ComboFix 12-09-11.02 - Harry Kümel 11/09/2012 18:06:52.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1014.358 [GMT 2:00] Gestart vanuit: c:\documents and settings\Harry K³mel\Bureaublad\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\Application Data\TEMP\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe C:\install.exe c:\progra~1\CAPSSC~1\NUMCap~1.exe c:\windows\system\vxd99cab.dll c:\windows\system32\PowerToyReadme.htm . . (((((((((((((((((((( Bestanden Gemaakt van 2012-08-11 to 2012-09-11 )))))))))))))))))))))))))))))) . . 2012-09-11 16:34 . 2012-09-11 16:34 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2012-09-11 11:41 . 2012-09-11 11:41 -------- d-----w- c:\documents and settings\Harry Kümel\Application Data\Malwarebytes 2012-09-11 11:40 . 2012-09-11 11:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-09-11 11:40 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-11 11:40 . 2012-09-11 11:41 -------- d-----w- c:\program files\Anti-Malware 2012-09-02 12:45 . 2012-09-02 13:39 -------- d-----w- c:\documents and settings\Harry Kümel\Application Data\tazti 2012-09-01 14:53 . 2012-09-02 09:53 -------- d-----w- c:\program files\MS Speech SDK 2012-08-29 07:50 . 2012-08-28 13:32 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys 2012-08-29 07:50 . 2012-08-29 07:50 -------- d-----w- c:\program files\Soluto . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-21 09:13 . 2011-05-26 13:32 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-08-21 09:13 . 2009-11-19 19:20 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-08-21 09:13 . 2009-11-19 19:19 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-08-21 09:13 . 2009-11-19 19:20 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-08-21 09:13 . 2009-11-19 19:19 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2012-08-21 09:13 . 2009-11-19 19:19 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys 2012-08-21 09:13 . 2009-11-19 19:20 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2012-08-21 09:13 . 2009-11-19 19:19 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-08-21 09:12 . 2010-11-18 11:14 41224 ----a-w- c:\windows\avastSS.scr 2012-08-21 09:12 . 2009-11-19 19:19 227648 ----a-w- c:\windows\system32\aswBoot.exe 2012-07-30 02:26 . 2012-07-30 22:44 448512 ----a-w- c:\program files\TFC.exe 2012-07-11 21:49 . 2012-07-11 21:49 83760 ----a-w- c:\windows\system32\stkMonitor.dll 2012-07-06 13:58 . 2009-04-21 18:53 78336 ----a-w- c:\windows\system32\browser.dll 2012-07-05 20:07 . 2009-12-07 15:02 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-07-05 20:06 . 2012-07-26 20:25 772544 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-07-05 20:06 . 2010-05-08 12:06 687544 ----a-w- c:\windows\system32\deployJava1.dll 2012-07-04 14:05 . 2009-04-21 09:11 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-03 18:23 . 2009-04-21 18:53 1866240 ----a-w- c:\windows\system32\win32k.sys 2012-07-03 14:59 . 2009-04-21 18:53 832512 ----a-w- c:\windows\system32\wininet.dll 2012-07-03 14:59 . 2009-04-21 18:53 1830912 ----a-w- c:\windows\system32\inetcpl.cpl 2012-07-03 14:59 . 2009-04-21 18:53 78336 ----a-w- c:\windows\system32\ieencode.dll 2012-07-03 14:59 . 2009-04-21 18:53 17408 ----a-w- c:\windows\system32\corpol.dll 2010-02-14 14:35 . 2011-02-19 19:06 4411392 ----a-w- c:\program files\mplayerc.exe 2010-06-22 14:16 . 2009-11-29 12:32 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}] 2012-07-02 21:39 443560 ----a-w- c:\program files\DAP\LinkVerifier.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-08-21 09:12 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2012-07-02 3758296] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NSWosCheck"="c:\program files\Norton\osCheck.exe" [2008-09-25 160112] "NswUiTray"="c:\program files\Norton\NswUiTray.exe" [2008-09-25 85360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] . c:\documents and settings\Harry Kümel\Menu Start\Programma's\Opstarten\ a1ctl.lnk - c:\program files\Tweak a1ctl\a1ctl.exe [2011-9-17 114688] Chrome.lnk - c:\documents and settings\Harry Kümel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe [2010-1-18 1229848] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Mouse.lnk - c:\program files\Mouse\mouse32a.exe [2009-11-20 360448] Patience.lnk - c:\windows\system32\sol.exe [2009-4-21 57344] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2012-07-31 11:20 38872 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynapseUpdate] 2009-03-09 14:10 491520 ----a-w- c:\program files\Synapse Développement\Synapse Update\Synapse Update.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Acer\\Acer VCM\\VC.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Documents and Settings\\Harry Kümel\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"= "c:\\Program Files\\VNC\\winvnc4.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Soluto\\SolutoCleanup.exe"= "c:\\Program Files\\Soluto\\Soluto.exe"= "c:\\Program Files\\Soluto\\SolutoService.exe"= "c:\\Program Files\\Soluto\\SolutoConsole.exe"= "c:\\Program Files\\Soluto\\SolutoUpdateService.