173568 ----a-w- c:\windows\system32\schedsvc.dll 2009-08-27 14:42 . 2009-08-27 14:42 10752 -c--a-w- c:\windows\system32\dllcache\mstinit.exe 2009-08-27 14:42 . 2009-08-27 14:42 10752 ----a-w- c:\windows\system32\mstinit.exe 2009-08-27 14:42 . 2006-07-14 15:59 307200 -c--a-w- c:\windows\system32\dllcache\netapi32.dll 2009-08-27 14:41 . 2005-10-20 22:34 1000960 ----a-w- c:\windows\system32\esent.dll 2009-08-27 14:30 . 2009-08-27 14:30 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\Downloaded Installations . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-27 15:01 . 2003-04-08 12:00 81406 ----a-w- c:\windows\system32\perfc013.dat 2009-08-27 15:01 . 2003-04-08 12:00 465602 ----a-w- c:\windows\system32\perfh013.dat 2009-08-27 14:45 . 2009-08-26 20:55 73051 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat 2009-08-26 21:35 . 2009-08-26 21:28 -------- d-----w- c:\program files\Ahead 2009-08-26 21:26 . 2009-08-26 21:06 -------- d-----w- c:\program files\Common Files\InstallShield 2009-08-26 21:18 . 2009-08-26 21:18 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink 2009-08-26 21:18 . 2009-08-26 21:18 -------- d-----w- c:\program files\CyberLink 2009-08-26 21:18 . 2009-08-26 21:06 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-26 21:06 . 2009-08-26 21:06 -------- d-----w- c:\program files\ZyDAS Technology Corporation 2009-08-26 20:56 . 2009-08-26 20:56 -------- d-----w- c:\program files\microsoft frontpage 2009-08-26 20:52 . 2009-08-26 20:52 21748 ----a-w- c:\windows\system32\emptyregdb.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-11-15 1670144] "DriverMax"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2009-08-25 7924056] "DriverMax_RESTART"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2009-08-25 7924056] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768] "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2002-10-08 155648] "InCD"="c:\program files\Ahead\InCD\InCD.exe" [2003-01-15 1220608] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2003-04-08 13312] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [26/08/2009 23:35 9344] R2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [26/08/2009 23:35 468480] R2 Ip6FwHlp;IPv6 Internet Connection Firewall;c:\windows\System32\svchost.exe -k netsvcs [8/04/2003 14:00 12800] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uInternet Settings,ProxyServer = hxxp://pac.telenet.be:8080 IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-28 15:39 Windows 5.1.2600 Service Pack 1 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(924) c:\windows\system32\ODBC32.dll - - - - - - - > 'lsass.exe'(980) c:\windows\System32\dssenh.dll - - - - - - - > 'explorer.exe'(548) c:\windows\System32\msi.dll c:\program files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx c:\windows\System32\ODBC32.dll . Voltooingstijd: 2009-08-28 15:40 ComboFix-quarantined-files.txt 2009-08-28 13:40 Pre-Run: 110.746.939.392 bytes beschikbaar Post-Run: 110.856.077.312 bytes beschikbaar winxpsp1_nl_hom_bf.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect multi(0)disk(0)rdisk(0)partition(1)\Windows="windows xp" fastdetect multi(0)disk(0)rdisk(0)partition(1)\Minint="windows xp" fastdetect 146 --- E O F --- 2009-08-27 18:00