ComboFix 09-08-30.04 - Lieve De Pesseroey 31/08/2009 20:00.1.1 - NTFSx86 Gestart vanuit: c:\documents and settings\Lieve De Pesseroey\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.exe c:\documents and settings\All Users\Menu Start\HP Image Zone .lnk c:\recycler\S-1-5-21-2856944617-2459124212-3677283629-1003 c:\windows\Installer\1a1a64.msi c:\windows\Installer\207b0.msi c:\windows\Installer\5ab6c9.msp c:\windows\Installer\5ab6dd.msp c:\windows\Installer\5ab6f1.msp c:\windows\Installer\WMEncoder.msi . (((((((((((((((((((( Bestanden Gemaakt van 2009-07-28 to 2009-08-31 )))))))))))))))))))))))))))))) . 2009-08-31 17:21 . 2009-08-31 17:21 -------- d-----w- c:\documents and settings\Lieve De Pesseroey\Application Data\Malwarebytes 2009-08-31 17:21 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-31 17:21 . 2009-08-31 17:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-31 17:21 . 2009-08-31 17:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-31 17:21 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-30 09:51 . 2009-08-30 09:51 -------- d-----w- c:\documents and settings\LocalService\Bureaublad 2009-08-30 09:47 . 2009-08-30 09:47 -------- d-----w- c:\program files\Trend Micro 2009-08-30 09:42 . 2009-08-30 09:42 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-08-30 09:42 . 2009-01-18 21:43 2892112 -c--a-w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe 2009-08-28 12:51 . 2006-10-26 17:56 32592 ----a-w- c:\windows\system32\msonpmon.dll 2009-08-28 12:44 . 2009-08-28 12:44 -------- d-----w- c:\program files\Microsoft.NET 2009-08-28 12:34 . 2009-08-28 12:34 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2009-08-28 12:32 . 2009-08-28 12:32 -------- d-----w- c:\documents and settings\Lieve De Pesseroey\Local Settings\Application Data\Microsoft Help 2009-08-28 12:32 . 2009-08-28 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-08-19 07:33 . 2009-08-19 07:33 -------- d-sh--w- c:\documents and settings\Marc Alenus\IETldCache 2009-08-16 21:35 . 2009-08-16 21:35 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-16 21:35 . 2009-08-28 12:46 -------- d-----w- c:\program files\MSBuild 2009-08-16 21:35 . 2009-08-16 21:35 -------- d-----w- c:\program files\Reference Assemblies 2009-08-16 21:34 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-16 21:34 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-16 21:34 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-16 21:34 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-16 21:34 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-16 21:34 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-16 21:34 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-16 21:34 . 2009-08-16 21:34 -------- d-----w- C:\623159812a1c775705d4f4 2009-08-16 21:29 . 2009-08-16 21:29 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2009-08-12 17:49 . 2009-07-10 13:31 1315328 ------w- c:\windows\system32\dllcache\msoe.dll 2009-08-05 09:01 . 2009-08-05 09:01 205312 ------w- c:\windows\system32\dllcache\mswebdvd.dll 2009-08-02 06:36 . 2009-07-03 17:00 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-08-02 06:36 . 2009-07-03 17:00 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-31 16:57 . 2008-05-26 20:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-08-30 09:42 . 2008-01-29 19:23 -------- d-----w- c:\program files\Lavasoft 2009-08-28 13:41 . 2006-03-08 19:13 91704 ----a-w- c:\documents and settings\Lieve De Pesseroey\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-28 12:47 . 2005-08-23 23:52 -------- d-----w- c:\program files\Microsoft Works 2009-08-17 16:10 . 2006-03-10 15:21 1279456 ----a-w- c:\windows\system32\aswBoot.exe 2009-08-17 16:06 . 2006-03-10 15:21 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-08-17 16:06 . 2006-03-10 15:21 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-08-17 16:05 . 2008-04-01 09:12 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-08-17 16:05 . 2008-04-01 09:12 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-08-17 16:04 . 2006-03-10 15:21 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-08-17 16:04 . 2006-03-10 15:21 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-08-17 16:03 . 2006-03-10 15:21 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-08-17 16:02 . 2006-03-10 15:21 97480 ----a-w- c:\windows\system32\AVASTSS.scr 2009-08-16 21:41 . 2005-08-24 00:06 93528 ----a-w- c:\windows\system32\perfc013.dat 2009-08-16 21:41 . 2005-08-24 00:06 514948 ----a-w- c:\windows\system32\perfh013.dat 2009-08-05 09:01 . 2005-08-24 00:09 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-17 19:04 . 2005-08-24 00:05 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2005-08-24 00:07 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-03 17:00 . 