ComboFix 10-03-14.03 - Administrator 14-03-2010 23:11:00.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.503.249 [GMT 1:00] Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe AV: avast! antivirus 4.8.1368 [VPS 100314-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . (((((((((((((((((((( Bestanden Gemaakt van 2010-02-14 to 2010-03-14 )))))))))))))))))))))))))))))) . 2010-03-14 21:54 . 2010-03-14 21:54 -------- d-----w- c:\windows\Sun 2010-03-14 19:09 . 2010-03-14 19:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-03-14 19:09 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-14 19:09 . 2010-03-14 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-03-14 19:09 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-14 19:03 . 2010-03-14 21:42 -------- d-----w- c:\program files\Nieuwe map 2010-03-14 18:21 . 2010-03-14 18:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Stardock 2010-03-14 18:21 . 2010-03-14 18:21 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B} 2010-03-14 18:21 . 2009-10-02 17:59 3254528 -c--a-w- c:\documents and settings\All Users\Application Data\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}\Fences.exe 2010-03-14 18:20 . 2010-03-14 18:20 -------- d-----w- c:\program files\Stardock 2010-03-14 18:20 . 2010-03-14 18:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PackageAware 2010-03-14 18:13 . 2008-04-15 12:00 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll 2010-03-14 18:12 . 2010-03-14 18:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\CyberLink 2010-03-14 17:14 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2010-03-14 16:49 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-03-14 16:49 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-03-14 16:49 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-03-14 16:49 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr 2010-03-14 16:49 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-03-14 16:49 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-03-14 16:49 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-03-14 16:49 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-03-14 16:48 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe 2010-03-14 16:48 . 2003-03-18 21:20 1060864 ----a-w- c:\windows\system32\MFC71.dll 2010-03-14 16:48 . 2010-03-14 16:48 -------- d-----w- c:\program files\Alwil Software 2010-03-14 16:45 . 2010-03-14 21:42 -------- d--h--r- c:\documents and settings\Administrator\Onlangs geopend 2010-03-14 16:15 . 2010-03-14 19:28 -------- d-----w- c:\documents and settings\Administrator\Tracing 2010-03-14 16:09 . 2010-03-14 16:09 -------- d-----w- c:\program files\Microsoft 2010-03-14 16:09 . 2010-03-14 16:09 -------- d-----w- c:\program files\Windows Live SkyDrive 2010-03-14 16:09 . 2010-03-14 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2010-03-14 16:08 . 2010-03-14 16:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\Office Genuine Advantage 2010-03-14 16:06 . 2010-03-14 16:06 -------- d-----w- c:\program files\Common Files\Windows Live 2010-03-14 16:05 . 2010-03-14 16:05 -------- d-----w- c:\documents and settings\Administrator\Contacts 2010-03-12 11:27 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys 2010-03-12 11:27 . 2009-11-27 17:25 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll 2010-03-12 11:27 . 2009-11-27 16:10 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll 2010-03-12 11:27 . 2009-11-27 16:10 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll 2010-03-12 11:26 . 2009-12-04 17:25 456832 -c----w- c:\windows\system32\dllcache\mrxsmb.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-14 21:54 . 2010-03-14 21:54 -------- d-----w- c:\program files\Common Files\Java 2010-03-14 21:54 . 2010-03-14 21:54 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-680345c4-n\msvcr71.dll 2010-03-14 21:54 . 2010-03-14 21:54 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-680345c4-n\msvcp71.dll 2010-03-14 21:54 . 2010-03-14 21:54 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-680345c4-n\jmc.dll 2010-03-14 21:53 . 2010-03-14 21:53 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-23f2449e-n\decora-sse.dll 2010-03-14 21:53 . 2010-03-14 21:53 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-23f2449e-n\decora-d3d.dll 2010-03-14 21:53 . 2010-03-14 21:53 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-03-14 21:53 . 2010-03-14 21:53 -------- d-----w- c:\program files\Java 2010-03-14 18:21 . 2010-01-29 11:26 68456 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-14 18:12 . 2005-04-30 12:04 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink 2010-03-14 18:06 . 2005-04-30 11:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-03-14 18:03 . 2005-04-30 11:48 -------- d-----w- c:\program files\Microsoft Works 2010-03-14 16:27 . 2008-04-15 12:00 91074 ----a-w- c:\windows\system32\perfc013.dat 2010-03-14 16:27 . 2008-04-15 12:00 509122 ----a-w- c:\windows\system32\perfh013.dat 2010-03-14 16:09 . 2005-04-30 11:27 -------- d-----w- c:\program files\Windows Live 2010-02-19 14:50 . 2010-01-29 16:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3 2010-01-30 16:54 . 2005-04-30 11:00 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-01-29 17:33 . 2005-04-30 11:09 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-29 17:19 . 2010-01-29 17:19 -------- d-----w- c:\program files\MSXML 4.0 2010-01-01 07:58 . 2008-12-11 13:33 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-21 19:10 . 2009-03-08 04:34 916480 ----a-w- c:\windows\system32\wininet.dll 2009-12-17 07:42 . 2005-04-30 10:55 345600 ----a-w- c:\windows\system32\mspaint.exe . ------- Sigcheck ------- [-] 2009-06-12 . FB041ED86B4200D8A502D871635B8D77 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-15 110592] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-01-22 81920] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760] "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2007-11-16 91432] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_3"="advpack.dll" [2009-03-08 128512] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoSimpleStartMenu"= 0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [14-3-2010 17:49 114768] R1 vcdrom;Virtual CD-ROM Device Driver;c:\program files\System\CPL Bonus\vcdrom.sys [30-4-2005 11:56 8576] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14-3-2010 17:49 20560] --- Andere Services/Drivers In Geheugen --- *NewlyCreated* - JAVAQUICKSTARTERSERVICE *NewlyCreated* - VCDROM . Inhoud van de 'Gedeelde Taken' map 2010-03-14 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07] 2010-03-14 c:\windows\Tasks\User_Feed_Synchronization-{1453DC48-DCB0-42F0-9878-F99DA8572AA6}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 04:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-14 23:16 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-2000478354-1580436667-1606980848-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,36,97,23,8d,b7,52,04,43,bf,0d,6a,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,36,97,23,8d,b7,52,04,43,bf,0d,6a,\ . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(3212) c:\program files\Stardock\Fences\FencesMenu.dll c:\windows\system32\wpdshserviceobj.dll c:\program files\stardock\fences\DesktopDock.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . Voltooingstijd: 2010-03-14 23:18:37 ComboFix-quarantined-files.txt 2010-03-14 22:18 Pre-Run: 52.035.321.856 bytes beschikbaar Post-Run: 52.035.846.144 bytes beschikbaar WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - DF84401FBCDCD31818D49DC654966E33