------- Bijkomende Scan -------
.
uStart Page =
hxxp://www.hln.be/uSearchURL,(Default) =
hxxp://www.google.com/search?q=%sIE: Download all with Free Download Manager -
file://c:\tom\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager -
file://c:\tom\Free Download Manager\dlselected.htm
IE: Download with Free Download Manager -
file://c:\tom\Free Download Manager\dllink.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cabDPF: {5D2CF9D0-113A-476B-986F-288B54571614} -
hxxp://www.devalvr.com/instalacion/plugin/devalocx.cabFF - ProfilePath - c:\documents and settings\GVB Vikingschool\Application Data\Mozilla\Firefox\Profiles\gc7bd92f.default\
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-05-17 14:05
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ccEvtMgr]
"ImagePath"="-"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SAVRT]
"ImagePath"="-"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SNDSrvc]
"ImagePath"="-"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SYMTDI]
"ImagePath"="-"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,83,e6,da,49,84,
34,d4,a4,e2,63,26,f1,3f,c8,ff,68,4a,dc,c5,71,2d,8d,cb,e3,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,bc,26,3a,05,98,
e2,b6,aa,6a,9c,d6,61,af,45,84,18,54,35,ec,c1,45,ba,7e,b6,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,f3,76,77,c3,83,
74,29,25,ff,7c,85,e0,43,d4,0e,fe,76,ab,66,c1,27,b3,03,02,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,1c,b1,f2,95,d7,
a5,60,55,86,8c,21,01,be,91,eb,e7,10,b5,06,5f,a3,6f,59,e4,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,c8,3b,0e,de,a3,
4d,f3,b2,f5,1d,4d,73,a8,13,5c,05,5b,c4,d3,d8,8f,ec,e9,54,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,7b,bd,fd,04,dd,
b7,08,d4,df,20,58,62,78,6b,cf,c8,f8,8c,4a,b2,7b,3e,c4,49,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,95,d5,bf,ed,10,
8c,76,76,fb,a7,78,e6,12,2f,9a,ea,cc,1a,3b,07,ff,e1,0d,b0,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,ad,16,ef,a2,79,
04,fa,24,01,3a,48,fc,e8,04,4a,f1,7b,86,25,e5,0b,1d,15,ff,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,0b,0b,41,4a,c0,
c1,0a,99,f6,0f,4e,58,98,5b,89,c9,56,e1,96,26,25,9f,13,1b,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,7e,30,c4,a8,b6,
f1,ee,13,3d,ce,ea,26,2d,45,aa,78,63,55,52,46,02,f1,13,27,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,3a,ba,0f,55,d0,
4e,d1,76,2a,b7,cc,b5,b9,7f,41,e7,68,57,3a,3a,36,7c,52,68,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,15,bd,7d,df,ff,
8d,03,3b,6c,43,2d,1e,aa,22,2f,9c,55,bd,d6,c9,31,08,15,b6,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"3140710900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(216)
c:\windows\system32\ieframe.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\BRSS01A.EXE
c:\windows\system32\ati2evxx.exe
c:\program files\Symantec AntiVirus\DoScan.exe
c:\progra~1\WinZip\WZQKPICK.EXE
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
c:\windows\system32\wscntfy.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
.
**************************************************************************
.
Voltooingstijd: 2009-05-17 14:11 - machine werd herstart
ComboFix-quarantined-files.txt 2009-05-17 12:11
ComboFix2.txt 2009-05-16 15:50
ComboFix3.txt 2009-05-15 11:35
Pre-Run: 104.006.144.000 bytes beschikbaar
Post-Run: 104.139.964.416 bytes beschikbaar
286 --- E O F --- 2009-04-16 17:18