ComboFix 11-01-22.01 - Tofelo 23-01-2011 15:40:57.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.3070.2628 [GMT 1:00] Gestart vanuit: c:\documents and settings\Tofelo\Bureaublad\ComboFix.exe FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} . (((((((((((((((((((( Bestanden Gemaakt van 2010-12-23 to 2011-01-23 )))))))))))))))))))))))))))))) . 2011-01-23 12:44 . 2011-01-23 12:44 -------- d-----w- c:\program files\2BrightSparks 2011-01-23 10:19 . 2011-01-23 10:19 -------- d-----w- c:\documents and settings\Tofelo\Application Data\AVG10 2011-01-23 10:18 . 2011-01-23 10:18 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files 2011-01-23 10:17 . 2011-01-23 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10 2011-01-23 10:00 . 2011-01-23 10:01 -------- d-----w- c:\windows\system32\NtmsData 2011-01-22 20:31 . 2011-01-23 10:14 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2011-01-22 14:58 . 2011-01-22 14:58 -------- d-----w- c:\documents and settings\Tofelo\Application Data\Malwarebytes 2011-01-22 14:57 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-01-22 14:57 . 2011-01-22 14:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-01-22 14:57 . 2011-01-22 14:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-01-22 14:57 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-01-02 14:35 . 2011-01-02 14:35 -------- d-----w- c:\program files\bol.com . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-18 18:15 . 2009-05-10 18:14 86016 ----a-w- c:\windows\system32\isign32.dll 2010-11-09 14:52 . 2003-04-08 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll 2010-11-06 00:23 . 2003-04-08 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:23 . 2003-04-08 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-06 00:23 . 2003-04-08 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2010-11-03 12:27 . 2004-08-04 07:55 385024 ----a-w- c:\windows\system32\html.iec 2010-11-02 15:17 . 2003-04-08 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys 2010-10-28 13:09 . 2003-04-08 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 14:00 . 2003-04-08 12:00 1853440 ----a-w- c:\windows\system32\win32k.sys . ((((((((((((((((((((((((((((( SnapShot@2011-01-22_22.02.08 ))))))))))))))))))))))))))))))))))))))))) . + 2003-04-08 12:00 . 2011-01-23 14:42 81244 c:\windows\system32\perfc013.dat - 2003-04-08 12:00 . 2011-01-22 21:47 81244 c:\windows\system32\perfc013.dat - 2003-04-08 12:00 . 2011-01-22 21:47 61636 c:\windows\system32\perfc009.dat + 2003-04-08 12:00 . 2011-01-23 14:42 61636 c:\windows\system32\perfc009.dat + 2003-04-08 12:00 . 2011-01-23 14:42 467826 c:\windows\system32\perfh013.dat - 2003-04-08 12:00 . 2011-01-22 21:47 467826 c:\windows\system32\perfh013.dat + 2003-04-08 12:00 . 2011-01-23 14:42 402472 c:\windows\system32\perfh009.dat - 2003-04-08 12:00 . 2011-01-22 21:47 402472 c:\windows\system32\perfh009.dat + 2003-04-08 12:00 . 2008-04-14 17:02 640000 c:\windows\system32\dllcache\dbghelp.dll + 2011-01-23 10:18 . 2011-01-23 10:18 3141632 c:\windows\Installer\4c0a4.msi + 2011-01-23 10:16 . 2011-01-23 10:16 1568768 c:\windows\Installer\4c0a0.msi + 2011-01-23 08:56 . 2011-01-23 08:56 1568768 c:\windows\Installer\15539b.msi . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-14 39408] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-06-24 247144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-05-21 1797880] "RTHDCPL"="RTHDCPL.EXE" [2005-11-17 15600128] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Tofelo\Menu Start\Programma's\Opstarten\ SolidWorks Task Scheduler Engine.lnk - c:\program files\SolidWorks\swScheduler\swBOEngine.exe [2007-9-9 488728] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-7-7 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\guard32.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22-8-2009 11:28 721904] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [21-5-2009 14:16 101776] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [21-5-2009 14:16 31504] R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [23-9-2009 6:44 2789672] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24-6-2010 15:41 92008] S2 gupdate1c9ece78225a338;Google Updateservice (gupdate1c9ece78225a338);c:\program files\Google\Update\GoogleUpdate.exe [14-6-2009 12:58 133104] S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [23-9-2009 6:45 15656] . Inhoud van de 'Gedeelde Taken' map 2011-01-23 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-14 11:57] 2011-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-14 11:58] 2011-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-14 11:58] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uInternet Settings,ProxyOverride = *.local Trusted Zone: ing.nl DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab FF - ProfilePath - c:\documents and settings\Tofelo\Application Data\Mozilla\Firefox\Profiles\6f16sc0q.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-01-23 15:47 Windows 5.1.2600 Service Pack 3 NTFS detected NTDLL code modification: ZwClose scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(740) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(1304) c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\program files\Malwarebytes' Anti-Malware\mbamext.dll c:\program files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll c:\program files\Adobe\Acrobat 7.0\Distillr\ADIST32.dll c:\program files\7-Zip\7-zip.dll c:\windows\system32\asfsipc.dll c:\program files\Microsoft Silverlight\xapauthenticodesip.dll . Voltooingstijd: 2011-01-23 15:49:19 ComboFix-quarantined-files.txt 2011-01-23 14:49 Pre-Run: 61.881.937.920 bytes beschikbaar Post-Run: 61.883.731.968 bytes beschikbaar - - End Of File - - 4C9C0E9D6DE9306089AF770822813386