ComboFix 09-05-29.01 - Sven 30/05/2009 17:07.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.255.117 [GMT 2:00] Gestart vanuit: c:\documents and settings\Sven\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Sven\Bureaublad\CFScript.txt FILE :: "c:\documents and settings\LocalService\Application Data\916653139.exe" "c:\windows\system32\avast!Antivirus.exe" "c:\windows\system32\jhxm32.dll" "c:\windows\system32\kolayela.dll.vir" "c:\windows\system32\lehelojo.dll.vir" "c:\windows\system32\lklf32.dll" "c:\windows\system32\miluduri.dll.vir" "c:\windows\system32\vp_setup.exe" "c:\windows\system32\vp_setup.exe.bat" "c:\windows\system32\weyonoru.dll.vir" . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\LocalService\Application Data\916653139.exe c:\documents and settings\Sven\Application Data\ptidle c:\windows\system32\detujedu.dll c:\windows\system32\jhxm32.dll c:\windows\system32\kolayela.dll c:\windows\system32\lehelojo.dll c:\windows\system32\lklf32.dll c:\windows\system32\miluduri.dll c:\windows\system32\sft.res c:\windows\system32\vp_setup.exe c:\windows\system32\vp_setup.exe.bat c:\windows\system32\weyonoru.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_AVAST!ANTIVIRUS (((((((((((((((((((( Bestanden Gemaakt van 2009-04-28 to 2009-05-30 )))))))))))))))))))))))))))))) . 2009-05-30 01:53 . 2009-05-30 15:04 -------- d--h--r c:\documents and settings\Sven\Onlangs geopend 2009-05-22 17:57 . 2009-05-22 18:18 -------- d-----w c:\windows\BDOSCAN8 2009-05-21 15:39 . 2009-05-21 16:33 -------- d-----w c:\program files\Spybot - Search & Destroy 2009-05-21 15:39 . 2009-05-21 16:33 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-05-14 22:24 . 2009-05-21 15:45 -------- d-----w c:\documents and settings\Sven\Application Data\Twain 2009-05-13 19:09 . 2009-05-13 19:09 683801 ----a-w c:\documents and settings\All Users\Application Data\Last.fm\Client\UninstWMP\unins000.exe 2009-05-13 19:09 . 2009-05-13 19:09 184 ----a-w c:\documents and settings\All Users\Application Data\Last.fm\Client\uninst2.bat 2009-05-13 19:09 . 2009-05-13 19:09 683801 ----a-w c:\documents and settings\All Users\Application Data\Last.fm\Client\UninstITW\unins000.exe 2009-05-13 19:09 . 2009-05-13 19:09 -------- d-----w c:\documents and settings\All Users\Application Data\Last.fm 2009-05-13 19:08 . 2009-05-13 19:08 -------- d-----w c:\program files\Last.fm . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-24 17:47 . 2007-08-29 21:24 -------- d-----w c:\documents and settings\All Users\Application Data\avg7 2009-05-24 17:47 . 2007-08-29 22:21 -------- d-----w c:\documents and settings\Monique\Application Data\AVG7 2009-05-24 17:47 . 2007-08-29 22:20 -------- d-----w c:\documents and settings\Kelly\Application Data\AVG7 2009-05-24 17:47 . 2007-08-29 22:16 -------- d-----w c:\documents and settings\Eigenaar\Application Data\AVG7 2009-05-24 17:47 . 2007-08-29 21:25 -------- d-----w c:\documents and settings\Sven\Application Data\AVG7 2009-05-18 21:46 . 2007-12-22 13:31 -------- d-----w c:\documents and settings\All Users\Application Data\CanonIJPLM 2009-05-12 17:33 . 2001-09-07 12:00 87068 ----a-w c:\windows\system32\perfc013.dat 2009-05-12 17:33 . 2001-09-07 12:00 501868 ----a-w c:\windows\system32\perfh013.dat 2009-05-10 11:23 . 2007-08-29 20:58 111512 ----a-w c:\documents and settings\Kelly\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-27 01:59 . 2007-12-14 17:37 -------- d-----w c:\program files\Google 2009-04-19 09:53 . 2007-08-29 21:06 111512 ----a-w c:\documents and settings\Monique\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-08 21:07 . 2009-04-08 21:07 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-04-08 21:07 . 2007-12-17 02:25 -------- d-----w c:\program files\iTunes 2009-04-08 21:07 . 2009-04-08 21:07 -------- d-----w c:\program files\iPod 2009-04-08 21:07 . 2007-12-08 18:09 -------- d-----w c:\program files\Common Files\Apple 2009-04-08 20:59 . 2009-04-08 20:59 75048 ----a-w c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe 2009-03-19 14:32 . 2009-03-19 14:32 23400 ----a-w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys 2009-03-19 14:32 . 2008-01-29 10:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys 2009-03-06 14:23 . 2001-09-07 12:00 285696 ----a-w c:\windows\system32\pdh.dll 2009-03-03 00:16 . 2001-09-07 12:00 826368 ----a-w c:\windows\system32\wininet.dll . ((((((((((((((((((((((((((((( SnapShot@2009-05-24_18.25.53 ))))))))))))))))))))))))))))))))))))))))) . + 2009-05-24 18:31 . 2009-05-24 18:31 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe - 2009-04-16 01:09 . 