ComboFix 09-08-29.01 - janwillem 31-08-2009 10:40.2.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.479.192 [GMT 2:00] Gestart vanuit: c:\documents and settings\janwillem\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\janwillem\Bureaublad\CFScript.txt AV: avast! antivirus 4.8.1351 [VPS 090830-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FILE :: "c:\windows\system32\drivers\hitmanpro3.sys" "c:\windows\system32\drivers\Partizan.sys" "c:\windows\winstart.bat" . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\winstart.bat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_HITMANPRO3 -------\Legacy_PARTIZAN -------\Service_hitmanpro3 -------\Service_Partizan (((((((((((((((((((( Bestanden Gemaakt van 2009-07-28 to 2009-08-31 )))))))))))))))))))))))))))))) . 2009-08-30 04:43 . 2009-08-30 04:43 -------- d-----w- c:\documents and settings\janwillem\Application Data\Malwarebytes 2009-08-30 04:43 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-30 04:43 . 2009-08-30 04:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-30 04:43 . 2009-08-30 04:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-30 04:43 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-29 20:58 . 2009-08-29 20:58 -------- d-----w- c:\program files\Trend Micro 2009-08-29 13:38 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-08-29 13:38 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-08-29 13:38 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-08-29 13:38 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-08-29 13:38 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe 2009-08-29 13:35 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-08-29 13:35 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-08-29 13:35 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-08-29 13:35 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-08-28 14:44 . 2009-08-28 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant 2009-08-26 11:06 . 2009-08-26 11:09 152576 ----a-w- c:\documents and settings\janwillem\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-08-19 19:12 . 2009-08-31 08:37 -------- d--h--r- c:\documents and settings\janwillem\Onlangs geopend 2009-08-14 22:15 . 2009-08-14 22:15 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-14 22:15 . 2009-08-14 22:15 -------- d-----w- c:\program files\MSBuild 2009-08-14 22:15 . 2009-08-14 22:15 -------- d-----w- c:\program files\Reference Assemblies 2009-08-14 22:13 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-14 22:13 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-14 22:13 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-14 22:13 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-14 22:13 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-14 22:13 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-14 22:13 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-14 22:13 . 2009-08-14 22:14 -------- d-----w- C:\03e7fa6d88a31f9124deef25 2009-08-14 22:02 . 2009-08-14 22:02 -------- d-----w- c:\program files\MSXML 6.0 2009-08-12 23:23 . 2009-08-12 23:23 -------- d-----w- c:\windows\ServicePackFiles 2009-08-07 23:24 . 2009-08-07 23:24 -------- d-sh--w- c:\documents and settings\sascha.JWLANDEGGE\PrivacIE 2009-08-07 23:24 . 2009-08-07 23:24 -------- d-sh--w- c:\documents and settings\sascha.JWLANDEGGE\IECompatCache 2009-08-07 23:21 . 2009-08-09 19:16 -------- d-----w- c:\documents and settings\sascha.JWLANDEGGE\Tracing 2009-08-07 23:20 . 2009-08-07 23:20 -------- d-----w- c:\documents and settings\sascha.JWLANDEGGE\Application Data\Motive 2009-08-07 23:20 . 2009-08-07 23:20 -------- d-sh--w- c:\documents and settings\sascha.JWLANDEGGE\IETldCache 2009-08-07 14:19 . 2009-08-07 14:19 -------- d-----w- c:\program files\CCleaner 2009-08-06 15:20 . 2009-08-06 15:20 -------- d-----w- c:\documents and settings\janwillem\Local Settings\Application Data\Deployment 2009-08-04 14:36 . 2009-08-04 14:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2009-08-04 14:16 . 2009-08-04 14:16 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2009-08-04 14:15 . 2009-08-04 14:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-31 01:14 . 2008-04-23 10:46 -------- d-----w- c:\documents and settings\janwillem\Application Data\HPAppData 2009-08-29 13:38 . 2009-07-25 11:18 -------- d-----w- c:\program files\Alwil Software 2009-08-28 14:41 . 2005-02-22 12:51 36688 -c--a-w- c:\documents and settings\janwillem\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-26 11:08 . 2005-06-06 08:22 -------- d-----w- c:\program files\Java 2009-08-14 22:26 . 2004-08-04 12:00 90934 ----a-w- c:\windows\system32\perfc013.dat 2009-08-14 22:26 . 2004-08-04 12:00 509242 ----a-w- c:\windows\system32\perfh013.dat 2009-08-09 19:14 . 2008-08-07 06:42 -------- d-----w- c:\documents and settings\sascha.JWLANDEGGE\Application Data\HPAppData 2009-08-05 23:02 . 2009-07-24 15:31 -------- d-----w- c:\program files\OnlineAssistent 2009-08-05 20:34 . 2009-07-25 16:23 -------- d-----w- c:\program files\Nuria 2009-08-05 09:07 . 2004-08-04 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 14:16 . 2005-06-29 09:32 -------- d-----w- c:\program files\Google 2009-07-31 15:34 . 2008-08-10 15:41 -------- d-----w- c:\program files\Microsoft Silverlight 2009-07-28 15:30 . 2007-11-23 13:43 -------- d-----w- c:\documents and settings\janwillem\Application Data\gtk-2.0 2009-07-26 12:20 . 2008-04-30 19:09 -------- d-----w- c:\program files\Windows Live 2009-07-26 12:18 . 2009-07-26 12:18 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2009-07-26 12:16 . 2009-07-26 12:16 -------- d-----w- c:\program files\Microsoft 2009-07-26 12:15 . 2009-07-26 12:15 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-07-25 03:23 . 2009-05-06 22:10 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-24 17:33 . 