ComboFix 08-10-29.07 - Elisa 2008-10-29 20:49:08.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.1863 [GMT 1:00] Gestart vanuit: C:\Users\Elisa\Desktop\ComboFix.exe . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat ----- BITS: Mogelijk geïnfecteerde sites ----- hxxp://skscholieren-16.blogspot.com hxxp://2.bp.blogspot.com hxxp://1.bp.blogspot.com hxxp://4.bp.blogspot.com hxxp://3.bp.blogspot.com . (((((((((((((((((((( Bestanden Gemaakt van 2008-09-28 to 2008-10-29 )))))))))))))))))))))))))))))) . Geen nieuwe bestanden aangemaakt in deze periode . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-29 19:46 320,000 ----a-w C:\Windows\System32\CF12261.exe 2008-10-29 19:28 --------- d-----w C:\Users\Elisa\AppData\Roaming\Skype 2008-10-29 19:07 --------- d-----w C:\Users\Elisa\AppData\Roaming\skypePM 2008-10-21 13:32 --------- d-----w C:\Users\Elisa\AppData\Roaming\LimeWire 2008-10-19 13:45 --------- d-----w C:\ProgramData\WinZip 2008-10-17 17:25 --------- d-----w C:\Program Files\7-Zip 2008-10-16 20:03 --------- d-----w C:\Program Files\Windows Mail 2008-10-12 13:27 --------- d-----w C:\Program Files\CCleaner 2008-10-12 13:26 --------- d-----w C:\Users\Elisa\AppData\Roaming\Malwarebytes 2008-10-12 13:26 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2008-10-12 13:25 --------- d-----w C:\ProgramData\Malwarebytes 2008-10-12 13:10 --------- d-----w C:\Program Files\Trend Micro 2008-10-02 03:49 826,368 ----a-w C:\Windows\System32\wininet.dll 2008-10-02 03:49 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-10-02 03:49 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-10-02 03:48 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-09-21 13:54 97,928 ----a-w C:\Windows\system32\drivers\avgldx86.sys 2008-09-21 13:54 69,128 ----a-w C:\Windows\system32\drivers\avgwfpx.sys 2008-09-21 13:54 10,520 ----a-w C:\Windows\System32\avgrsstx.dll 2008-09-21 13:54 --------- d-----w C:\ProgramData\avg8 2008-09-21 13:54 --------- d-----w C:\Program Files\AVG 2008-09-21 13:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-09-21 13:27 --------- d-----w C:\ProgramData\Skype 2008-09-21 13:27 --------- d-----w C:\Program Files\Skype 2008-09-21 13:27 --------- d-----w C:\Program Files\Common Files\Skype 2008-09-21 13:24 --------- d-----w C:\ProgramData\Symantec 2008-09-18 04:35 3,505,208 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-09-18 04:35 3,470,904 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-09-18 02:03 2,027,520 ----a-w C:\Windows\System32\win32k.sys 2008-09-09 22:04 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys 2008-09-09 22:03 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys 2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:34 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll 2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-07-31 03:34 1,686,528 ----a-w C:\Windows\System32\gameux.dll 2008-07-30 23:47 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-07-15 20:32 174 --sha-w C:\Program Files\desktop.ini 2008-03-29 08:36 76 --sh--r C:\Windows\CT4CET.bin . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-29 1232896] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-08-12 21741864] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-09-07 159744] "OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-08-28 36864] "SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-03-06 141848] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-03-06 166424] "Persistence"="C:\Windows\system32\igfxpers.exe" [2008-03-06 133656] "SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-03-29 77824] "DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-29 1838592] "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-13 16384] "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 278528] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-04-02 155648] "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-04 1234712] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-03-29 50688] QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2007-09-07 1180952] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-09-10 525664] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{05076827-9ABA-41E6-9AEF-DC5EC6B4D290}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect "{242A5852-4223-448E-8DDB-3629444EBD95}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program "{7AAE9332-E017-4927-A0E9-D3F13881B5EA}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine "{2AB8E56B-351C-4DDA-A8CA-8ADC6252F992}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server "{4FD5B20B-67A5-4E32-AB05-BD0DEC1F73A9}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{903C4CD0-2268-4B4F-B367-971F17DB8540}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{084CF9F6-1B5E-467F-8B7E-AFAE103D6E1C}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{1316C82F-17EE-4D57-AD54-1F5C21C3ADB9}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{667256DC-1F23-4B23-96CB-D3CDCC1E1C36}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{198D3351-4E37-4A4F-B5B7-19E1C6A4A66C}"= C:\Program Files\Skype\Phone\Skype.exe:Skype "{64F302E0-0767-458B-8B59-376B31FDDA83}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe "{853E8E61-093F-44B5-AAE5-E05C8BE55C3B}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-09-21 97928] R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-11-12 73728] R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-21 875288] R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-21 231704] R3 AvgWfpX;AVG Free8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-09-21 69128] R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;C:\Windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616] R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-08-28 235520] R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-08-28 7424] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-29 278528] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5328a78-0265-11dd-980c-001d09457aa7}] \shell\AutoRun\command - F:\setupSNK.exe *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 *Newly Created Service* - RDPWD *Newly Created Service* - TDTCP *Newly Created Service* - TSSECSRV . Inhoud van de 'Gedeelde Taken' map 2008-10-29 C:\Windows\Tasks\User_Feed_Synchronization-{8B62664C-4413-4617-8657-F8668ED27C5E}.job - C:\Windows\system32\msfeedssync.exe [2006-11-02 10:45] . . ------- Bijkomende Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.hln.be/ O8 -: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-29 20:51:58 Windows 6.0.6000 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-10-29 20:54:11 ComboFix-quarantined-files.txt 2008-10-29 19:54:06 Pre-Run: Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application. Post-Run: 50,483,449,856 bytes beschikbaar 172 --- E O F --- 2008-10-26 14:26:23