ComboFix 13-08-07.01 - Aniek 08/08/2013 15:21:21.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.1022.262 [GMT 2:00] Gestart vanuit: c:\documents and settings\Aniek\Mijn documenten\Downloads\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\QuestBrowser c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\Aniek\Mijn documenten\~WRL0005.tmp C:\install.exe c:\windows\IsUn0804.exe c:\windows\system32\Cache c:\windows\system32\Cache\13cda57d55d477f0.fb c:\windows\system32\Cache\26c630d098e22dd5.fb c:\windows\system32\Cache\272512937d9e61a4.fb c:\windows\system32\Cache\287204568329e189.fb c:\windows\system32\Cache\28bc8f716fd76a47.fb c:\windows\system32\Cache\31a0997e9a5b5eb3.fb c:\windows\system32\Cache\32c84fe32bb74d60.fb c:\windows\system32\Cache\3917078cb68ec657.fb c:\windows\system32\Cache\590ba23ce359fd0c.fb c:\windows\system32\Cache\610289e025a3ee9a.fb c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb c:\windows\system32\Cache\6d03dad1035885d3.fb c:\windows\system32\Cache\95f567698be8a182.fb c:\windows\system32\Cache\ad10a52aff5e038d.fb c:\windows\system32\Cache\c1fa887b03019701.fb c:\windows\system32\Cache\c4d28dca2e7648be.fb c:\windows\system32\Cache\d201ef9910cd39de.fb c:\windows\system32\Cache\d2e94710a5708128.fb c:\windows\system32\Cache\d79b9dfe81484ec4.fb c:\windows\system32\Cache\f998975c9cc711ee.fb c:\windows\system32\SET9E.tmp c:\windows\system32\SET9F.tmp c:\windows\system32\SETDF.tmp c:\windows\UA000011.DLL . . (((((((((((((((((((( Bestanden Gemaakt van 2013-07-08 to 2013-08-08 )))))))))))))))))))))))))))))) . . 2013-08-08 13:12 . 2013-08-08 13:11 144896 ----a-w- c:\windows\system32\javacpl.cpl 2013-08-08 13:12 . 2013-08-08 13:12 -------- d-----w- c:\windows\LastGood 2013-08-08 13:11 . 2013-08-08 13:11 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-08 13:11 . 2013-04-19 14:19 867240 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-08-08 13:11 . 2010-05-19 16:31 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-08-08 13:07 . 2013-04-19 14:42 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-08-08 13:07 . 2011-06-19 10:44 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-08-08 13:07 . 2010-05-18 13:04 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-06-11 16:56 . 2013-04-19 21:28 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2003-11-03 15:07 . 2004-04-23 15:06 499712 ----a-w- c:\program files\msvcp71.dll 2003-11-03 15:07 . 2004-04-23 15:06 348160 ----a-w- c:\program files\msvcr71.dll 2003-05-30 07:22 . 2003-09-08 07:09 344064 ----a-r- c:\program files\msvcr70.dll 2002-01-05 01:40 . 2003-09-08 07:09 487424 ----a-w- c:\program files\msvcp70.dll 2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll 2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-05-09 08:58 121968 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-06-11 4760816] "Akamai NetSession Interface"="c:\documents and settings\Aniek\Local Settings\Application Data\Akamai\netsession_win.exe" [2013-01-26 4480768] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512] "RTHDCPL"="RTHDCPL.EXE" [2005-11-17 15600128] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-04 113024] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Documents and Settings\\Aniek\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Adobe\\Adobe Media Encoder CS4\\Adobe Media Encoder.exe"= "c:\\Program Files\\BitTorrent\\BitTorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Documents and Settings\\Aniek\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management "1068:TCP"= 1068:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface . R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [19/04/2013 16:42 49376] R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [19/04/2013 16:42 175176] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [19/06/2011 12:44 770344] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [18/05/2010 15:04 369584] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [19/04/2013 