2009-07-24 17:31 19 ----a-w- c:\documents and settings\janwillem\Application Data\mdbu.bin 2009-07-24 16:25 . 2009-07-24 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive 2009-07-24 15:32 . 2009-07-24 15:26 -------- d-----w- c:\documents and settings\janwillem\Application Data\Motive 2009-07-24 15:31 . 2009-07-24 15:25 -------- d-----w- c:\program files\Common Files\Motive 2009-07-24 15:26 . 2009-07-24 15:26 -------- d-----w- c:\program files\ONLACT 2009-07-18 14:39 . 2007-08-06 12:51 -------- d-----w- c:\program files\Hema Album Software Advanced 2009-07-18 11:58 . 2009-07-18 11:58 25055 ----a-w- c:\documents and settings\sascha.JWLANDEGGE\Application Data\mdbu.bin 2009-07-18 11:17 . 2005-08-23 06:45 33240 -c--a-w- c:\documents and settings\sascha.JWLANDEGGE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-18 11:14 . 2009-07-18 11:14 -------- d-----w- c:\program files\FotoQuelle 2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-03 17:00 . 2004-08-04 12:00 915456 ------w- c:\windows\system32\wininet.dll 2009-06-25 08:48 . 2004-08-04 12:00 729600 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:48 . 2004-08-04 12:00 59392 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:48 . 2004-08-04 12:00 56320 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:48 . 2004-08-04 12:00 298496 ----a-w- c:\windows\system32\kerberos.dll 2009-06-25 08:48 . 2004-08-04 12:00 168448 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:48 . 2004-08-04 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-22 11:34 . 2004-08-04 12:00 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-16 14:55 . 2004-08-04 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:55 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 11:33 . 2004-08-04 12:00 79872 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:26 . 2004-08-04 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 06:32 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-07 19:37 . 2009-05-06 22:30 152576 -c--a-w- c:\documents and settings\janwillem\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-06-05 07:55 . 2005-02-18 20:29 655872 ----a-w- c:\windows\system32\mstscax.dll 2009-06-03 19:27 . 2004-08-04 12:00 1294848 ----a-w- c:\windows\system32\quartz.dll 2005-02-24 14:29 . 2005-02-24 14:27 18278624 -c--a-w- c:\program files\AdbeRdr60_nld_full.exe 2005-02-24 14:27 . 2005-02-24 14:27 6595768 -c--a-w- c:\program files\psa2se_nld.exe . ------- Sigcheck ------- [-] 2008-04-14 17:03 510464 1247D4D5444E28519BBE31BE8AB4C029 c:\windows\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\winlogon.exe [-] 2008-04-14 17:03 510464 1247D4D5444E28519BBE31BE8AB4C029 c:\windows\SoftwareDistribution\Download\52e37a490e891c02ec3dfa4c57672666\winlogon.exe [-] 2005-03-02 13:13 504832 7BBA4CA9E82794985AFFF1D487A42B40 c:\windows\system32\winlogon.exe . ((((((((((((((((((((((((((((( SnapShot@2009-08-30_17.05.17 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-31 08:49 . 2009-08-31 08:49 16384 c:\windows\Temp\Perflib_Perfdata_e4.dat + 2009-08-31 01:07 . 2009-08-31 01:07 16384 c:\windows\Temp\Perflib_Perfdata_5e0.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AutoSizer"="c:\program files\AutoSizer\AutoSizer.exe" [2008-11-20 131072] "Nuria"="c:\program files\Nuria\Nuria.exe" [2008-11-06 1716224] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-04 39408] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "OnlineAssistent_McciTrayApp"="c:\program files\OnlineAssistent\OnlineAssistent.exe" [2007-11-29 1454080] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [29-8-2009 15:35 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29-8-2009 15:35 20560] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [26-7-2009 14:20 55152] R3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [24-2-2005 13:29 162176] S2 gupdate1ca150e27a9f77a;Google Updateservice (gupdate1ca150e27a9f77a);c:\program files\Google\Update\GoogleUpdate.exe [4-8-2009 16:16 133104] S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [6-2-2009 18:08 533360] S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [11-11-2007 19:35 25773] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Inhoud van de 'Gedeelde Taken' map 2009-08-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57] 2009-08-31 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-12 14:15] 2009-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-04 14:16] 2009-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-04 14:16] 2009-08-30 c:\windows\Tasks\User_Feed_Synchronization-{EB6C278D-2B51-4F01-AD9E-478D331DCD58}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 02:31] . . ------- Bijkomende Scan ------- . IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 Trusted Zone: microsoft.com\download.windowsupdate Trusted Zone: microsoft.com\update Trusted Zone: motive.com\conltbc.cert Trusted Zone: offlineregistration Trusted Zone: telegraaf.nl\www2 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {54D53429-945C-4188-B460-C81356541882} - hxxp://eshare.hpphoto.com/Download/HPeServicesLocalPrint.CAB DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} - hxxp://www.cyclomedia.nl/download/components/CycloScopeLite.cab DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} - hxxps://gto.postbank.nl/GTO/PBGNX.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-31 10:55 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-1060284298-1767777339-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Motive\McciCMService.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\PAStiSvc.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Voltooingstijd: 2009-08-31 11:02 - machine werd herstart ComboFix-quarantined-files.txt 2009-08-31 09:02 ComboFix2.txt 2009-08-30 17:08 Pre-Run: 52.752.494.592 bytes beschikbaar Post-Run: 52.615.503.872 bytes beschikbaar 228 --- E O F --- 2009-08-26 08:24