ComboFix 11-06-07.03 - Gebruiker 08/06/2011 14:53:42.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1918.1389 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Lavasoft Ad-Watch Live! Antivirus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
* Aanwezig AV is actief
.
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Documenten\Settings
c:\documents and settings\Gebruiker\Application Data\Adobe\plugs
c:\documents and settings\Gebruiker\Application Data\Adobe\shed
c:\documents and settings\Gebruiker\bdzmeg.bak
c:\documents and settings\Gebruiker\Bureaublad\Windows XP Recovery.lnk
c:\documents and settings\Gebruiker\glmquw.bak
c:\documents and settings\Gebruiker\kqdvi.bak
c:\documents and settings\Gebruiker\Menu Start\Programma's\Windows XP Recovery
c:\documents and settings\Gebruiker\Menu Start\Programma's\Windows XP Recovery\Uninstall Windows XP Recovery.lnk
c:\documents and settings\Gebruiker\Menu Start\Programma's\Windows XP Recovery\Windows XP Recovery.lnk
c:\documents and settings\Gebruiker\nklsuv.bak
c:\documents and settings\Gebruiker\pcskyv.bak
C:\LOG27B6.tmp
C:\LOG456F.tmp
C:\LOG4576.tmp
c:\windows\SNMPAPI.DLL
.
Besmet exemplaar van c:\windows\system32\drivers\tcpip.sys werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - Kitty had a snack :p
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-05-08 to 2011-06-08 ))))))))))))))))))))))))))))))
.
.
2011-06-06 07:50 . 2011-06-06 07:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Yahoo!
2011-06-06 07:50 . 2011-06-06 07:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2011-06-06 07:47 . 2011-06-06 07:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\RCP 5
2011-06-06 07:27 . 2011-06-06 07:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-06-01 13:50 . 2011-06-08 13:08 -------- d--h--r- c:\documents and settings\Gebruiker\Onlangs geopend
2011-06-01 10:41 . 2011-06-01 13:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\BitTorrent
2011-06-01 10:23 . 2011-06-01 10:23 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-01 10:23 . 2011-06-01 10:23 -------- d-----w- c:\program files\Trend Micro
2011-06-01 10:22 . 2011-06-01 10:22 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-06-01 09:21 . 2011-06-01 10:03 -------- d-----w- C:\sh4ldr
2011-06-01 09:21 . 2011-06-01 09:21 -------- d-----w- c:\program files\Enigma Software Group
2011-06-01 09:21 . 2011-06-01 10:11 -------- d-----w- c:\windows\820C0EEB9B124AD5B39DD15ED1DBDD06.TMP
2011-06-01 09:20 . 2011-06-01 09:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-05-20 13:15 . 2010-11-29 09:42 35136 ----a-w- c:\program files\Mozilla Firefox\plugins\np_gp.dll
2011-05-20 13:15 . 2011-05-20 13:15 -------- d--h--w- c:\documents and settings\All Users\Application Data\NOS
2011-05-20 13:15 . 2011-05-20 13:15 -------- d-----w- c:\program files\NOS
2011-05-20 13:13 . 2011-04-14 16:57 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-20 13:13 . 2011-04-14 16:57 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-20 13:13 . 2011-04-14 16:57 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-20 13:13 . 2011-04-14 16:57 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-20 13:13 . 2011-04-14 16:57 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-20 13:13 . 2011-04-14 16:57 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-20 13:13 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-20 13:13 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 07:11 . 2010-08-02 14:36 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 07:11 . 2010-08-02 14:36 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-18 14:37 . 2011-03-11 09:12 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-04-18 10:23 . 2010-08-02 14:32 16432 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-04-14 16:57 . 2011-05-20 13:13 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2004-08-04 02:00 94784 --sh--w- c:\windows\twain.dll
2008-04-14 17:02 50688 --sh--w- c:\windows\twain_32.dll
2006-02-16 20:33 1216 --sh--w- c:\windows\Twunk_16.dll
2006-02-16 20:33 1216 --sh--w- c:\windows\Twunk_32.dll
2008-04-14 17:02 1028096 --sh--w- c:\windows\system32\mfc42.dll
2008-04-14 17:02 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 17:02 413696 --sha-w- c:\windows\system32\msvcp60.dll
2008-04-14 17:02 343040 --sha-w- c:\windows\system32\msvcrt.dll
2008-04-14 17:02 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 17:02 84992 --sh--w- c:\windows\system32\olepro32.dll
2008-04-14 17:03 12288 --sh--w- c:\windows\system32\regsvr32.exe
.