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [29/08/2012 9:50 51144] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [26/05/2011 15:32 729752] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19/11/2009 21:19 355632] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19/11/2009 21:19 21256] R2 NProtectService;Norton UnErase Protection;c:\progra~1\Norton\NORTON~1\NPROTECT.EXE [25/09/2008 15:53 95600] R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [28/08/2012 15:38 598032] R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [21/04/2009 12:14 583360] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [21/04/2009 12:18 1684736] S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?] S3 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [27/08/2009 18:09 1253376] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [21/04/2009 12:31 30192] S3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [21/04/2009 20:54 62592] S3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [21/04/2009 20:54 105984] S3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [21/04/2009 20:54 8064] S3 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [18/02/2010 22:25 135664] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [23/02/2011 20:08 27064] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [21/04/2009 12:19 164864] S3 RTL8187B;Wireless Network USB Adapter 54g WL-168v1.004;c:\windows\system32\drivers\RTL8187B.sys [20/11/2009 22:24 264576] S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?] S3 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13/07/2012 13:28 160944] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - WS2IFSL . Inhoud van de 'Gedeelde Taken' map . 2012-08-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57] . 2012-09-11 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-01 09:12] . 2012-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-18 20:25] . 2012-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-18 20:25] . 2012-07-02 c:\windows\Tasks\jusched.job - c:\program files\Common Files\Java\Java Update\jusched.exe [2012-01-17 09:07] . 2012-09-10 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job - c:\program files\Norton\OBC.exe [2008-09-25 13:52] . 2012-09-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2826457082-3826821714-847386435-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40] . 2012-09-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2826457082-3826821714-847386435-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40] . 2012-09-11 c:\windows\Tasks\SBWUpdateTask_Logon_1249c1a1-00238BF9D92E.job - c:\program files\Common Files\Speedbit\SbUpdate\SBUpdate.exe [2012-02-16 21:40] . 2012-09-11 c:\windows\Tasks\SBWUpdateTask_Time_1249c1a1-00238BF9D92E.job - c:\program files\Common Files\Speedbit\SbUpdate\SBUpdate.exe [2012-02-16 21:40] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://home.speedbit.com/?aff=105 mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=0&o=xph&d=1109&m=ao751h IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm IE: &Download with &DAP - c:\program files\DAP\dapextie.htm IE: &Verify with DAP - c:\program files\DAP\dapverify.htm IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html FF - ProfilePath - c:\documents and settings\Harry Kümel\Application Data\Mozilla\Firefox\Profiles\tefnbayb.default\ FF - prefs.js: browser.search.defaulturl - hxxp://home.speedbit.com/search.aspx?site=shdefault&pid=%s&aid=%s&shr=%d&q= FF - prefs.js: browser.search.selectedEngine - Speedbit FF - prefs.js: browser.startup.homepage - hxxp://home.speedbit.com/?aff=105); FF - prefs.js: keyword.URL - hxxp://home.speedbit.com/search.aspx?site=shdefault&pid=%s&aid=%s&shr=%d&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Autofill Forms: autofillForms@blueimp.net - %profile%\extensions\autofillForms@blueimp.net FF - Ext: British English Dictionary: en-GB@dictionaries.addons.mozilla.org - %profile%\extensions\en-GB@dictionaries.addons.mozilla.org FF - Ext: Woordenboek Nederlands: nl-NL@dictionaries.addons.mozilla.org - %profile%\extensions\nl-NL@dictionaries.addons.mozilla.org FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - %profile%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} FF - Ext: Dictionnaire français «Réforme 1990»: fr@dictionaries.addons.mozilla.org - %profile%\extensions\fr@dictionaries.addons.mozilla.org FF - Ext: WindowsUpdate: {35106bca-6c78-48c7-ac28-56df30b51d2b} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2b} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: German Dictionary: de-DE@dictionaries.addons.mozilla.org - %profile%\extensions\de-DE@dictionaries.addons.mozilla.org FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - Ext: Download Accelerator Plus (DAP) extension: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08} - c:\program files\DAP\DAPFireFox . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKU-Default-Run-MysticThumbs - c:\program files\MysticCoder\MysticThumbs\MysticThumbsTray.exe SafeBoot-mcmscsvc SafeBoot-MCODS MSConfigStartUp-NSWosCheck - c:\program files\Norton SystemWorks Basic Edition\osCheck.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-09-11 18:34 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-2826457082-3826821714-847386435-1005\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'explorer.exe'(3288) c:\program files\Mouse\MOUDL32A.DLL c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Voltooingstijd: 2012-09-11 18:41:35 - machine werd herstart ComboFix-quarantined-files.txt 2012-09-11 16:41 . Pre-Run: 72.018.030.592 bytes beschikbaar Post-Run: 71.822.139.392 bytes beschikbaar . WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - C37AEE37BA0C8E5E0B53EEA0C142D655