ComboFix 08-06-10.5 - Anja 2008-06-12 18:11:09.6 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.979 [GMT 2:00] Gestart vanuit: C:\Downloaded with mozilla\ComboFix.exe * Resident AV is active . (((((((((((((((((((( Bestanden Gemaakt van 2008-05-12 to 2008-06-12 )))))))))))))))))))))))))))))) . Geen nieuwe bestanden aangemaakt in deze periode . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-11 11:47 --------- d-----w C:\Program Files\Windows Mail 2008-06-11 11:47 --------- d-----w C:\Program Files\McAfee 2008-05-21 18:46 --------- d-----w C:\Program Files\Google 2008-05-16 22:45 --------- d-----w C:\Program Files\IrfanView 2008-05-16 11:50 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-05-12 19:43 812,344 ----a-w C:\Users\Anja\HJTInstall.exe 2008-05-12 19:43 --------- d-----w C:\Program Files\Trend Micro 2008-05-10 17:19 --------- d-----w C:\Program Files\BitComet 2008-05-10 16:29 5,742,544 ----a-w C:\Users\Anja\bitcomet_setup.exe 2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll 2008-05-10 01:21 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys 2008-05-06 21:45 --------- d-----w C:\Program Files\Common Files\Adobe 2008-05-05 20:41 690,648 ----a-w C:\Users\Anja\installer-9258-865-Ares.exe 2008-05-04 20:56 174 --sha-w C:\Program Files\desktop.ini 2008-05-04 20:48 --------- d-----w C:\Program Files\Windows Sidebar 2008-05-04 20:48 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-05-04 20:48 --------- d-----w C:\Program Files\Windows Journal 2008-05-04 20:48 --------- d-----w C:\Program Files\Windows Defender 2008-05-04 20:48 --------- d-----w C:\Program Files\Windows Collaboration 2008-05-04 20:48 --------- d-----w C:\Program Files\Windows Calendar 2008-05-04 20:33 79,872 ----a-w C:\Windows\System32\axaltocm.dll 2008-05-04 20:33 101,376 ----a-w C:\Windows\System32\ifxcardm.dll 2008-04-30 15:43 318,904 ----a-w C:\Users\Anja\wmpfirefoxplugin.exe 2008-04-30 15:32 --------- d-----w C:\Program Files\Dell 2008-04-30 15:31 --------- d-----w C:\Program Files\PCCheckupOnline 2008-04-30 13:48 --------- d-----w C:\ProgramData\Dell 2008-04-30 13:46 31,542,424 ----a-w C:\Users\Anja\R180808-3.exe 2008-04-30 13:05 895,016 ----a-w C:\Users\Anja\WGAPluginInstall.exe 2008-04-28 18:43 --------- d-----w C:\Program Files\Conduit 2008-04-28 18:43 --------- d-----w C:\Program Files\Ares Galaxy Turbo Accelerator 2008-04-28 18:42 --------- d-----w C:\Users\Anja\AppData\Roaming\Download Manager 2008-04-28 18:41 128,376 ----a-w C:\Users\Anja\Download_AresGalaxyTurboAccelerator_installer.exe 2008-04-28 15:54 --------- d-----w C:\Program Files\Ares 2008-04-28 15:52 690,648 ----a-w C:\Users\Anja\installer-5130-865-Ares-Galaxy.exe 2008-04-27 19:37 --------- d-----w C:\Program Files\Advanced Diary 2008-04-27 19:35 --------- d-----w C:\Program Files\iDailyDiary 2008-04-26 21:47 --------- d-----w C:\Users\Anja\AppData\Roaming\Microsoft Web Folders 2008-04-26 21:30 2,018,372 ----a-w C:\Users\Anja\aresregular209_installer.exe 2008-04-26 20:43 --------- d-----w C:\Program Files\Bullfrog 2008-04-26 19:42 1,495,112 ----a-w C:\Users\Anja\install_flash_player.exe 2008-04-26 18:48 --------- d-----w C:\Program Files\SPSSEval 2008-04-26 18:36 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-04-26 18:33 --------- d-----w C:\Users\Anja\AppData\Roaming\SAS 2008-04-26 18:33 --------- d-----w C:\ProgramData\SAS 2008-04-26 17:42 --------- d-----w C:\ProgramData\Lavasoft 2008-04-26 17:41 --------- d-----w C:\Program Files\Lavasoft 2008-04-26 17:39 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-04-26 17:04 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-26 17:04 --------- d-----w C:\Program Files\SAS 2008-04-26 14:47 --------- d-----w C:\ProgramData\Messenger Plus! 2008-04-26 07:41 1,327,616 ----a-w C:\Windows\System32\quartz.dll 2008-04-25 23:56 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-04-25 23:56 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys 2008-04-25 23:55 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys 2008-04-25 23:55 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys 2008-04-25 23:55 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-04-25 23:55 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-04-25 23:55 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys 2008-04-25 23:55 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys 2008-04-25 23:55 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys 2008-04-25 23:55 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys 2008-04-25 23:55 110,136 ----a-w C:\Windows\system32\drivers\ataport.sys 2008-04-25 23:55 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys 2008-04-25 23:54 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-04-25 23:54 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-04-25 23:54 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-04-25 23:54 217,144 ----a-w C:\Windows\system32\drivers\netio.sys 2008-04-25 23:54 2,027,008 ----a-w C:\Windows\System32\win32k.sys 2008-04-25 23:54 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-04-25 23:53 296,448 ----a-w C:\Windows\System32\gdi32.dll 2008-04-25 23:51 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll 2008-04-25 23:51 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe 2008-04-25 23:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll 2008-04-25 21:07 126 ----a-w C:\Users\Anja\AppData\Roaming\wklnhst.dat 2008-04-25 20:50 --------- d-----w C:\Users\Anja\AppData\Roaming\Template 2008-04-25 19:23 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-04-25 18:54 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-04-25 18:54 --------- d-----w C:\Program Files\Windows Live 2008-04-25 18:44 --------- d-----w C:\ProgramData\WLInstaller 2008-04-25 18:37 --------- d-----w C:\Program Files\Zone Labs 