[code]
c:\program files\ATI Technologies\ATI Control Panel\atiptaxx .exe
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\Compaq\SetRefresh\SetRefresh .exe
c:\program files\HP\HP Software Update\HPWuSchd2 .exe
c:\program files\HP\hpcoretech\hpcmpmgr .exe
c:\program files\Java\jre6\bin\jusched .exe
c:\program files\TomTom HOME 2\TomTomHOMERunner .exe
c:\windows\system32\rundll32 .exe
[/code]
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-10 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Gebruiker\Menu Start\Programma's\Opstarten\
Snelkoppeling naar Startup.lnk - c:\batch\Startup.bat [2009-1-21 27]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
backup=c:\windows\pss\Adobe Reader Snelle start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HPAiODevice(hp officejet v series) - 1.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HPAiODevice(hp officejet v series) - 1.lnk
backup=c:\windows\pss\HPAiODevice(hp officejet v series) - 1.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Sonic CinePlayer Quick Launch.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Sonic CinePlayer Quick Launch.lnk
backup=c:\windows\pss\Sonic CinePlayer Quick Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Gebruiker^Menu Start^Programma's^Opstarten^LimeWire On Startup.lnk]
path=c:\documents and settings\Gebruiker\Menu Start\Programma's\Opstarten\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
c:\program files\DNA\btdna.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 17:02 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Free Codec]
2007-03-30 02:44 274432 ----a-w- c:\program files\DivX Free Codec\Divx Free Update.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-28 03:10 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 14:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
2007-04-02 07:00 949376 ----a-w- c:\program files\ESET\nod32kui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\scheduler_monitor]
2007-06-15 08:17 27136 ----a-w- c:\program files\ReaConverter 5.5 Pro\init_scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-12-10 11:39 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [17/06/2009 15:01 20744]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/08/2010 14:38 64288]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2/04/2007 9:00 15424]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/07/2010 10:55 2151128]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/08/2010 16:36 366640]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [3/06/2009 14:46 92008]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/08/2010 16:36 22712]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/12/2010 13:39 136176]
S2 rbhfnfjc;IPX Traffic Filter Support;c:\windows\System32\svchost.exe -k netsvcs [4/08/2004 4:00 14336]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [17/06/2009 15:02 29192]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/12/2010 13:39 136176]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [17/06/2009 15:01 25480]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2/08/2010 16:36 39984]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [4/08/2004 4:00 14336]
S3 rcp_service;ReaConverter scheduler service;c:\program files\ReaConverter 5.5 Pro\rcp_scheduler.exe [30/11/2007 11:27 558592]
S3 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [21/04/2007 15:54 52080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
rbhfnfjc
.
Inhoud van de 'Gedeelde Taken' map
.
2011-06-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 09:11]
.
2011-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-10 11:39]
.
2011-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-10 11:39]
.
2011-04-08 c:\windows\Tasks\pixillionShakeIcon.job
- c:\program files\NCH Software\Pixillion\pixillion.exe [2011-01-05 08:33]
.
2010-12-23 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-12-23 08:01]
.
.
------- Bijkomende Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = ;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Google Zoeken - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Woord vertalen in het Nederlands - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Gelijkwaardige pagina's - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Koppelingspagina's - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Opgeslagen momentopname van de pagina - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
LSP: c:\windows\system32\imon.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\sk3axlzg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
FF - prefs.js: network.proxy.type - 4
.
.
------- Bestandsassociaties -------
.
.scr=DWGTrueViewScriptFile
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-08 15:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TSDDD]
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Udfs]
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\UGatherer]
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\UGTHRSVC]
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ultra]
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbohci]
"ImagePath"="system32\DRIVERS\usbohci.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\VComm]
"ImagePath"="system32\DRIVERS\VComm.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\VcommMgr]
"ImagePath"="System32\Drivers\VcommMgr.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ViaIde]
"ImagePath"="\SystemRoot\system32\DRIVERS\viaide.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\VolSnap]
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\vxd]
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\W3SVC]
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WDICA]
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Windows Workflow Foundation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Winsock]
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WinSock2]
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WinTrust]
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WmdmPmSN]
"ServiceDll"="c:\windows\system32\mspmsnsv.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Wmi]
"ServiceDll"="%SystemRoot%\System32\advapi32.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WmiApRpl]
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WmiApSrv]
"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WMPNetworkSvc]
"ImagePath"="\"c:\program files\Windows Media Player\WMPNetwk.exe\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WS2IFSL]
"ImagePath"="\SystemRoot\System32\drivers\ws2ifsl.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WSearch]
"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WSearchIdxPi]
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WSTCODEC]
"ImagePath"="system32\DRIVERS\WSTCODEC.SYS"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wuauserv]
"ServiceDll"="c:\windows\system32\wuauserv.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WudfPf]
"ImagePath"="system32\DRIVERS\WudfPf.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WudfRd]
"ImagePath"="system32\DRIVERS\wudfrd.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WudfSvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{20213930-7CB9-49AA-9FBC-78BEA4C3EEC9}]
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{2B417556-D0CD-4597-BD72-CB269C24AC33}]
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{72B2F3F7-6816-4D61-872A-8E6E257BF6AC}]
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{CF88B2AA-7A43-4829-AB6E-BD184A3CA9C6}]
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,49,7d,bc,3e,63,9c,ef,4d,8a,84,61,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,49,7d,bc,3e,63,9c,ef,4d,8a,84,61,\
.
[HKEY_USERS\S-1-5-21-2790544759-2844780689-2955542577-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2C610618-B51D-1730-ED7C-6D9F5EFD0878}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"eaoolonjda"=hex:66,61,69,62,6f,6c,63,6f,65,62,6a,61,00,31
"dabpmokd"=hex:64,62,63,62,6e,65,63,69,61,6a,66,61,63,61,66,6c,6f,67,62,67,66,
68,63,6b,69,61,66,6e,68,67,67,69,6a,61,6e,63,6d,64,6a,63,00,00
"iagmljhkfioipoebhk"=hex:6a,61,6c,66,68,6f,68,6b,67,65,66,63,70,63,6e,70,62,61,
65,6c,00,00
"haabjjmaoobjhhec"=hex:6a,61,6c,66,67,6f,6d,69,66,6f,6a,65,69,61,66,67,69,67,
6d,6e,00,00
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ�•€|é•9~�*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'lsass.exe'(880)
c:\windows\system32\imon.dll
.
- - - - - - - > 'explorer.exe'(2140)
c:\windows\system32\AcSignIcon.dll
c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\msi.dll
c:\program files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.NLD
c:\windows\system32\wmvcore.dll
c:\windows\system32\WMASF.DLL
.
Voltooingstijd: 2011-06-08 15:24:06
ComboFix-quarantined-files.txt 2011-06-08 13:24
.
Pre-Run: 111.786.614.784 bytes beschikbaar
Post-Run: 111.860.563.968 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 83750796DA2E9B5689C8ED0C42D38D07