2009-04-16 01:09 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe - 2007-08-29 08:34 . 2009-04-30 15:59 23040 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe + 2007-08-29 08:34 . 2009-05-24 18:35 23040 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2007-08-29 08:34 . 2009-04-30 15:59 61440 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe + 2007-08-29 08:34 . 2009-05-24 18:35 61440 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe + 2007-08-29 08:34 . 2009-05-24 18:35 27136 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2007-08-29 08:34 . 2009-04-30 15:59 27136 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2007-08-29 08:34 . 2009-04-30 15:59 11264 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2007-08-29 08:34 . 2009-05-24 18:35 11264 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2007-08-29 08:34 . 2009-05-24 18:35 86016 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe - 2007-08-29 08:34 . 2009-04-30 15:59 86016 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe + 2007-08-29 08:34 . 2009-05-24 18:35 12288 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2007-08-29 08:34 . 2009-04-30 15:59 12288 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2007-03-22 17:05 . 2007-03-22 17:05 97632 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\PP7X32.DLL + 2006-10-26 20:07 . 2006-10-26 20:07 17680 c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109020090400000000000F01FEC\12.0.6021\PXBPROXY.DLL + 2007-08-29 08:34 . 2009-05-24 18:35 4096 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe - 2007-08-29 08:34 . 2009-04-30 15:59 4096 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe - 2007-08-29 08:34 . 2009-04-30 15:59 409600 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2007-08-29 08:34 . 2009-05-24 18:35 409600 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2007-08-29 08:34 . 2009-05-24 18:35 286720 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2007-08-29 08:34 . 2009-04-30 15:59 286720 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2007-08-29 08:34 . 2009-04-30 15:59 249856 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe + 2007-08-29 08:34 . 2009-05-24 18:35 249856 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2007-08-29 08:34 . 2009-04-30 15:59 794624 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2007-08-29 08:34 . 2009-05-24 18:35 794624 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe - 2007-08-29 08:34 . 2009-04-30 15:59 135168 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe + 2007-08-29 08:34 . 2009-05-24 18:35 135168 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe - 2007-08-29 08:34 . 2009-04-30 15:59 593920 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe + 2007-08-29 08:34 . 2009-05-24 18:35 593920 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe + 2007-08-28 16:30 . 2009-02-19 14:12 133382 c:\windows\BisBBBg.dat + 2009-05-25 01:00 . 2009-05-06 22:16 24699336 c:\windows\system32\MRT.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Microsoft Works Update Detection"="?\WkDetect.exe" [?] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-8-31 113664] Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-6-30 24633] Ulead Photo Express 4.0 SE Calendar Checker .lnk - c:\program files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe [2007-8-30 69632] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Participatory Culture Foundation\\Miro\\Miro_Downloader.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\iPod\\bin\\iPodService.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "2145:UDP"= 2145:UDP:Windows Media Format SDK (wmplayer.exe) "2144:UDP"= 2144:UDP:Windows Media Format SDK (wmplayer.exe) . Inhoud van de 'Gedeelde Taken' map 2009-05-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34] 2009-05-29 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] 2009-05-30 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://www.google.be/ uInternet Settings,ProxyOverride = *.local IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-30 17:12 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(3620) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Executive Software\Diskeeper\DkService.exe c:\program files\Canon\IJPLM\ijplmsvc.exe c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Voltooingstijd: 2009-05-30 17:15 - machine werd herstart ComboFix-quarantined-files.txt 2009-05-30 15:15 ComboFix2.txt 2009-05-24 18:32 Pre-Run: 15.618.908.160 bytes beschikbaar Post-Run: 15.664.738.304 bytes beschikbaar 196 --- E O F --- 2009-05-25 01:03