ComboFix 09-08-01.06 - Alko 02-08-2009 15:13.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1014.696 [GMT 2:00] Gestart vanuit: c:\documents and settings\Alko\Bureaublad\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Alko\Application Data\WeatherDPA c:\documents and settings\Alko\Application Data\WeatherDPA\Weather\WeatherStartup.xml c:\windows\Installer\1f5f1b3.msi c:\windows\Installer\30016563.msp . (((((((((((((((((((( Bestanden Gemaakt van 2009-07-02 to 2009-08-02 )))))))))))))))))))))))))))))) . 2009-08-02 12:37 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-08-02 12:37 . 2009-03-24 14:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-08-02 12:37 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-08-02 12:37 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-08-02 12:36 . 2009-08-02 12:36 -------- d-----w- c:\program files\Avira 2009-08-02 12:36 . 2009-08-02 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-08-02 09:21 . 2009-08-02 09:20 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-08-02 09:18 . 2009-08-02 09:18 152576 ----a-w- c:\documents and settings\Alko\Application Data\Sun\Java\jre1.6.0_14\lzma.dll 2009-08-01 20:49 . 2009-08-01 20:49 -------- d-----w- c:\documents and settings\Alko\Application Data\Malwarebytes 2009-08-01 20:49 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-01 20:49 . 2009-08-01 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-01 20:49 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-01 20:49 . 2009-08-01 20:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-01 19:42 . 2009-08-01 19:42 -------- d-----w- c:\program files\Trend Micro . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-02 12:52 . 2007-05-10 18:17 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-08-02 09:19 . 2007-05-13 16:42 -------- d-----w- c:\program files\Java 2009-08-02 04:23 . 2007-05-12 06:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-07-30 20:31 . 2009-05-12 17:27 -------- d-----w- c:\program files\Microsoft Silverlight 2009-07-21 16:26 . 2009-02-03 20:29 -------- d-----w- c:\documents and settings\Alko\Application Data\uTorrent 2009-07-03 17:00 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 10:03 . 2008-09-06 05:50 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2009-06-25 17:07 . 2006-06-28 11:21 18632 ----a-w- c:\documents and settings\Alko\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-16 14:40 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:40 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-03 19:11 . 2004-08-04 12:00 1295360 ----a-w- c:\windows\system32\quartz.dll 2009-05-07 15:34 . 2004-08-04 12:00 347136 ----a-w- c:\windows\system32\localspl.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHot0.dll" [2009-07-20 2215960] [HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}] 2009-07-20 11:02 2215960 ----a-w- c:\program files\Hotspot_Shield\tbHot0.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] 2009-01-04 19:03 204248 ----a-w- c:\program files\Hotspot Shield\HssIE\HssIE.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHot0.dll" [2009-07-20 2215960] [HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}"= "c:\program files\Hotspot_Shield\tbHot0.dll" [2009-07-20 2215960] [HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-12 68856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-28 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-28 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-28 114688] "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2007-05-12 45056] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-02 148888] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "VAIO Update 4"="c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe" [2008-08-24 870240] "ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2007-05-12 14720000] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2005-05-20 15:42 73728 ----a-w- c:\windows\system32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\SONY\\Media Manager for WALKMAN\\MediaManager.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2-8-2009 14:36 108289] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" --> c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [?] --- Andere Services/Drivers In Geheugen --- *NewlyCreated* - SSMDRV [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Inhoud van de 'Gedeelde Taken' map 2009-08-02 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-08 18:14] 2009-07-24 c:\windows\Tasks\Norton Security Scan.job - c:\program files\Norton Security Scan\Nss.exe [2007-09-18 22:42] 2009-08-01 c:\windows\Tasks\User_Feed_Synchronization-{80C06D28-1163-4058-A04B-9B48315ED60D}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 02:31] . - - - - ORPHANS VERWIJDERD - - - - HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe HKLM-Run-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe HKLM-Run-Mouse Suite 98 Daemon - ICO.EXE . ------- Bijkomende Scan ------- . uStart Page = hxxp://nu.nl/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {34D70DBB-75A9-48C6-BF87-EC043CC04393} = 195.93.16.82,64.12.66.56 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-02 15:24 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*] "3140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(1148) c:\windows\system32\VESWinlogon.dll . Voltooingstijd: 2009-08-02 15:29 ComboFix-quarantined-files.txt 2009-08-02 13:29 Pre-Run: 19.979.902.976 bytes beschikbaar Post-Run: 20.849.872.896 bytes beschikbaar WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 150 --- E O F --- 2009-07-30 20:22