bartvdploeg
2007-09-03, 17:58
Hello,
At first place my English isn't really good, so I hope that you would understand my questions. Since a While I have problems with spyware, lots of it did I delete with Spybot but not all. I can't install Java again, and my desktop is changed into a black with red screen with a fault. I asked also on an other forum, but it is me to slow over there. I want stop my problems. I have Two Logs, One hijacthis and one combofix.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:08:01, on 2-9-2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Trust\DS-3300X Wireless Optical Deskset\Keyboard\kbdap32a.EXE
C:\Program Files\Trust\DS-3300X Wireless Optical Deskset\Mouse\mouse32a.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.marktplaats.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PREAT IE LightFrame - {43D29D14-460E-4F3A-9037-E60F11EF12F0} - C:\WINDOWS\System32\LightFrameIECOM.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Trust\DS-3300X Wireless Optical Deskset\Keyboard\kbdap32a.EXE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\DS-3300X Wireless Optical Deskset\Mouse\mouse32a.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [NetBuster] C:\Website\Nieuwe map\NetBuster.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\PLUS!\diroqiqo.html
--
End of file - 5813 bytes
Other Log
ComboFix 07-08-30.3 - "Bart V.d.Ploeg" 2007-09-02 15:10:16.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1043.18.662 [GMT 2:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\History\search
C:\WINDOWS\APPLIC~1\microsoft\internet explorer\Desktop.htt
C:\WINDOWS\start.exe
C:\WINDOWS\system32\f03WtR
C:\WINDOWS\system32\K2
C:\WINDOWS\system32\win32.exe
((((((((((((((((((((((((( Files Created from 2007-08-02 to 2007-09-02 )))))))))))))))))))))))))))))))
2007-09-02 15:09 90,624 --a------ C:\WINDOWS\nircmd.exe
2007-09-02 15:07 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-27 19:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-27 19:49 <DIR> d-------- C:\WINDOWS\APPLIC~1\SUPERAntiSpyware.com
2007-08-27 19:49 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-08-27 19:49 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-27 19:47 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-08-27 17:59 <DIR> d--hs---- C:\FOUND.002
2007-08-27 17:46 95,608 --a------ C:\WINDOWS\SYSTEM32\AvastSS.scr
2007-08-27 17:46 94,416 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys
2007-08-27 17:46 92,848 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon.sys
2007-08-27 17:46 783,224 --a------ C:\WINDOWS\SYSTEM32\aswBoot.exe
2007-08-27 17:46 42,912 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys
2007-08-27 17:46 26,624 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys
2007-08-27 17:46 23,152 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys
2007-08-27 17:46 <DIR> d-------- C:\Program Files\Alwil Software
2007-08-27 16:57 904,664 --a------ C:\WINDOWS\SYSTEM32\center.exe
2007-08-27 16:57 71,542 --a------ C:\WINDOWS\SYSTEM32\center1.exe
2007-08-27 16:57 45,600 --a------ C:\WINDOWS\SYSTEM32\win321.exe
2007-08-27 16:57 31,094 --a------ C:\WINDOWS\SYSTEM32\center2.exe
2007-08-27 16:57 22,528 --a------ C:\WINDOWS\SYSTEM32\bho.dll
2007-08-27 16:57 <DIR> d--hs---- C:\WINDOWS\QmFydCBWLmQuUGxvZWc
2007-08-27 16:57 <DIR> d-------- C:\WINDOWS\SYSTEM32\snx1
2007-08-27 16:57 <DIR> d-------- C:\WINDOWS\SYSTEM32\Atmp2
2007-08-27 16:57 <DIR> d-------- C:\Temp
