ComboFix 09-05-02.4 - flore 03/05/2009 11:01.1 - NTFSx86 Microsoft® Windows Vista Black Edition™ 2009 6.0.6001.1.1252.32.1033.18.2046.1280 [GMT 2:00] Gestart vanuit: c:\users\flore\Desktop\ComboFix.exe . (((((((((((((((((((( Bestanden Gemaakt van 2009-04-03 to 2009-05-03 )))))))))))))))))))))))))))))) . 2009-05-03 08:35 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-03 08:35 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-03 08:35 . 2009-05-03 08:35 -------- d-----w c:\programdata\Malwarebytes 2009-05-03 08:35 . 2009-05-03 08:35 -------- d-----w c:\users\All Users\Malwarebytes 2009-05-03 08:35 . 2009-05-03 08:35 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-05-02 20:51 . 2009-05-02 20:51 -------- d-----w c:\program files\Trend Micro 2009-04-30 08:33 . 2008-10-16 21:09 43544 ----a-w c:\windows\system32\wups2.dll 2009-04-30 08:33 . 2008-10-16 21:09 51224 ----a-w c:\windows\system32\wuauclt.exe 2009-04-30 08:33 . 2008-10-16 20:56 1524736 ----a-w c:\windows\system32\wucltux.dll 2009-04-30 08:33 . 2008-10-16 21:13 1809944 ----a-w c:\windows\system32\wuaueng.dll 2009-04-30 08:33 . 2008-10-16 21:08 34328 ----a-w c:\windows\system32\wups.dll 2009-04-30 08:33 . 2008-10-16 20:55 83456 ----a-w c:\windows\system32\wudriver.dll 2009-04-30 08:33 . 2008-10-16 21:12 561688 ----a-w c:\windows\system32\wuapi.dll 2009-04-30 08:32 . 2008-10-16 12:08 162064 ----a-w c:\windows\system32\wuwebv.dll 2009-04-30 08:32 . 2008-10-16 11:56 31232 ----a-w c:\windows\system32\wuapp.exe 2009-04-29 19:47 . 2009-05-02 20:31 -------- d-----w c:\program files\Panda Security 2009-04-10 09:42 . 2002-02-27 15:50 197120 ----a-w c:\windows\patchw32.dll 2009-04-10 09:42 . 2009-04-10 09:42 -------- d-----w c:\program files\Common Files\PocketSoft 2009-04-10 09:39 . 2009-04-10 09:39 -------- d-----w c:\program files\Atari . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-03 08:14 . 2006-11-02 13:00 6 ---ha-w c:\windows\Tasks\SA.DAT 2009-05-02 20:32 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstrng.dat 2009-05-02 20:32 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat 2009-05-02 20:32 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat 2009-05-02 06:18 . 2009-03-07 18:03 31871 ----a-w c:\users\All Users\nvModes.dat 2009-05-02 06:18 . 2009-03-07 18:03 31871 ----a-w c:\programdata\nvModes.dat 2009-04-24 11:08 . 2009-03-07 17:35 11952 ----a-w c:\windows\system32\avgrsstx.dll 2009-04-24 11:08 . 2009-03-07 17:35 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-04-24 11:07 . 2009-03-07 17:34 23832 ----a-w c:\windows\system32\drivers\avgfwd6x.sys 2009-04-24 11:07 . 2009-03-07 17:35 12552 ----a-w c:\windows\system32\drivers\avgrkx86.sys 2009-04-24 11:07 . 2009-03-07 17:35 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-04-10 09:39 . 2009-03-10 20:39 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-02 14:12 . 2009-04-02 14:12 -------- d-----w c:\program files\Common Files\Oberon Media 2009-03-25 14:56 . 2009-03-25 14:56 -------- d-----w c:\program files\Millisecond Software 2009-03-17 18:14 . 2009-03-17 18:14 -------- d-----w c:\program files\BitTorrent 2009-03-17 18:14 . 2009-03-17 18:14 -------- d-----w c:\program files\DNA 2009-03-16 20:42 . 2009-03-16 20:42 98304 ----a-w c:\windows\system32\CmdLineExt.dll 2009-03-16 20:35 . 2009-03-16 20:35 -------- d-----w c:\program files\2K Games 2009-03-16 20:34 . 2009-03-16 20:34 -------- d-----w c:\program files\Common Files\InstallShield 2009-03-12 18:16 . 2009-03-12 09:28 -------- d-----w c:\program files\NOS 2009-03-12 09:31 . 2009-03-12 09:31 -------- d-----w c:\program files\Common Files\Adobe AIR 2009-03-12 09:31 . 2009-03-12 09:30 -------- d-----w c:\program files\Common Files\Adobe 2009-03-10 20:39 . 2009-03-10 20:39 -------- d-----w c:\program files\Atheros 2009-03-10 20:17 . 2009-03-10 20:17 -------- d-----w c:\program files\CONEXANT 2009-03-07 17:34 . 2009-03-07 17:34 -------- d-----w c:\program files\AVG 2009-03-07 17:19 . 2009-03-07 17:19 -------- d-----w c:\program files\Microsoft Works 2009-03-07 17:19 . 2006-11-02 12:35 -------- d-----w c:\program files\MSBuild 2009-03-07 17:19 . 2009-03-07 17:19 -------- d-----w c:\program files\Microsoft.NET 2009-03-07 17:17 . 2009-03-07 17:17 -------- d-----w c:\program files\Microsoft Visual Studio 8 2009-03-07 17:01 . 2009-03-07 17:01 -------- d-----w c:\program files\Microsoft 2009-03-07 17:01 . 2009-03-07 17:01 -------- d-----w c:\program files\Windows Live 2009-03-07 17:01 . 2009-03-07 17:01 -------- d-----w c:\program files\Windows Live SkyDrive 2009-03-07 16:57 . 2009-03-07 16:57 -------- d-----w c:\program files\Common Files\Windows Live 2009-03-07 16:51 . 2009-03-07 16:51 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2009-03-07 16:35 . 2009-03-07 16:35 -------- d-----w c:\program files\K-Lite Codec Pack 2009-03-07 16:35 . 