ComboFix 10-01-31.03 - Jocelyne Norbruis 01-02-2010 18:55:14.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.894.584 [GMT 1:00] Gestart vanuit: c:\documents and settings\Jocelyne Norbruis\Bureaublad\12345.exe WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\h8srtkrl32mainweq.dll c:\documents and settings\All Users\Bureaublad\nudetube.com.lnk c:\documents and settings\All Users\Bureaublad\pornotube.com.lnk c:\documents and settings\All Users\Bureaublad\youporn.com.lnk c:\program files\Malware Defense c:\windows\system32\drivers\H8SRTdbotklftqs.sys c:\windows\system32\H8SRTptapfqxoyu.dll c:\windows\system32\h8srtshsyst.dll c:\windows\system32\H8SRTvjbxmvjgon.dll c:\windows\system32\H8SRTvkrqnliphw.dll c:\windows\system32\H8SRTwniydlhrml.dat c:\windows\system32\H8SRTxylqgixbhc.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_H8SRTd.sys -------\Legacy_H8SRTd.sys (((((((((((((((((((( Bestanden Gemaakt van 2010-01-01 to 2010-02-01 )))))))))))))))))))))))))))))) . 2010-02-01 17:25 . 2010-02-01 17:25 -------- d-----w- c:\documents and settings\Administrator 2010-02-01 16:16 . 2010-02-01 16:19 -------- d-----w- C:\32788R22FWJFW.3.tmp 2010-02-01 13:02 . 2010-02-01 13:04 -------- d-----w- C:\32788R22FWJFW.2.tmp 2010-01-31 00:29 . 2010-01-31 00:30 -------- d-----w- C:\32788R22FWJFW.1.tmp 2010-01-30 13:49 . 2010-01-30 13:49 -------- d--h--r- c:\documents and settings\Jocelyne Norbruis\Onlangs geopend 2010-01-30 13:12 . 2010-01-30 13:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-30 13:11 . 2010-01-30 13:11 -------- d-----w- c:\program files\CCleaner 2010-01-29 17:12 . 2010-01-29 17:12 108059 ----a-w- c:\windows\system32\drivers\klin.dat 2010-01-29 17:12 . 2010-01-29 17:12 95259 ----a-w- c:\windows\system32\drivers\klick.dat 2010-01-29 17:10 . 2010-01-29 17:10 -------- d-----w- c:\program files\Kaspersky Lab 2010-01-29 17:10 . 2010-01-29 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2010-01-29 17:08 . 2010-01-29 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2010-01-29 13:10 . 2010-01-29 13:10 -------- d-----w- c:\documents and settings\Jocelyne Norbruis\Application Data\AVG8 2010-01-26 20:05 . 2010-01-26 20:05 -------- d-----w- C:\ef19da985c204f38dbb05734a46001ff 2010-01-26 19:57 . 2010-01-29 14:12 -------- d-----w- c:\program files\Microsoft Security Essentials 2010-01-26 19:24 . 2010-01-26 19:24 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2010-01-23 21:54 . 2010-01-23 21:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Hyves 2010-01-13 08:49 . 2009-11-21 16:03 471552 ------w- c:\windows\system32\dllcache\aclayers.dll 2010-01-04 22:23 . 2010-01-04 22:23 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2010-01-04 22:05 . 2010-01-04 22:05 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2010-01-04 22:05 . 2010-01-04 22:05 -------- d-----w- c:\program files\DivX 2010-01-04 22:05 . 2010-01-04 22:05 -------- d-----w- c:\program files\Common Files\DivX Shared 2010-01-03 19:33 . 2010-01-03 19:33 -------- d-----w- C:\Keller8e 2010-01-03 16:38 . 2010-01-07 20:07 -------- d-----w- c:\documents and settings\Jocelyne Norbruis\Application Data\Belastingdienst . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-01 18:15 . 2007-09-24 17:27 256 ----a-w- c:\windows\system32\pool.bin 2010-01-30 13:11 . 2008-10-11 16:28 -------- d-----w- c:\program files\Huawei Modems 2010-01-29 15:12 . 2007-03-19 12:49 -------- d-----w- c:\program files\Alfa & Ariss 2010-01-29 15:01 . 2007-01-09 13:19 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-01-29 15:01 . 2007-01-09 13:19 -------- d-----w- c:\program files\Symantec 2010-01-29 15:01 . 2007-01-09 13:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2010-01-26 19:44 . 2008-05-23 17:00 -------- d-----w- c:\program files\Azureus 2010-01-26 19:44 . 2008-05-23 17:02 -------- d-----w- c:\documents and settings\Jocelyne Norbruis\Application Data\Azureus 2010-01-25 10:49 . 2004-09-14 08:38 92996 ----a-w- c:\windows\system32\perfc013.dat 2010-01-25 10:49 . 2004-09-14 08:38 513936 ----a-w- c:\windows\system32\perfh013.dat 2010-01-25 10:02 . 2009-04-16 16:01 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-01-24 22:28 . 2007-01-09 19:08 -------- d-----w- c:\program files\Soulseek 2010-01-22 15:07 . 2009-11-22 22:34 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-16 23:00 . 2009-10-13 15:49 -------- d-----w- c:\program files\PokerStars 2010-01-04 22:06 . 2007-01-04 18:39 -------- d-----w- c:\program files\Google 2010-01-01 14:51 . 2010-01-01 14:50 -------- d-----w- c:\program files\QuickTime 2009-12-21 19:10 . 2004-09-14 08:38 916480 ----a-w- c:\windows\system32\wininet.dll 2009-12-09 22:36 . 