2007-08-22 13:03 76,560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2007-08-22 13:01 <DIR> d-------- C:\DOCUME~1\BARTVD~1.PLO\.housecall6.6
2007-08-16 10:28 10,752 --a------ C:\WINDOWS\SYSTEM32\ff_vfw.dll
2007-08-16 10:28 <DIR> d-------- C:\Program Files\ffdshow
2007-08-16 10:27 59,904 --a------ C:\WINDOWS\SYSTEM32\Mscc2fr.dll
2007-08-16 10:27 544,768 --a------ C:\WINDOWS\SYSTEM32\msvcr71d.dll
2007-08-16 10:27 32,768 --a------ C:\WINDOWS\SYSTEM32\CMDLGFR.DLL
2007-08-16 10:27 21,504 --a------ C:\WINDOWS\SYSTEM32\TABCTFR.DLL
2007-08-16 10:27 20,992 --a------ C:\WINDOWS\SYSTEM32\CMCT2FR.DLL
2007-08-16 10:27 15,360 --a------ C:\WINDOWS\SYSTEM32\inetfr.DLL
2007-08-16 10:27 141,312 --a------ C:\WINDOWS\SYSTEM32\MSCMCFR.DLL
2007-08-16 10:27 119,568 --a------ C:\WINDOWS\SYSTEM32\VB6FR.DLL
2007-08-16 10:27 101,888 --a------ C:\WINDOWS\SYSTEM32\VB6STKIT.DLL
2007-08-16 10:27 <DIR> d-------- C:\Program Files\Ipod Video Converter
2007-08-07 22:30 307,200 --a------ C:\Program Files\Common Files\vifo22011.exe
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-30 19:28 --------- d-------- C:\Program Files\Smallvideosoft
2006-07-10 14:46 604 --ah----- C:\Program Files\STLL Notifier
2005-04-05 18:32 266 ---hs---- C:\Program Files\desktop.ini
2005-04-05 18:32 11209 --ah----- C:\Program Files\folder.htt
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\System32\igfxtray.exe" [2005-09-20 04:35]
"igfxpers"="C:\WINDOWS\System32\igfxpers.exe" [2005-09-20 04:36]
"OFFICEKB"="C:\Program Files\Trust\DS-3300X Wireless Optical Deskset\Keyboard\kbdap32a.EXE" [2007-03-18 15:09]
"FLMOFFICE4DMOUSE"="C:\Program Files\Trust\DS-3300X Wireless Optical Deskset\Mouse\mouse32a.exe" [2007-03-18 15:09]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-27 19:53]
"SystemTray"="SysTray.Exe" [2001-09-07 13:00 C:\WINDOWS\SYSTEM32\systray.exe]
"Realtime Audio Engine"="mmrtkrnl.exe" [2004-02-28 20:12 C:\WINDOWS\SYSTEM32\MMRTKRNL.EXE]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-09-18 23:52]
"NetBuster"="C:\Website\Nieuwe map\NetBuster.exe" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 11:50]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"igfxhkcmd"="C:\WINDOWS\System32\hkcmd.exe" [2005-09-20 04:32]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"MsnMsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 07:14]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-09-07 13:00]
C:\DOCUME~1\BARTVD~1.PLO\MENUST~1\PROGRA~1\OPSTAR~1\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
Source= C:\Program Files\PLUS!\diroqiqo.html
FriendlyName=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
R2 MarxDev1;MarxDev1;C:\WINDOWS\System32\drivers\MarxDev1.sys
R2 MarxDev2;MarxDev2;C:\WINDOWS\System32\drivers\MarxDev2.sys
R2 MarxDev3;MarxDev3;C:\WINDOWS\System32\drivers\MarxDev3.sys
R2 Tdlpt;Tdlpt;\??\C:\WINDOWS\System32\drivers\Tdlpt.sys
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps snelle ethernet-adapter;C:\WINDOWS\System32\DRIVERS\AN983.sys
S3 ati2mpaa;ati2mpaa;C:\WINDOWS\System32\DRIVERS\ati2mpaa.sys
*Newly Created Service* - CATCHME
Contents of the 'Scheduled Tasks' folder
2007-09-01 17:00:02 C:\WINDOWS\Tasks\Toepassing Optimalisatie Start.job
2007-08-23 18:35:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-02 15:12:04
Windows 5.1.2600 FAT NTAPI
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-09-02 15:12:30
C:\ComboFix-quarantined-files.txt ... 2007-09-02 15:12
