ComboFix 10-07-12.06 - Guy 13/07/2010 22:30:42.1.2
advertisement
ComboFix 10-07-12.06 - Guy 13/07/2010 22:30:42.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.32.1033.18.1015.508 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Guy\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Software Licensors
c:\windows\system32\system
H:\Autorun.inf
Besmet exemplaar van c:\windows\system32\drivers\afd.sys werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - Kitty had a snack :p
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-06-13 to 2010-07-13 ))))))))))))))))))))))))))))))
.
2010-07-13 11:38 . 2010-07-13 11:38
--------
d-----w- c:\program files\Common Files\Java
2010-07-13 11:38 . 2010-07-13 11:38
12800 ----a-w- c:\documents and settings\Guy\Application
Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-14773139-n\decora-d3d.dll
2010-07-13 11:38 . 2010-07-13 11:38
61440 ----a-w- c:\documents and settings\Guy\Application
Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-14773139-n\decora-sse.dll
2010-07-13 11:38 . 2010-07-13 11:38
503808 ----a-w- c:\documents and settings\Guy\Application
Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-70c693ba-n\msvcp71.dll
2010-07-13 11:38 . 2010-07-13 11:38
499712 ----a-w- c:\documents and settings\Guy\Application
Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-70c693ba-n\jmc.dll
2010-07-13 11:38 . 2010-07-13 11:38
348160 ----a-w- c:\documents and settings\Guy\Application
Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-70c693ba-n\msvcr71.dll
2010-07-13 11:38 . 2010-07-13 11:38
423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-12 20:33 . 2010-07-12 20:33
388096 ----a-r- c:\documents and settings\Guy\Application
Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-12 17:10 . 2010-07-12 17:40
Data\clp
--------
d-----w- c:\documents and settings\All Users\Application
2010-07-12 17:10 . 2010-07-12 18:02
Data\Common Toolkit Suite
--------
d-----w- c:\documents and settings\All Users\Application
2010-07-12 17:08 . 2010-07-12 17:08
Data\Fighters
--------
d-----w- c:\documents and settings\Guy\Application
2010-07-12 17:08 . 2010-07-12 17:08
-------Settings\Application Data\PackageAware
d-----w- c:\documents and settings\Guy\Local
2010-07-10 08:32 . 2010-07-10 08:32
d-----w- c:\program files\Conduit
--------
2010-07-10 08:32 . 2010-06-08 09:34
52224 ------w- c:\documents and settings\Guy\Application
Data\Mozilla\Firefox\Profiles\9qr06lsy.default\extensions\{46735dee-f862-49d1-876d6382794dc625}\components\FFExternalAlert.dll
2010-07-10 08:32 . 2010-06-08 09:34
101376 ------w- c:\documents and settings\Guy\Application
Data\Mozilla\Firefox\Profiles\9qr06lsy.default\extensions\{46735dee-f862-49d1-876d6382794dc625}\components\RadioWMPCore.dll
2010-07-10 08:26 . 2010-07-10 08:26
Data\Uniblue
--------
d-----w- c:\documents and settings\Guy\Application
2010-07-07 06:05 . 2010-07-07 06:05
Settings\Application Data\Threat Expert
--------
d-----w- c:\documents and settings\Guy\Local
2010-07-07 05:50 . 2010-07-10 08:15
--------
d-----w- c:\program files\Spyware Doctor
2010-07-05 19:37 . 2010-07-05 19:37
Data\ReviverSoft
--------
d-----w- c:\documents and settings\All Users\Application
2010-06-27 18:28 . 2007-04-11 08:23
35328
----a-w- c:\windows\system32\drivers\Capt905c.sys
2010-06-27 18:28 . 2007-04-09 12:54
25216
----a-w- c:\windows\system32\drivers\Camd905c.sys
2010-06-27 18:28 . 2010-06-27 18:41
--------
d-----w- c:\program files\MyDSC2
2010-06-26 14:20 . 2010-07-10 08:13
Settings\Application Data\Unity
--------
d-----w- c:\documents and settings\Guy\Local
2010-06-23 05:49 . 2010-06-23 05:49
501936 ----a-w- c:\documents and settings\All Users\Application
Data\Google\Google Toolbar\Update\gtb96.tmp.exe
2010-06-22 06:58 . 2010-06-22 06:58
12536
----a-w- c:\windows\system32\avgrsstx.dll
2010-06-14 18:53 . 2010-06-14 18:53
75432 ----a-w- c:\documents and settings\Guy\Local
Settings\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-13 20:22 . 2008-10-04 09:52
Data\Skype
--------
d-----w- c:\documents and settings\Guy\Application
2010-07-13 16:53 . 2008-04-15 22:02
Data\Google Updater
--------
d-----w- c:\documents and settings\All Users\Application
2010-07-13 14:02 . 2008-11-17 18:10
Data\skypePM
--------
d-----w- c:\documents and settings\Guy\Application
2010-07-13 11:43 . 2009-11-03 06:51
--------
d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-13 11:43 . 2009-11-03 06:51
--------
d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2010-07-13 11:38 . 2007-08-21 18:32
--------
d-----w- c:\program files\Java
2010-07-12 18:52 . 2008-01-06 18:56
Data\ZoomBrowser EX
--------
d-----w- c:\documents and settings\Guy\Application
2010-07-12 18:52 . 2008-01-06 18:53
Data\ZoomBrowser
--------
d-----w- c:\documents and settings\All Users\Application
2010-07-10 08:21 . 2007-08-24 17:34
--------
d-----w- c:\program files\Google
2010-07-10 08:14 . 2008-09-21 12:03
Data\TEMP
--------
d---a-w- c:\documents and settings\All Users\Application
2010-06-27 18:28 . 2007-08-21 18:36
Information
--------
d--h--w- c:\program files\InstallShield Installation
2010-06-22 06:58 . 2008-09-21 14:10
243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-22 06:57 . 2009-11-10 08:37
25168
2010-06-22 06:57 . 2008-09-21 14:10
216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-14 18:47 . 2009-12-06 19:07
Data\Logishrd
--------
d-----w- c:\documents and settings\All Users\Application
2010-06-14 18:47 . 2009-12-06 19:07
--------
d-----w- c:\program files\Common Files\LogiShrd
2010-06-14 18:47 . 2009-12-06 19:07
--------
d-----w- c:\program files\Logitech
2010-06-01 07:07 . 2007-08-21 18:49
29584
----a-w- c:\windows\system32\drivers\avgmfx86.sys