2008-08-27 15:45 -------- d-----w- c:\program files\Hema Album Software Advanced 2009-12-09 22:36 . 2008-08-27 15:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Hema Album Software Advanced 2009-11-21 16:03 . 2004-09-14 08:38 471552 ----a-w- c:\windows\AppPatch\aclayers.dll 2008-01-30 18:22 . 2008-01-30 18:22 1027584 ----a-w- c:\program files\wlsetup-web.exe 2008-01-29 17:38 . 2008-01-29 17:38 2402832 -c--a-w- c:\program files\WLinstaller.exe 2008-01-28 21:27 . 2008-01-28 21:27 4291704 ----a-w- c:\program files\VLCfree_8676.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480] "DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-28 395776] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-27 149280] "SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 282624] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-23 1032192] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640] "PMX Daemon"="ICO.EXE" [2006-11-08 49152] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 218032] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-01-04 169984] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 228088] "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-01-13 275800] "VX3000"="c:\windows\vVX3000.exe" [2006-12-05 707360] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-20 340456] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Jocelyne Norbruis\Menu Start\Programma's\Opstarten\ Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2007-5-31 1283608] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-1-9 110592] Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-1-9 110592] Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-1-4 24576] VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [2009-9-27 6144] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Soulseek-Test\\slsk.exe"= "c:\\Program Files\\Soulseek\\slsk.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14-10-2009 21:18 36880] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14-9-2009 14:42 32272] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2-10-2009 19:39 19472] S2 gupdate1ca8d8a3f2308c;Google Updateservice (gupdate1ca8d8a3f2308c);c:\program files\Google\Update\GoogleUpdate.exe [4-1-2010 23:05 133104] S3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [9-1-2007 18:27 18432] S3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [9-1-2007 18:27 14336] . Inhoud van de 'Gedeelde Taken' map 2010-01-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 10:34] 2010-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 22:05] 2010-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 22:05] 2009-01-13 c:\windows\Tasks\RCHubTask 0 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0.job - c:\program files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe [2007-04-20 07:59] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.symbaloo.com/ uInternet Settings,ProxyOverride = *.local IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Openen in een nieuwe achtergrondtab - c:\program files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?89d5ee55ed1c487580beb491547dccb4 IE: Openen in een nieuwe voorgrondtab - c:\program files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?89d5ee55ed1c487580beb491547dccb4 . - - - - ORPHANS VERWIJDERD - - - - AddRemove-HijackThis - e:\trend micro\HijackThis\HijackThis.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-01 19:20 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(576) c:\windows\system32\Ati2evxx.dll c:\windows\System32\BCMLogon.dll - - - - - - - > 'explorer.exe'(3364) c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\program files\Dell\QuickSet\dadkeyb.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Cisco Systems\VPN Client\cvpnd.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Microsoft LifeCam\MSCamS32.exe c:\program files\Dell\QuickSet\NICCONFIGSVC.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\stsystra.exe c:\windows\system32\ICO.EXE c:\program files\ATI Technologies\ATI.ACE\CLI.EXE c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe c:\program files\Google\Google Desktop Search\GoogleDesktopDisplay.exe c:\program files\Canon\CAL\CALMAIN.exe c:\program files\iPod\bin\iPodService.exe c:\program files\ATI Technologies\ATI.ACE\cli.exe . ************************************************************************** . Voltooingstijd: 2010-02-01 19:27:06 - machine werd herstart ComboFix-quarantined-files.txt 2010-02-01 18:26 Pre-Run: 40.339.193.856 bytes beschikbaar Post-Run: 41.274.748.928 bytes beschikbaar - - End Of File - - B1D0EEE03ABDF7FEFCF05F3222413470