ComboFix 09-10-13.04 - Greet Seys 14/10/2009 20:46.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.512.176 [GMT 2:00] Gestart vanuit: c:\documents and settings\Greet Seys\Bureaublad\ComboFix.exe AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Greet Seys\Application Data\inst.exe c:\program files\MyWay c:\program files\MyWay\SrchAstt\1.bin\PARTNER.DAT c:\program files\MyWay\SrchAstt\Cache\01021054 c:\program files\MyWay\SrchAstt\Cache\0102120A c:\program files\MyWay\SrchAstt\Cache\files.ini c:\program files\MyWay\SrchAstt\Settings\prevcfg.htm c:\windows\didduid.ini c:\windows\Installer\1cf93.msi . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MSUPDATE -------\Service_MsUpdate (((((((((((((((((((( Bestanden Gemaakt van 2009-09-14 to 2009-10-14 )))))))))))))))))))))))))))))) . 2017-11-08 20:33 . 2017-11-08 20:33 86016 ------w- c:\windows\system32\pxwma.dll 2017-11-08 20:33 . 2017-11-08 20:33 105472 ------w- c:\windows\system32\pxcpyi64.exe 2017-11-08 20:33 . 2017-11-08 20:33 103936 ------w- c:\windows\system32\pxinsi64.exe 2009-10-01 20:10 . 1999-06-25 09:55 149504 ----a-w- c:\windows\system32\UNWISE.EXE 2009-09-20 20:01 . 2008-11-20 19:19 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys 2009-09-20 20:01 . 2008-11-20 19:19 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys 2009-09-20 19:59 . 2009-09-20 19:59 -------- d-----w- c:\windows\system32\IOSUBSYS 2009-09-20 11:52 . 2009-09-20 11:52 -------- d-sh--w- c:\documents and settings\Clara\PrivacIE 2009-09-20 08:16 . 2009-09-20 19:50 -------- d-----w- c:\program files\SoftLogica . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-14 10:15 . 2009-02-01 08:23 -------- d-----w- c:\program files\SPAMfighter 2009-10-12 20:01 . 2007-01-01 21:53 -------- d-----w- c:\documents and settings\Greet Seys\Application Data\uTorrent 2009-10-08 14:24 . 2004-03-29 11:42 150456 ----a-w- c:\documents and settings\Greet Seys\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-01 20:42 . 2004-04-18 07:40 -------- d-----w- c:\program files\Common Files\Adobe 2009-09-20 19:59 . 2006-12-20 18:10 -------- d-----w- c:\program files\Google 2009-09-20 19:54 . 2009-08-18 12:29 -------- d-----w- c:\program files\AoA Audio Extractor 2009-09-20 11:59 . 2009-04-07 11:42 151848 ----a-w- c:\documents and settings\Clara\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-10 15:30 . 2009-04-05 09:56 151848 ----a-w- c:\documents and settings\Arthur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-23 19:05 . 2008-11-02 16:24 -------- d-----w- c:\program files\MyDSC2 2009-08-23 18:45 . 2004-03-20 16:29 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-23 18:45 . 2009-08-23 18:45 -------- d-----w- c:\documents and settings\Greet Seys\Application Data\InstallShield 2009-08-10 20:39 . 2001-09-07 11:00 86226 ----a-w- c:\windows\system32\perfc013.dat 2009-08-10 20:39 . 2001-09-07 11:00 499242 ----a-w- c:\windows\system32\perfh013.dat 2009-08-06 17:24 . 2004-08-19 13:18 327896 ----a-w- c:\windows\system32\wucltui.dll 2009-08-06 17:24 . 2004-08-19 13:18 209632 ----a-w- c:\windows\system32\wuweb.dll 2009-08-06 17:24 . 2005-05-26 02:16 44768 ----a-w- c:\windows\system32\wups2.dll 2009-08-06 17:24 . 2004-08-19 13:18 35552 ----a-w- c:\windows\system32\wups.dll 2009-08-06 17:24 . 2004-05-07 18:57 53472 ----a-w- c:\windows\system32\wuauclt.exe 2009-08-06 17:24 . 2004-05-07 18:58 96480 ----a-w- c:\windows\system32\cdm.dll 2009-08-06 17:23 . 2004-08-19 13:18 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-08-06 17:23 . 2004-05-07 18:57 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-08-05 09:01 . 2004-05-07 18:58 205312 ------w- c:\windows\system32\mswebdvd.dll 2009-08-04 08:41 . 2008-05-17 08:15 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-08-04 08:41 . 2007-07-16 20:20 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-08-04 08:41 . 2008-05-17 08:15 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-07-17 19:04 . 2004-05-07 18:58 58880 ----a-w- c:\windows\system32\atl.dll 2002-07-26 15:02 . 2005-09-06 15:36 153088 ----a-w- c:\program files\UNWISE.EXE 2008-02-20 12:38 . 2008-02-20 12:37 24 --sh--w- c:\windows\S6EE9D90F.tmp . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-09-02 09:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-06 68856] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-07-02 23237416] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 405583] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 335872] "ftpqueue"="c:\program files\WS_FTP Pro\ftpqueue.exe" [2004-11-13 245760] "ezShieldProtector for Px"="c:\windows\system32\ezSP_Px.exe" [2002-08-20 40960] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-09-11 98304] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-30 2023704] "ExtraFilmHemmaAgent"="c:\program files\Spector Photo Software\Agent.exe" [2006-10-03 323584] "SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2009-01-28 325768] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-09-21 520024] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] "ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2006-07-25 67264] c:\documents and settings\Greet Seys\Menu Start\Programma's\Opstarten\ hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-12-29 625952] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-08-04 08:41 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0lsdelete [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\WS_FTP Pro\\ftp95pro.exe"= "c:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "d:\\Mijn Documenten\\utorrent.exe"= "c:\\Documents and Settings\\Greet Seys\\Bureaublad\\utorrent.exe"= "c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"= "c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"= "c:\\Program Files\\Common Files\\Siemens\\SQLANY\\dbsrv7.