----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-04-29 13:39 . 2009-11-03 06:51
38224 ----a-wc:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2009-11-03 06:51
20952
----a-w- c:\windows\system32\drivers\mbam.sys
2007-08-21 18:29 . 2007-08-21 18:29
firefox\components\jar50.dll
60526
----a-w- c:\program files\mozilla
2007-08-21 18:29 . 2007-08-21 18:29
firefox\components\jsd3250.dll
49256
----a-w- c:\program files\mozilla
2007-08-21 18:29 . 2007-08-21 18:29
firefox\components\xpinstal.dll
166000 ----a-w- c:\program files\mozilla
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-0419 2117704]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 08:25
2117704
----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-0419 2117704]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-0419 2117704]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-27 68856]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"CloneCDElbyCDFL"="c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2001-12-06 45056]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-09-21 127036]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-11 16267776]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15
39792]
"Belgacom"="c:\program files\Belgacom\bin\sprtcmd.exe" [2008-05-29 202016]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
[2010-03-18 207360]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2008-02-11 36864]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-22 2065760]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-27 202256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2004-08-04 136704]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [10/11/2009 10:37 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [21/09/2008 16:10 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [21/09/2008 16:10
216400]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [21/09/2008 16:10 243024]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [22/06/2010 8:57 308136]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [22/06/2010 8:57 2331032]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
[22/06/2010 8:57 5897808]
R2 EFUploadSrv;ExtraFilm upload service;c:\program files\ExtraFilm Designer BE NL\EFUploadSrv.exe
[9/07/2009 14:27 1716224]
R2 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);c:\program files\Belgacom\bin\sprtsvc.exe
[29/05/2008 12:18 202016]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [21/09/2008 15:39 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity
Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [10/11/2009 10:37 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity
Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [10/11/2009 10:37 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity
Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [10/11/2009 10:37 26192]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23/11/2009
17:54 135664]
S3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys -->
c:\windows\system32\DRIVERS\avfsfilter.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [21/09/2008 15:39 30104]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt
REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhoud van de 'Gedeelde Taken' map
2010-07-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 12:57]
2010-07-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-24 01:02]
2010-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-23 15:54]
2010-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-23 15:54]
2010-07-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-725345543-842925246-2147187605-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
2010-07-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-725345543-842925246-21471876051003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
2010-07-13 c:\windows\Tasks\User_Feed_Synchronization-{1AF2FDB4-4B50-4330-BF3A-4EB5EF1CA2A1}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Bijkomende Scan ------.
uStart Page = hxxp://www.google.be/webhp?sourceid=navclient&hl=nl&ie=UTF-8
uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google
Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: vanbredaonline.be\www
DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} - hxxp://install.anark.com/client/version4/windowsie/en/AMClient.cab
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.be/ipsopdata/layout/hema/objects/jordan.cab
FF - ProfilePath - c:\documents and settings\Guy\Application Data\Mozilla\Firefox\Profiles\9qr06lsy.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - ${URL_STARTPAGE}
FF - prefs.js: keyword.URL - ${URL_SEARCHPAGE}
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ---c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel",
2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad",
do proxy autodiscovery
1); // 0=low, 1=medium,
false); // Allow client to
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default",
"chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom",
"chrome://branding/content/searchconfig.properties");
.
**************************************************************************
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden:
**************************************************************************
.
Voltooingstijd: 2010-07-13 22:44:10
ComboFix-quarantined-files.txt 2010-07-13 20:44
Pre-Run: 12.800.815.104 bytes free
Post-Run: 13.438.779.392 bytes beschikbaar
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
[operating systems]
h:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin
/fastdetect
- - End Of File - - E12C96E3DD92196E96FAEB4EE001A5AE