ComboFix 13-10-12.01 - Gilles 13/10/2013 13:51:27.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3327.2236 [GMT 2:00] Gestart vanuit: c:\documents and settings\Gilles\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Gilles\Bureaublad\CFScript.txt . . (((((((((((((((((((( Bestanden Gemaakt van 2013-09-13 to 2013-10-13 )))))))))))))))))))))))))))))) . . . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-09-20 14:49 . 2012-07-18 12:20 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-09-20 14:49 . 2012-07-18 12:20 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-08-11 14:38 . 2013-08-11 14:38 551424 ----atw- c:\documents and settings\Gilles\Application Data\Microsoft\engine_ag.dll 2013-08-09 01:56 . 2004-08-04 12:00 391168 ------w- c:\windows\system32\themeui.dll 2013-08-08 06:09 . 2004-08-04 12:00 1877888 ------w- c:\windows\system32\win32k.sys 2013-08-08 06:05 . 2004-08-04 12:00 920064 ----a-w- c:\windows\system32\wininet.dll 2013-08-08 06:05 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2013-08-08 06:05 . 2004-08-04 12:00 18944 ------w- c:\windows\system32\corpol.dll 2013-08-08 06:05 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-08-08 00:04 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec 2013-08-05 13:30 . 2004-08-04 12:00 1289216 ----a-w- c:\windows\system32\ole32.dll 2013-08-02 23:48 . 2006-10-18 20:47 1543680 ------w- c:\windows\system32\wmvdecod.dll 2013-07-19 22:06 . 2007-11-10 20:18 189248 ----a-w- c:\windows\system32\PnkBstrB.exe 2013-07-19 22:06 . 2007-11-10 20:18 75136 ----a-w- c:\windows\system32\PnkBstrA.exe 2013-07-19 00:51 . 2007-11-21 13:06 3123272 ----a-w- c:\windows\system32\pbsvc.exe 2009-09-12 22:05 . 2013-09-19 11:38 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll 2009-09-12 22:06 . 2013-09-19 11:38 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2009-09-12 22:06 . 2013-09-19 11:38 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2009-09-12 22:06 . 2013-09-19 11:38 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2009-09-12 22:06 . 2013-09-19 11:38 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll 2009-09-12 22:07 . 2013-09-19 11:38 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2009-09-12 22:06 . 2013-09-19 11:38 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2009-09-12 22:06 . 2013-09-19 11:38 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2009-08-14 12:33 . 2013-09-19 11:38 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2009-09-12 22:06 . 2013-09-19 11:38 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "feedreader.exe"="c:\program files\FeedReader30\feedreader.exe" [2007-11-01 1201664] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304] "RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 98304] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] "UMonit"="c:\windows\system32\UMonit.exe" [2013-06-30 49152] "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-12 103768] "Soluto"="c:\program files\soluto\soluto.exe" [2013-01-10 1229296] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-6-27 323646] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-5 805392] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 01:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Edimax Wireless Utility.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Edimax Wireless Utility.lnk backup=c:\windows\pss\Edimax Wireless Utility.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 09:50 155648 ------w- c:\windows\system32\NeroCheck.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\NovaLogic\\Joint Operations Typhoon Rising\\Jointops.exe"= "c:\\Program Files\\NovaLogic\\Joint Operations Typhoon Rising\\UPDATE.EXE"= "c:\\Program Files\\Xfire\\xfire.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\EA GAMES\\The Battle for Middle-earth(tm)\\game.dat"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "c:\\Documents and Settings\\Gilles\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= "c:\\Documents and Settings\\Gilles\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Gilles\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "h:\\Program Files\\FIFA 09\\FIFA09.exe"= "h:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"= "h:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"= "h:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"= "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"= "c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "f:\\Program Files\\Steam\\steamapps\\common\\flatout ultimate carnage\\Fouc.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "f:\\Program Files\\Steam\\steamapps\\common\\call of duty black ops\\BlackOpsMP.exe"= "f:\\Program Files\\Steam\\steamapps\\common\\flatout ultimate carnage\\launcher.exe"= "f:\\Program Files\\Steam\\steamapps\\common\\rollercoaster tycoon 3 gold\\RCT3plus.exe"= "f:\\Program Files\\Steam\\steamapps\\common\\Assassins Creed Brotherhood\\ACBSP.exe"= "f:\\Program Files\\Steam\\steamapps\\common\\assassin's creed 2\\AssassinsCreedIIGame.exe"= "c:\\Program Files\\Soluto\\SolutoCleanup.exe"= "c:\\Program Files\\Soluto\\Soluto.exe"= "c:\\Program Files\\Soluto\\SolutoService.exe"= "c:\\Program Files\\Soluto\\SolutoConsole.exe"= "c:\\Program Files\\Soluto\\SolutoUpdateService.exe"= "f:\\Program Files\\Steam\\steamapps\\common\\Assassin's Creed Revelations\\ACRSP.exe"= "f:\\Program Files\\Steam\\steamapps\\common\\Assassin's Creed Revelations\\ACRMP.exe"= "f:\\Program Files\\Steam\\steamapps\\common\\Assassin's Creed Revelations\\ACRPR.exe"= "f:\\Program Files\\Steam\\steamapps\\common\\sid meier's civilization v\\Launcher.exe"= "f:\\Program Files\\Steam\\steamapps\\common\\stalker shadow of chernobyl\\bin\\XR_3DA.exe"= "f:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"= "c:\\Program Files\\Java\\jre7\\bin\\java.exe"= . R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [10/01/2013 22:19 51144] R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [8/09/2009 19:13 65584] R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [9/09/2009 22:01 7936] R2 SolutoLauncherService;Soluto Launcher Service;c:\program files\Soluto\SolutoLauncherService.exe [10/01/2013 12:09 166896] R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [10/01/2013 12:09 547312] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [7/11/2007 18:31 38656] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [22/05/2012 23:02 99856] R3 cpuz136;cpuz136;\??