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Hamachi\\hamachi.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6346:TCP"= 6346:TCP:Sharezaz "6346:UDP"= 6346:UDP:Shareaza R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/05/2009 21:15 64160] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [17/05/2008 10:15 335240] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [17/05/2008 10:15 108552] R2 almservice;Automation License Key Service;c:\program files\Common Files\Siemens\SWS\almsrv\almsrvx.exe [11/02/2007 22:28 483392] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [1/05/2009 9:58 908056] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [18/01/2009 21:30 297752] R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [1/05/2009 9:58 1370488] R2 Dpmtrcdd;Dpmtrcdd;c:\windows\system32\drivers\dpmtrcdd.sys [11/02/2007 21:38 30192] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1028432] R2 MarxDev1;MarxDev1;c:\windows\system32\drivers\MARXDEV1.SYS [2/04/2008 17:49 8864] R2 MarxDev2;MarxDev2;c:\windows\system32\drivers\MARXDEV2.SYS [2/04/2008 17:49 8864] R2 MarxDev3;MarxDev3;c:\windows\system32\drivers\MARXDEV3.SYS [2/04/2008 17:49 8864] R2 scpdrv;scpdrv;c:\program files\Common Files\Siemens\SWS\plugins\scp\scpdrv.sys [11/02/2007 22:28 26944] R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [28/01/2009 13:08 184968] R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [13/12/2008 20:04 29208] S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [13/12/2008 20:04 29208] S3 S5AS511;S5AS511;c:\windows\system32\drivers\S5AS511.SYS [20/03/2006 22:17 15360] S3 S5MCD;S5MCD;c:\windows\system32\drivers\S5MCD.SYS [20/03/2006 22:17 188416] S3 s7oefs_x;SIMATIC MPI/EFS Driver;c:\windows\system32\drivers\s7oefs_x.sys [18/10/2002 2:34 30512] S3 sdAuxService;Spyware Doctor Auxiliary Service;c:\program files\Spyware Doctor\svcntaux.exe --> c:\program files\Spyware Doctor\svcntaux.exe [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Inhoud van de 'Gedeelde Taken' map 2009-10-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 19:18] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.hln.be/ uDefault_Search_URL = hxxp://www.google.com/ie mSearch Bar = mWindow Title = Telenet Internet uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java DPF: {297F2B65-017C-11D5-A128-00D0B7869AD6} - hxxp://photoprint.photohall.be/NL/myprint/SPU.cab DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader.cab DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} - hxxp://express.foto.com/SFUploader/SpeedUploader.cab . - - - - ORPHANS VERWIJDERD - - - - WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) HKLM-Run-AntiSpam - c:\program files\Anti-Spam\AntiSpam.exe HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe Notify-WgaLogon - (no file) AddRemove-Foto.com's Editor_is1 - c:\program files\Foto.com\Foto.com AddRemove-proDAD-Heroglyph-1.0 - c:\program files\proDAD\Heroglyph-1.0\uninstall.exe AddRemove-Spyware Doctor - c:\program files\Spyware Doctor\unins000.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-14 21:10 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-1645522239-789336058-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9DA6594A-E8B1-67F1-4E6A-54075F2F453B}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "haknnpphemgmblnk"=hex:61,61,00,00 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{114866E9-7C82-20F7-16C3063A4CAB25A4}\{3FC78BFC-C5A7-A764-C3D11931F655D68A}\{CA848313-C322-9D26-10260A1412DD57C5}*] "GG2KGGPNIIGO4BVBD4BQHYVQFA1"=hex:01,00,01,00,00,00,00,00,e0,92,fd,62,05,19,43, a9,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C9791B2E-5B50-94A2-6150B4CB461D6075}\{0B8A9361-9405-15CE-FD3AFA34C9DB9BA2}\{54850B20-C302-5B9E-ABC602476860E9F3}*] "GG2KGGPNIIGO4BVBD4BQHYVQFA1"=hex:01,00,01,00,00,00,00,00,e0,92,fd,62,05,19,43, a9,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EF6C66C5-6F12-D03C-CBD6A967D3458FDE}\{1BFBC393-D5EA-0E65-643DBB56CFD38894}\{E801FD1E-2051-63AF-31DD653F6F47DAA3}*] "GG2KGGPNIIGO4BVBD4BQHYVQFA1"=hex:01,00,01,00,00,00,00,00,e0,92,fd,62,05,19,43, a9,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(2004) c:\windows\system32\webcheck.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\program files\WS_FTP Pro\ftpsched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\AVG\AVG8\avgrsx.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe c:\windows\system32\wdfmgr.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\wscntfy.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Voltooingstijd: 2009-10-14 21:35 - machine werd herstart ComboFix-quarantined-files.txt 2009-10-14 19:35 Pre-Run: 9.317.715.968 bytes beschikbaar Post-Run: 10.043.355.136 bytes beschikbaar WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptIn 248 --- E O F --- 2009-09-10 21:47