2009-03-07 16:35 -------- d-----w c:\program files\CCleaner 2009-03-07 16:35 . 2009-03-07 16:35 -------- d-----w c:\program files\Utilities 2009-03-07 16:35 . 2009-03-07 16:35 -------- d-----w c:\program files\ImgBurn 2009-03-07 16:35 . 2009-03-07 16:35 -------- d-----w c:\program files\7-Zip 2009-03-07 16:27 . 2006-11-02 12:49 174 --sha-w c:\program files\desktop.ini 2009-02-26 11:46 . 2009-02-26 11:46 74760 ----a-w c:\windows\system32\drivers\UniversalDD.sys 2009-02-26 11:46 . 2009-02-26 11:46 25608 ----a-w c:\windows\system32\drivers\AVGIDSErHr.sys 2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll 2009-02-04 04:45 . 2009-03-07 17:44 453152 ----a-w c:\windows\system32\NVUNINST.EXE 2008-07-17 13:04 . 2006-11-22 14:58 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "BitTorrent DNA"="c:\users\flore\Program Files\DNA\btdna.exe" [2009-03-18 321344] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-24 1947928] "AVGIDS"="c:\program files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe" [2009-02-26 1579528] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13605408] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 92704] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{3FD0A374-CC94-444D-B14E-25C1B0F3A2A3}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{F80B9546-9CA8-4F4A-8254-E8BB74DDE534}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{8601A6B5-7025-4297-8749-DCEF7707DF36}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{1F081ACA-B749-40D7-B61B-55F0DDAF4D16}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{B5231E27-8F10-4424-9C5A-8CE8F829E68F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{BEC66C7D-2AB0-4E7F-BEF3-2D3C267E084C}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe "{90C80DCC-1CAD-4549-BB90-6A61E8FB4C4B}"= c:\program files\AVG\AVG8\avgdiag.exe:avgdiag.exe "{5C58B951-3B5C-4B93-BFC3-C7022924C013}"= c:\program files\AVG\AVG8\avgdiagex.exe:avgdiagex.exe "{FD9A91C1-BD68-4968-92EE-4C2DBE161878}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe "{B0C38AC9-AA96-4DF7-8C23-EA0C5799D622}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "{8FAFEA31-11D2-4571-B63F-0782C75BCECA}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe "{BD9EC95E-DA2F-47B8-8F65-B567A5B42FE6}"= UDP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox "{14DC5AD9-0BF5-494B-A6CE-0EE626EA3F8A}"= TCP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox "{142D9DF1-7327-45BD-BC79-8C084ACA1830}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In) "{599F4A1A-B2B2-4346-8DCA-636FCD3E7615}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent S0 AVGIDSErHr;AVGIDSErHr;c:\windows\System32\Drivers\AVGIDSErHr.sys [2009-02-26 25608] S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2009-04-24 12552] S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2009-04-24 23832] S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-24 325896] S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-24 108552] S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-24 908568] S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-24 298776] S2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-04-24 1366904] S2 AVGIDSAgent;AVGIDSAgent; [x] S2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe [2009-02-26 563720] S3 AVGIDSDriver;AVGIDSDriver;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSDriver.sys [2009-02-26 121352] S3 AVGIDSFilter;AVGIDSFilter;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSFilter.sys [2009-02-26 30216] S3 AVGIDSShim;AVGIDSShim;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSShim.sys [2009-02-26 29136] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \shell\AutoRun\command - F:\ \shell\explore\Command - RECYCLER\INFO.exe \shell\open\Command - RECYCLER\INFO.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf325d7d-0f31-11de-b23d-001b38255833}] \shell\Autoplay\command - usb_auto.exe \shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL usb_auto.exe \shell\explore\Command - usb_auto.exe \shell\Open\Command - usb_auto.exe . . ------- Bijkomende Scan ------- . uInternet Settings,ProxyServer = proxy.pandora.be:8080 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\flore\AppData\Roaming\Mozilla\Firefox\Profiles\kwa6wedh.default\ FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\program files\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3020.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npInquisit_3020.dll FF - plugin: c:\users\flore\Program Files\DNA\plugins\npbtdna.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-03 11:05 Windows 6.0.6001 Service Pack 1 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_USERS\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Voltooingstijd: 2009-05-03 11:06 ComboFix-quarantined-files.txt 2009-05-03 09:06 Pre-Run: 35.840.528.384 bytes free Post-Run: 35.820.228.608 bytes free 179