2008-04-25 18:31 53,080 ----a-w C:\Windows\System32\wuauclt.exe 2008-04-25 18:31 43,352 ----a-w C:\Windows\System32\wups2.dll 2008-04-25 18:31 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll 2008-04-25 18:31 1,524,224 ----a-w C:\Windows\System32\wucltux.dll 2008-04-25 18:29 80,896 ----a-w C:\Windows\System32\wudriver.dll 2008-04-25 18:29 549,720 ----a-w C:\Windows\System32\wuapi.dll 2008-04-25 18:29 33,624 ----a-w C:\Windows\System32\wups.dll 2008-04-25 18:29 31,232 ----a-w C:\Windows\System32\wuapp.exe 2008-04-25 18:29 163,000 ----a-w C:\Windows\System32\wuwebv.dll 2008-04-25 18:19 --------- d-----w C:\Users\Anja\AppData\Roaming\CyberLink 2008-04-25 04:23 826,368 ----a-w C:\Windows\System32\wininet.dll 2008-04-25 04:23 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-04-25 04:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-04-23 19:04 --------- d-----w C:\Users\Anja\AppData\Roaming\Creative 2008-04-23 18:38 --------- d-sh--w C:\ProgramData\Sjablonen 2008-04-23 18:38 --------- d-sh--w C:\ProgramData\Menu Start 2008-04-23 18:38 --------- d-sh--w C:\ProgramData\Favorieten 2008-04-23 18:38 --------- d-sh--w C:\ProgramData\Documenten 2008-04-23 18:38 --------- d-sh--w C:\ProgramData\Bureaublad . ((((((((((((((((((((((((((((( snapshot_2008-06-11_20.01.58,66 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-11 17:00:50 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-06-12 12:43:04 67,584 --s-a-w C:\Windows\bootstat.dat - 2008-06-11 17:01:01 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-06-12 12:49:58 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-06-11 17:01:01 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-06-12 12:49:58 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-06-11 17:01:01 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-06-12 12:49:58 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440] "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-02-13 20:21 202544] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-19 14:39 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2008-01-18 13:40 17920] "Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-09-07 08:49 159744] "OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-08-28 07:51 36864] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-03-06 09:58 141848] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-03-06 09:58 166424] "Persistence"="C:\Windows\system32\igfxpers.exe" [2008-03-06 09:58 133656] "SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-04-19 14:30 77824] "DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 17:43 118784] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 14:00 174872] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-19 14:39 1838592] "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-13 20:21 16384] "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-11-01 16:39 189736] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992] "SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 13:07 405504] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-02-13 20:21 202544] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-04-19 14:31:45 50688] Microsoft Office.lnk - C:\Microsoft Office2000\Office\OSA9.EXE [1999-02-17 21:05:56 65588] QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2007-09-07 17:27:08 1180952] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= divxa32.acm "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{CE00D137-CA7F-4FB2-A737-D8994271EE92}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect "{27C619EE-3650-482C-AC2C-1DE1A7A365D1}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program "{26B2406F-85D3-4744-8B98-3D2A0C6D53A4}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine "{76BCF467-4FF3-4618-BCBA-2B85E5D5D2D6}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server "{B15E3911-7638-4F88-9FAA-820B81B03026}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent "{BD35F392-DF6D-4A4E-A51B-8B76E59BEBD4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{5994E780-10A6-474D-BFE3-7A2493D53894}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client "UDP Query User{C5EBB0FD-A3EC-4203-AACA-549DA7500D0C}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client "TCP Query User{F262DAFF-F4C0-46BF-AA4B-F4992C5E0CA2}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows "UDP Query User{4FB58302-A2D5-4AF8-85E3-EC09E54A5DD5}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "DoNotAllowExceptions"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-11-12 13:07] R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-02-13 20:21] R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-06 09:58] R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;C:\Windows\system32\drivers\IntcHdmi.sys [2008-03-06 09:58] R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-08-28 07:51] R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-08-28 07:51] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-29 07:31] S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 09:36] . Inhoud van de 'Gedeelde Taken' map "2008-04-19 12:50:53 C:\Windows\Tasks\McDefragTask.job" - c:\PROGRA~1\mcafee\mqc\QcConsol.exe' "2008-04-19 12:50:54 C:\Windows\Tasks\McQcTask.job" - c:\PROGRA~1\mcafee\mqc\QcConsol.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-12 18:14:32 Windows 6.0.6000 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-06-12 18:15:54 ComboFix-quarantined-files.txt 2008-06-12 16:15:41 ComboFix2.txt 2008-06-12 16:02:53 ComboFix3.txt 2008-06-11 18:02:47 ComboFix4.txt 2008-05-21 18:38:33 ComboFix5.txt 2008-05-19 02:45:54 Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application. Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application. 217 --- E O F --- 2008-06-11 01:41:39