ComboFix 09-07-14.08 - Bram 20/07/2009 0:24.14.2 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2046.1460 [GMT 2:00] Gestart vanuit: c:\documents and settings\Bram\Bureaublad\scan.exe AV: Panda Antivirus Pro 2009 *On-access scanning disabled* (Updated) {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A} . (((((((((((((((((((( Bestanden Gemaakt van 2009-06-19 to 2009-07-19 )))))))))))))))))))))))))))))) . 2009-07-19 19:23 . 2009-07-19 19:23 -------- d-----w- c:\windows\LastGood 2009-07-18 16:42 . 2008-04-29 09:33 16952 ----a-w- c:\windows\system32\drivers\RkPavproc1.sys 2009-07-13 21:00 . 2009-07-13 21:00 -------- d--h--r- c:\documents and settings\Bram\Onlangs geopend 2009-07-04 14:05 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-04 14:05 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-04 14:05 . 2009-07-04 14:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-03 21:27 . 2009-07-03 21:27 -------- d-----w- c:\documents and settings\Bram\Local Settings\Application Data\Adobe 2009-07-02 11:03 . 2003-06-25 14:05 266360 ----a-w- c:\windows\system32\TweakUI.exe 2009-07-01 22:08 . 2009-07-01 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-07-01 22:06 . 2009-07-01 22:06 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2009-07-01 21:51 . 2009-07-01 21:51 152576 ----a-w- c:\documents and settings\Bram\Application Data\Sun\Java\jre1.6.0_14\lzma.dll 2009-07-01 19:11 . 2009-07-01 19:11 -------- d-----w- c:\documents and settings\Bram\Local Settings\Application Data\Temp 2009-07-01 13:47 . 2009-07-01 13:47 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-07-01 07:09 . 2009-07-01 07:09 -------- d-----w- c:\documents and settings\Bram\Application Data\esnips.com 2009-06-29 19:01 . 2009-06-29 19:01 -------- d-----w- c:\documents and settings\Bram\Application Data\Reg Tool 2009-06-29 16:12 . 2009-06-29 16:12 61 ----a-w- c:\documents and settings\Bram\stsf.bat 2009-06-29 15:23 . 2009-06-29 15:23 -------- d-sh--w- c:\documents and settings\Bram\IECompatCache 2009-06-29 08:35 . 2009-06-29 08:35 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-06-29 07:51 . 2009-06-29 07:51 -------- d-----w- c:\documents and settings\Bram\Application Data\PDF reDirect 2009-06-29 07:15 . 2007-08-01 12:57 1014272 ----a-w- c:\windows\system32\PPEngine.dll 2009-06-29 07:15 . 2007-07-12 06:17 472064 ----a-w- c:\windows\system32\PurePage.exe 2009-06-29 07:15 . 2000-06-20 19:28 217088 ----a-w- c:\windows\system32\LPng.dll 2009-06-29 07:15 . 2000-01-24 03:01 453632 ----a-w- c:\windows\system32\stdvcl40.dll 2009-06-24 21:10 . 2009-06-24 21:10 -------- d-----w- c:\windows\system32\codec . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-19 17:12 . 2009-07-19 17:12 4902 ----a-w- c:\windows\system32\PerfStringBackup.TMP 2009-07-19 17:12 . 2006-08-15 16:30 94390 ----a-w- c:\windows\system32\perfc013.dat 2009-07-19 17:12 . 2006-08-15 16:30 517224 ----a-w- c:\windows\system32\perfh013.dat 2009-07-19 16:34 . 2006-09-16 22:36 12 ----a-w- c:\windows\bthservsdp.dat 2009-07-01 06:12 . 2008-09-26 15:10 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys 2009-06-30 16:11 . 2006-09-16 22:32 56360 ----a-w- c:\documents and settings\Bram\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-29 14:46 . 2009-06-29 14:46 99474 ----a-w- c:\windows\Fonts\AdobeFnt07.lst 2009-06-13 08:22 . 2009-06-13 08:22 -------- d-----w- c:\program files\iPod 2009-06-13 08:22 . 2009-06-13 08:22 -------- d-----w- c:\program files\iTunes 2009-06-13 08:03 . 2009-06-13 08:03 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe 2009-06-06 08:59 . 2009-06-06 08:59 -------- d-----w- c:\program files\MSBuild 2009-06-06 08:59 . 2009-06-06 08:59 -------- d-----w- c:\program files\Reference Assemblies 2009-06-05 09:42 . 2009-03-19 10:55 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-06-05 09:42 . 2007-10-31 14:44 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-05-21 12:17 . 2009-05-21 12:16 786432 ----a-w- c:\documents and settings\Bram\Application Data\Techno Design IP\LiveSearch Notification.exe 2009-05-21 12:16 . 2009-05-21 12:16 -------- d-----w- c:\documents and settings\Bram\Application Data\Techno Design IP 2009-05-21 09:33 . 2009-05-10 17:04 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-05-13 05:06 . 2006-01-09 18:04 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-10 17:02 . 2009-05-10 17:01 152576 ----a-w- c:\documents and settings\Bram\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-05-07 15:34 . 2004-09-02 03:00 347136 ----a-w- c:\windows\system32\localspl.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "preload"="c:\windows\RUNXMLPL.exe" [2005-05-19 32768] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945] "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-09-02 59392] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-01-19 86016] "ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-03-30 421888] "Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 204800] "LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144] "APVXDWIN"="c:\program files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" [2008-12-03 869632] "SCANINICIO"="c:\program files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe" [2008-07-07 50432] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7397376] "MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 172032] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-27 17567744] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] 2008-03-18 14:58 58672 ----a-w- c:\windows\system32\avldr.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Photosmart Premier Snelstart.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Photosmart Premier Snelstart.lnk backup=c:\windows\pss\HP Photosmart Premier Snelstart.lnkCommon Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "427:UDP"= 427:UDP:SLP_Port(427) R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [26/09/2008 17:05 28544] R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [26/09/2008 17:04 41144] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [21/03/2009 15:21 55152] R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?] R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [26/09/2008 17:04 179640] R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Antivirus Pro 2009\psksvc.exe [26/09/2008 17:07 28928] R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [16/09/2006 23:59 1097728] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [19/04/2009 11:12 1684736] S3 AvFlt;Antivirus Filter Driver; [x] S3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [26/09/2008 17:10 13880] S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [6/02/2009 18:08 533360] S3 PavSRK.sys;PavSRK.sys; [x] S3 PavTPK.sys;PavTPK.sys; [x] S3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\RkPavproc1.sys [18/07/2009 18:42 16952] S3 SI15CI;SI15CI; [x] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] panda REG_MULTI_SZ Gwmsrv HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Inhoud van de 'Gedeelde Taken' map 2008-09-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34] 2009-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3102410190-2620399749-3219223457-1005Core.job - c:\documents and settings\Bram\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-01 19:11] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game03.zylom.com/activex/zylomgamesplayer.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-20 00:26 Windows 5.1.2600 Service Pack 3 FAT NTAPI scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(888) c:\windows\system32\avldr.dll c:\windows\system32\igfxdev.dll - - - - - - - > 'explorer.exe'(4116) c:\acer\Empowering Technology\ePower\SysHook.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Voltooingstijd: 2009-07-19 0:27 ComboFix-quarantined-files.txt 2009-07-19 22:27 ComboFix2.txt 2009-07-19 22:17 Pre-Run: 8.887.140.352 bytes beschikbaar Post-Run: 8.862.203.904 bytes beschikbaar 200 --- E O F --- 2009-07-19 16:33