2005-08-24 00:07 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-25 08:27 . 2005-08-24 00:06 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:27 . 2005-08-24 00:06 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:27 . 2005-08-24 00:06 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:27 . 2005-08-24 00:06 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:27 . 2005-08-24 00:05 735232 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:27 . 2005-08-24 00:05 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-24 11:18 . 2005-08-24 00:10 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-16 14:40 . 2005-08-24 00:06 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:40 . 2005-08-24 00:05 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-15 10:45 . 2005-08-24 00:06 79872 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:16 . 2005-08-24 00:05 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 07:22 . 2005-08-24 00:06 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:16 . 2005-08-24 00:07 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-03 19:11 . 2005-08-24 00:06 1295360 ----a-w- c:\windows\system32\quartz.dll 2009-06-02 20:31 . 2009-06-02 20:31 152576 -c--a-w- c:\documents and settings\Lieve De Pesseroey\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-01-21 19:50 . 2009-01-21 19:50 6144 -csha-w- c:\program files\Thumbs.db 2007-01-01 13:21 . 2007-01-01 13:21 204996 -c--a-w- c:\program files\Tim en Bram in Bellewaerde (1296 x 968).jpg 2007-01-01 13:20 . 2007-01-01 13:20 52529 -c--a-w- c:\program files\HPIM1355 (600 x 448).jpg 2003-03-21 11:45 . 2009-03-28 15:57 250544 -c--a-w- c:\program files\Common Files\keyhelp.ocx 2006-07-27 12:01 . 2006-07-27 12:01 8192 -csha-w- c:\windows\o2cLicStore.bin 2006-04-18 14:41 . 2006-04-18 14:41 952 -csha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-09-29 159744] "PowerManager"="c:\program files\Power Manager\PM.exe" [2005-09-29 163840] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000] "OdTray.exe"="c:\program files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe" [2005-05-18 1015871] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-04-18 155648] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2005-04-22 1236992] "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 49152] "Lexmark 3100 Series"="c:\program files\Lexmark 3100 Series\lxbrbmgr.exe" [2003-09-04 106496] "LXBRKsk"="c:\progra~1\LEXMAR~1\LXBRKsk.exe" [2003-06-13 282624] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-08-30 520024] "SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2005-09-29 544768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Scroll-In-Mouse V2.0.lnk - c:\program files\A.C\Scroll-In-Mouse V2.0\Scroll.exe [2006-3-8 459264] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient] 2006-03-20 19:59 106496 ----a-w- c:\windows\system32\odyEvent.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Lieve De Pesseroey^Menu Start^Programma's^Opstarten^OpenOffice.org 2.0 .lnk] path=c:\documents and settings\Lieve De Pesseroey\Menu Start\Programma's\Opstarten\OpenOffice.org 2.0 .lnk backup=c:\windows\pss\OpenOffice.org 2.0 .lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\LEXPPS.EXE"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R3 BWNDIS5;BWNDIS5 NDIS Protocol Driver;c:\windows\system32\BWNDIS5.SYS [x] R3 ldiskl;ldiskl;c:\docume~1\MARCAL~1\LOCALS~1\Temp\ldiskl.sys [x] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-08-30 64160] S1 aswSP;avast! Self Protection; [x] S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-08-30 1029456] S3 EKBfltr;ENE Keyboard Controller;c:\windows\system32\DRIVERS\EKBfltr.sys [2005-09-29 5504] --- Andere Services/Drivers In Geheugen --- *NewlyCreated* - WINIO [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Inhoud van de 'Gedeelde Taken' map 2009-08-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 09:44] 2009-08-31 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-03 14:41] 2009-06-15 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] 2009-08-31 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.standaard.be/index.html?ref=vak uInternet Settings,ProxyOverride = 127.0.0.1 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Lieve De Pesseroey\Application Data\Mozilla\Firefox\Profiles\8gpr8bnr.default\ FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-31 20:06 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140111900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(600) c:\windows\system32\Ati2evxx.dll c:\windows\system32\odyEvent.dll . Voltooingstijd: 2009-08-31 20:09 ComboFix-quarantined-files.txt 2009-08-31 18:09 Pre-Run: 49.126.903.808 bytes beschikbaar Post-Run: 49.275.633.664 bytes beschikbaar WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /noguiboot 210 --- E O F --- 2009-08-28 17:32