--- E O F ---
At first place my English isn't really good, so I hope that you would understand my questions. Since a While I have problems with spyware, lots of it did I delete with Spybot but not all. I can't install Java again, and my desktop is changed into a black with red screen with a fault. I asked also on an other forum, but it is me to slow over there. I want stop my problems. I have Two Logs, One hijacthis and one combofix.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:08:01, on 2-9-2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Trust\DS-3300X Wireless Optical Deskset\Keyboard\kbdap32a.EXE
C:\Program Files\Trust\DS-3300X Wireless Optical Deskset\Mouse\mouse32a.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.marktplaats.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PREAT IE LightFrame - {43D29D14-460E-4F3A-9037-E60F11EF12F0} - C:\WINDOWS\System32\LightFrameIECOM.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Trust\DS-3300X Wireless Optical Deskset\Keyboard\kbdap32a.EXE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\DS-3300X Wireless Optical Deskset\Mouse\mouse32a.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [NetBuster] C:\Website\Nieuwe map\NetBuster.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\PLUS!\diroqiqo.html
--
End of file - 5813 bytes
Other Log
ComboFix 07-08-30.3 - "Bart V.d.Ploeg" 2007-09-02 15:10:16.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1043.18.662 [GMT 2:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\History\search
C:\WINDOWS\APPLIC~1\microsoft\internet explorer\Desktop.htt
C:\WINDOWS\start.exe
C:\WINDOWS\system32\f03WtR
C:\WINDOWS\system32\K2
C:\WINDOWS\system32\win32.exe
((((((((((((((((((((((((( Files Created from 2007-08-02 to 2007-09-02 )))))))))))))))))))))))))))))))
2007-09-02 15:09 90,624 --a------ C:\WINDOWS\nircmd.exe
2007-09-02 15:07 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-27 19:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-27 19:49 <DIR> d-------- C:\WINDOWS\APPLIC~1\SUPERAntiSpyware.com
2007-08-27 19:49 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-08-27 19:49 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-27 19:47 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-08-27 17:59 <DIR> d--hs---- C:\FOUND.002
2007-08-27 17:46 95,608 --a------ C:\WINDOWS\SYSTEM32\AvastSS.scr
2007-08-27 17:46 94,416 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys
2007-08-27 17:46 92,848 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon.sys
2007-08-27 17:46 783,224 --a------ C:\WINDOWS\SYSTEM32\aswBoot.exe
2007-08-27 17:46 42,912 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys
2007-08-27 17:46 26,624 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys
2007-08-27 17:46 23,152 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys
2007-08-27 17:46 <DIR> d-------- C:\Program Files\Alwil Software
2007-08-27 16:57 904,664 --a------ C:\WINDOWS\SYSTEM32\center.exe
2007-08-27 16:57 71,542 --a------ C:\WINDOWS\SYSTEM32\center1.exe
2007-08-27 16:57 45,600 --a------ C:\WINDOWS\SYSTEM32\win321.exe
2007-08-27 16:57 31,094 --a------ C:\WINDOWS\SYSTEM32\center2.exe
2007-08-27 16:57 22,528 --a------ C:\WINDOWS\SYSTEM32\bho.dll
2007-08-27 16:57 <DIR> d--hs---- C:\WINDOWS\QmFydCBWLmQuUGxvZWc
2007-08-27 16:57 <DIR> d-------- C:\WINDOWS\SYSTEM32\snx1
2007-08-27 16:57 <DIR> d-------- C:\WINDOWS\SYSTEM32\Atmp2
2007-08-27 16:57 <DIR> d-------- C:\Temp