\c:\windows\TEMP\cpuz136\cpuz136_x32.sys --> c:\windows\TEMP\cpuz136\cpuz136_x32.sys [?] R3 GeneStor;Genesys Logic Storage Driver;c:\windows\system32\drivers\GeneStor.sys [30/06/2013 22:38 54784] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [19/03/2009 0:54 47360] S2 gupdate1c98618c26df836;Google Update Service (gupdate1c98618c26df836);c:\program files\Google\Update\GoogleUpdate.exe [3/02/2009 18:02 133104] S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [11/08/2013 16:35 26032] S3 BDA_Capture_225;USB Digital-TV receiver Driver 2.0.1.8;c:\windows\system32\drivers\BDA_Capture_225.sys [11/11/2007 17:03 14592] S3 BDA_Loader_225;USB Digital-TV Receiver Firmware Loader 6.5.8.0;c:\windows\system32\drivers\BDA_Loader_225.sys [11/11/2007 17:03 18944] S3 cpuz130;cpuz130;\??\c:\docume~1\Gilles\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Gilles\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?] S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [9/09/2009 22:01 23680] S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;\??\c:\windows\system32\PLCMPR5.SYS --> c:\windows\system32\PLCMPR5.SYS [?] S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\PLCNDIS5.SYS [19/04/2006 15:13 17280] S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [11/11/2007 11:19 507264] S3 SolutoRemoteService;Soluto Remote Service;c:\program files\Soluto\SolutoRemoteService.exe [10/01/2013 11:33 1239552] . Inhoud van de 'Gedeelde Taken' map . 2008-06-12 c:\windows\Tasks\FRU Task 2002-06-27 08:46ewlett-Packard2002-06-27 08:46p psc 2200 seriesF56855811176EC24C9B302F94878AD886AF77CFF205168971.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-27 00:46] . 2013-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 16:01] . 2013-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 16:01] . 2013-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1958367476-839522115-1003Core.job - c:\documents and settings\Gilles\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-01 14:14] . 2013-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1958367476-839522115-1003UA.job - c:\documents and settings\Gilles\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-01 14:14] . 2013-10-03 c:\windows\Tasks\Wakker worden.job - c:\documents and settings\Gilles\Mijn documenten\Mijn muziek\Mijn afspeellijsten\Wakker worden.wpl [2013-09-29 23:26] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Trusted Zone: com.tw\asia.msi Trusted Zone: com.tw\global.msi Trusted Zone: com.tw\www.msi Trusted Zone: plantyn.com\interactief TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Gilles\Application Data\Mozilla\Firefox\Profiles\54n231vt.default\ FF - prefs.js: browser.search.selectedEngine - GoogleCOM FF - user.js: browser.search.selectedEngine - GoogleCOM . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-10-13 13:54 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run UMonit = c:\windows\system32\UMonit.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1614895754-1958367476-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*)ð] @Class="Shell" . [HKEY_USERS\S-1-5-21-1614895754-1958367476-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*)ð\OpenWithList] @Class="Shell" "a"="WINWORD.EXE" "MRUList"="a" . [HKEY_USERS\S-1-5-21-1614895754-1958367476-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*)ð\OpenWithProgids] "?_auto_file"=hex(0): . [HKEY_USERS\S-1-5-21-1614895754-1958367476-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Electronic Arts\C*o*m*m*a*n*d* *&* *C*o*n*q*u*e*r* *3* *T*i*b*e*r*i*u*m* *W*a*r*s*"!\Ondersteuning] "Order"=hex:08,00,00,00,02,00,00,00,9a,02,00,00,01,00,00,00,04,00,00,00,9e,00, 00,00,00,00,00,00,90,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,7e,00,32,\ . [HKEY_USERS\S-1-5-21-1614895754-1958367476-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:d2,c3,9e,bd,e9,f3,cc,fe,77,cc,2f,70,6c,87,f5,3a,ae,fb,2e,19,73,67,0e, 62,62,db,9d,96,58,ec,e1,0f,43,c9,ed,e5,20,1a,2d,a9,4e,a9,b1,10,0a,1e,78,ab,\ "??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49 . [HKEY_USERS\S-1-5-21-1614895754-1958367476-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:29,09,ae,db,59,de,b6,21,20,69,fe,c2,30,52,05,2a,c1,94,11,6d,42, e4,e1,72,24,f2,86,6f,1e,74,c0,46,34,22,e0,63,a4,08,a0,dc,57,3b,06,8f,42,82,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . [HKEY_LOCAL_MACHINE\software\Classes\.*)ð] @="?_auto_file" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(824) c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll c:\program files\common files\logitech\bluetooth\LBTWlgn.dll c:\program files\common files\logitech\bluetooth\LBTServ.dll . - - - - - - - > 'explorer.exe'(6800) c:\program files\Logitech\SetPoint\GameHook.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\msi.dll c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTIntrfc.dll c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTConfig.DLL c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\JBNSRES.DLL c:\windows\system32\wmp.dll c:\windows\system32\wmploc.dll c:\windows\system32\wmpps.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Voltooingstijd: 2013-10-13 13:56:25 ComboFix-quarantined-files.txt 2013-10-13 11:56 . Pre-Run: 57.858.691.072 bytes beschikbaar Post-Run: 57.869.373.440 bytes beschikbaar . - - End Of File - - 56B5587710FBD353E380352F1B6B3904 3051207086651214E435112E51817DC5