23:28 37664] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [17/02/2010 11:25 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/05/2010 17:10 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2/07/2010 16:58 116608] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2/09/2004 14:00 14336] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18/05/2010 15:04 29816] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [19/04/2013 16:42 66336] R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [11/06/2013 18:57 1015984] S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 PLCND532;PLCND532 NDIS Protocol Driver;c:\windows\system32\drivers\PLCND532.sys [14/12/2007 16:26 26656] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - JAVAQUICKSTARTERSERVICE . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Inhoud van de 'Gedeelde Taken' map . 2011-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50] . 2013-08-08 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2013-04-19 08:58] . 2011-09-24 c:\windows\Tasks\prismShakeIcon.job - c:\program files\NCH Software\Prism\PRISM.EXE [2010-05-15 21:39] . . ------- Bijkomende Scan ------- . mStart Page = hxxp://dutch.toggle.com/nl/index.php?rvs=google uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local; IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 195.130.130.131 195.130.131.131 FF - ProfilePath - c:\documents and settings\Aniek\Application Data\Mozilla\Firefox\Profiles\05n0zldb.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - ExtSQL: !HIDDEN! 2010-05-19 21:49; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{C6EADCDE-AB72-427F-9435-ED869F14DDA4} - (no file) HKCU-Run-AdobeBridge - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-08-08 15:30 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_ca0e279.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\GenArts\Sapphire AE\Install-{EC3F6705-85EF-4FB1-4E30-80781324E273}\Data*] @DACL= "DefaultSettings"="99:{C6DDA450-F687-55DF-CA23-1A5083308C5D}" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install*Loc\VxDs] @DACL= "CTE_32 Name"="2455417:{301564B2-67A6-1A66-9C4E-A1FE91DE9752}" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Install*Loc\xga-1-{701BE753-8CAC-7921-A2B3-7A9E840EAD91}\Version 1.1] @DACL= "dat"="806585365:{9DE02ADE-DA9A-808D-3DDB-7C8F882F0DD1}" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\z*\{{05FF8CB8-4942-FCF6-301D-6930181DE865}}] @DACL= "DefaultSettings"="2455438:{37C8840C-72FD-B1F6-4FC1-23A6EF5B6255}" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\{AF5D5E98-F88C-9C02-4EA3-180AF88D20A4}*\Install*Loc\xga-1\dat] @DACL= "default"="516232088:{C6C582AA-44BE-A522-977E-A9F4A35F020F}" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows Install VBX*\Current*Version\Install*Loc\xga-1-{701BE753-8CAC-7921-A2B3-7A9E840EAD91}\Version 3.x] @DACL= "dat"="1767914624:{1D302E49-F202-3904-BD42-357992110E2B}" . [HKEY_LOCAL_MACHINE\software\Microsoft\WinXGA*\Providers*\{D41D8CD9-8F00-B204-E980-0998ECF8427E}\Current*Set\xga-1\ver] @DACL= "KnownSvcs"="923714919:{CC5548FC-BE5B-209C-5474-FC2EC760D104}" . [HKEY_LOCAL_MACHINE\software\XBMga*\UUIDs\{F53819E8-5355-4356-C7C6-4E210ADF14FE}\xga-1\Install*Loc] @DACL= "{19620715-0001-1211-574574-30001}"="234521779:{AFDE4786-4614-E738-D2F1-13479841283C}" . [HKEY_LOCAL_MACHINE\software\xGenArts\Sapphire AE\DLL ver*\{A6D90D08-68DD-2B46-E2AC-5782669B2696}] @DACL= "CTE_32 Name"="8:{19C42D30-D844-8A07-12A4-E783E7D228F7}" DUMPHIVE0.003 (REGF) . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(948) c:\windows\system32\Ati2evxx.dll c:\windows\system32\ACTIVEDS.dll . Voltooingstijd: 2013-08-08 15:33:15 ComboFix-quarantined-files.txt 2013-08-08 13:33 . Pre-Run: 99.269.980.160 bytes beschikbaar Post-Run: 99.594.506.240 bytes beschikbaar . WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect . - - End Of File - - 80989543E6696A298061604852BF2E5B 3051207086651214E435112E51817DC5