2007-08-22 13:03 76,560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2007-08-22 13:01 <DIR> d-------- C:\DOCUME~1\BARTVD~1.PLO\.housecall6.6
2007-08-16 10:28 10,752 --a------ C:\WINDOWS\SYSTEM32\ff_vfw.dll
2007-08-16 10:28 <DIR> d-------- C:\Program Files\ffdshow
2007-08-16 10:27 59,904 --a------ C:\WINDOWS\SYSTEM32\Mscc2fr.dll
2007-08-16 10:27 544,768 --a------ C:\WINDOWS\SYSTEM32\msvcr71d.dll
2007-08-16 10:27 32,768 --a------ C:\WINDOWS\SYSTEM32\CMDLGFR.DLL
2007-08-16 10:27 21,504 --a------ C:\WINDOWS\SYSTEM32\TABCTFR.DLL
2007-08-16 10:27 20,992 --a------ C:\WINDOWS\SYSTEM32\CMCT2FR.DLL
2007-08-16 10:27 15,360 --a------ C:\WINDOWS\SYSTEM32\inetfr.DLL
2007-08-16 10:27 141,312 --a------ C:\WINDOWS\SYSTEM32\MSCMCFR.DLL
2007-08-16 10:27 119,568 --a------ C:\WINDOWS\SYSTEM32\VB6FR.DLL
2007-08-16 10:27 101,888 --a------ C:\WINDOWS\SYSTEM32\VB6STKIT.DLL
2007-08-16 10:27 <DIR> d-------- C:\Program Files\Ipod Video Converter
2007-08-07 22:30 307,200 --a------ C:\Program Files\Common Files\vifo22011.exe
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-30 19:28 --------- d-------- C:\Program Files\Smallvideosoft
2006-07-10 14:46 604 --ah----- C:\Program Files\STLL Notifier
2005-04-05 18:32 266 ---hs---- C:\Program Files\desktop.ini
2005-04-05 18:32 11209 --ah----- C:\Program Files\folder.htt
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\System32\igfxtray.exe" [2005-09-20 04:35]
"igfxpers"="C:\WINDOWS\System32\igfxpers.exe" [2005-09-20 04:36]
"OFFICEKB"="C:\Program Files\Trust\DS-3300X Wireless Optical Deskset\Keyboard\kbdap32a.EXE" [2007-03-18 15:09]
"FLMOFFICE4DMOUSE"="C:\Program Files\Trust\DS-3300X Wireless Optical Deskset\Mouse\mouse32a.exe" [2007-03-18 15:09]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-27 19:53]
"SystemTray"="SysTray.Exe" [2001-09-07 13:00 C:\WINDOWS\SYSTEM32\systray.exe]
"Realtime Audio Engine"="mmrtkrnl.exe" [2004-02-28 20:12 C:\WINDOWS\SYSTEM32\MMRTKRNL.EXE]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-09-18 23:52]
"NetBuster"="C:\Website\Nieuwe map\NetBuster.exe" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 11:50]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"igfxhkcmd"="C:\WINDOWS\System32\hkcmd.exe" [2005-09-20 04:32]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"MsnMsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 07:14]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-09-07 13:00]
C:\DOCUME~1\BARTVD~1.PLO\MENUST~1\PROGRA~1\OPSTAR~1\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
Source= C:\Program Files\PLUS!\diroqiqo.html
FriendlyName=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
R2 MarxDev1;MarxDev1;C:\WINDOWS\System32\drivers\MarxDev1.sys
R2 MarxDev2;MarxDev2;C:\WINDOWS\System32\drivers\MarxDev2.sys
R2 MarxDev3;MarxDev3;C:\WINDOWS\System32\drivers\MarxDev3.sys
R2 Tdlpt;Tdlpt;\??\C:\WINDOWS\System32\drivers\Tdlpt.sys
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps snelle ethernet-adapter;C:\WINDOWS\System32\DRIVERS\AN983.sys
S3 ati2mpaa;ati2mpaa;C:\WINDOWS\System32\DRIVERS\ati2mpaa.sys
*Newly Created Service* - CATCHME
Contents of the 'Scheduled Tasks' folder
2007-09-01 17:00:02 C:\WINDOWS\Tasks\Toepassing Optimalisatie Start.job
2007-08-23 18:35:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-02 15:12:04
Windows 5.1.2600 FAT NTAPI
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-09-02 15:12:30
C:\ComboFix-quarantined-files.txt ... 2007-09-02 15:12
--- E O F ---