ComboFix 10-09-20.01 - xxxx 21/09/2010 19:25:39.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1015.326 [GMT 2:00] Gestart vanuit: c:\documents and settings\xxxx\Bureaublad\ComboFix.exe AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\xxxx\Menu Start\Programma's\Opstarten\OpenOffice.org 3.2 .lnk . (((((((((((((((((((( Bestanden Gemaakt van 2010-08-21 to 2010-09-21 )))))))))))))))))))))))))))))) . 2010-09-21 13:53 . 2010-09-21 13:53 4093792 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe 2010-09-21 13:53 . 2010-09-21 13:53 3586912 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe 2010-09-21 13:53 . 2010-09-21 13:53 620896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe 2010-09-21 13:53 . 2010-09-21 13:53 1619296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll 2010-09-21 13:53 . 2010-09-21 13:53 942432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll 2010-09-21 13:53 . 2010-09-21 13:53 598368 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll 2010-09-21 13:53 . 2010-09-21 13:53 5649320 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\winspamcatcher.dll 2010-09-21 13:53 . 2010-09-21 13:53 4371296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll 2010-09-21 13:53 . 2010-09-21 13:53 300896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll 2010-09-21 13:53 . 2010-09-21 13:53 2331032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfws9.exe 2010-09-21 13:53 . 2010-09-21 13:53 1690952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll 2010-09-16 16:01 . 2010-09-18 10:21 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-09-15 16:48 . 2010-09-18 10:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2010-09-15 16:48 . 2010-09-15 16:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2010-09-15 16:48 . 2010-09-15 16:48 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2010-09-15 13:51 . 2010-09-15 13:51 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-09-15 13:51 . 2010-09-15 13:47 185640 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\finishPlugin.dll 2010-09-15 13:51 . 2010-09-15 13:45 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll 2010-09-15 13:51 . 2010-09-15 13:44 850200 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe 2010-09-15 13:51 . 2010-09-15 13:51 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe 2010-09-15 13:51 . 2010-09-15 13:51 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe 2010-09-15 13:50 . 2010-09-15 13:50 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe 2010-09-15 13:50 . 2010-09-15 13:50 57691 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe 2010-09-15 13:50 . 2010-09-21 17:05 -------- d-----w- c:\documents and settings\xxxx\Application Data\DivX 2010-09-15 13:48 . 2010-09-15 13:48 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe 2010-09-15 13:48 . 2010-09-15 13:48 -------- d-----w- c:\program files\Common Files\DivX Shared 2010-09-15 13:48 . 2010-09-15 13:48 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe 2010-09-15 13:47 . 2010-09-15 13:51 -------- d-----w- c:\program files\DivX 2010-09-15 13:45 . 2010-09-15 13:45 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe 2010-09-15 13:44 . 2010-09-15 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX 2010-09-15 12:58 . 2010-09-20 17:12 -------- d--h--r- c:\documents and settings\xxxx\Onlangs geopend . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-21 17:47 . 2010-03-18 18:57 -------- d-----w- c:\documents and settings\xxxx\Application Data\Skype 2010-09-21 17:46 . 2010-03-18 19:01 -------- d-----w- c:\documents and settings\xxxx\Application Data\skypePM 2010-09-20 16:53 . 2010-03-02 19:20 1 ----a-w- c:\documents and settings\xxxx\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-09-15 13:49 . 2010-09-15 13:49 84063 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe 2010-09-15 13:49 . 2010-09-15 13:49 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe 2010-09-15 13:49 . 2010-09-15 13:49 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe 2010-09-15 13:49 . 2010-09-15 13:49 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe 2010-08-06 10:40 . 2010-08-06 10:40 -------- d-----w- c:\program files\Common Files\Java 2010-08-06 10:39 . 2010-04-10 09:08 -------- d-----w- c:\program files\Java 2010-08-06 10:34 . 2010-08-06 10:34 503808 ----a-w- c:\documents and settings\xxxx\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5370bdcd-n\msvcp71.dll 2010-08-06 10:34 . 2010-08-06 10:34 499712 ----a-w- c:\documents and settings\xxxx\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5370bdcd-n\jmc.dll 2010-08-06 10:34 . 2010-08-06 10:34 348160 ----a-w- c:\documents and settings\xxxx\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5370bdcd-n\msvcr71.dll 2010-08-06 10:34 . 2010-08-06 10:34 12800 ----a-w- c:\documents and settings\xxxx\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3eaa4af6-n\decora-d3d.dll 2010-08-06 10:34 . 2010-08-06 10:34 61440 ----a-w- c:\documents and settings\xxxx\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3eaa4af6-n\decora-sse.dll 2010-07-22 15:46 . 2010-03-07 17:42 590848 ----a-w- c:\windows\system32\rpcrt4.dll 2010-07-22 06:19 . 2008-05-05 06:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll 2010-07-17 03:00 . 2010-05-03 10:27 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-07-05 10:45 . 2010-03-27 17:08 439816 ----a-w- c:\documents and settings\xxxx\Application Data\Real\Update\setup3.10\setup.exe 2010-06-30 12:33 . 2010-03-07 17:41 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-24 12:27 . 2010-03-07 17:41 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-24 09:02 . 2010-03-07 17:41 1852032 ----a-w- c:\windows\system32\win32k.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2010-04-19 08:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-09 39408] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-16 198160] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-22 2065760] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-12-10 188416] "Athan"="c:\program files\Athan\Athan.exe" [2009-08-23 1114112] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\AVG\\AVG9\\avgam.exe"= "c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [16/02/2010 16:00 25168] R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [16/02/2010 16:00 52872] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [16/02/2010 16:00 216400] R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [16/02/2010 16:00 243024] R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [16/02/2010 16:00 30104] R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [16/02/2010 16:00 122448] R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [16/02/2010 16:00 30288] R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [16/02/2010 16:00 26192] S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [16/02/2010 16:00 30104] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [19/04/2010 12:47 27064] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Inhoud van de 'Gedeelde Taken' map 2010-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 20:10] 2010-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 20:10] 2010-09-21 c:\windows\Tasks\User_Feed_Synchronization-{C7E1077A-AD21-4A94-B6EC-25047C59CE91}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 03:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.nieuwsblad.be/index.html uInternet Connection Wizard,ShellNext = hxxp://www.google.be/ uInternet Settings,ProxyOverride = localhost IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-09-21 19:47 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(4084) c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll c:\program files\Common Files\Ahead\Lib\MFC71U.DLL c:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe c:\windows\SOUNDMAN.EXE c:\program files\AVG\AVG9\avgwdsvc.exe c:\program files\AVG\AVG9\avgfws9.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe c:\program files\AVG\AVG9\avgemc.exe c:\program files\AVG\AVG9\avgam.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\Skype\Plugin Manager\skypePM.exe c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe c:\program files\AVG\AVG9\avgcsrvx.exe . ************************************************************************** . Voltooingstijd: 2010-09-21 19:53:39 - machine werd herstart ComboFix-quarantined-files.txt 2010-09-21 17:53 Pre-Run: 37.221.150.720 bytes beschikbaar Post-Run: 37.755.809.792 bytes beschikbaar WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 51211E24798A7EB050DDB06D790D90AB