ComboFix 09-01-16.03 - Jeanine 2009-01-17 12:00:52.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.2047.1330 [GMT 1:00] Gestart vanuit: C:\Program Files\combofix\ComboFix.exe AV: VIRUSfighter ver. 5.99 *On-access scanning enabled* (Updated) * Nieuw herstelpunt werd aangemaakt * Resident AV is active . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\DOCUME~1\Jeanine\LOCALS~1\Temp\tmp2.tmp C:\Documents and Settings\Jeanine\Favorieten\Videos.url C:\Documents and Settings\Jeanine\Menu Start\Programma's\System Security C:\Documents and Settings\Jeanine\Menu Start\Programma's\System Security\System Security.lnk C:\Documents and Settings\Jeanine\Menu Start\Programma's\Videos.url C:\WINDOWS\system32\Desktop_.ini C:\WINDOWS\system32\TDSSosvd.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TDSSSERV.SYS -------\Service_TDSSserv.sys (((((((((((((((((((( Bestanden Gemaakt van 2008-12-17 to 2009-01-17 )))))))))))))))))))))))))))))) . 2009-01-17 11:53 . 2009-01-17 11:53 d-------- C:\Program Files\combofix 2009-01-17 07:52 . 2009-01-17 07:52 d-------- C:\Documents and Settings\Jeanine\Application Data\Malwarebytes 2009-01-17 07:52 . 2009-01-14 16:11 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2009-01-17 07:51 . 2009-01-17 07:52 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2009-01-17 07:51 . 2009-01-17 07:51 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-01-17 07:51 . 2009-01-14 16:11 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2009-01-15 17:24 . 2008-09-02 12:48 19,512 --a------ C:\WINDOWS\system32\drivers\nvcw32mf.sys 2009-01-15 17:12 . 2009-01-17 12:07 d-------- C:\VIRUSfighter 2009-01-14 17:21 . 2009-01-14 17:22 d-------- C:\Program Files\Fighters 2009-01-14 17:21 . 2009-01-14 17:21 d-------- C:\Documents and Settings\All Users\Application Data\Fighters 2009-01-14 16:46 . 2009-01-14 16:47 d-------- C:\Documents and Settings\All Users\Application Data\1620370823 2009-01-13 11:36 . 2009-01-17 08:16 dr-h----- C:\Documents and Settings\Jeanine\Onlangs geopend 2009-01-12 10:59 . 2009-01-12 10:59 d-------- C:\Program Files\Enigma Software Group 2009-01-10 11:38 . 2009-01-10 11:38 d-------- C:\Program Files\Milehighads Games Collection 2009-01-10 11:37 . 2009-01-10 11:37 85,239 --a------ C:\WINDOWS\system32\cont_milehighads-remove.exe 2009-01-10 11:37 . 2009-01-10 11:37 69,007 --a------ C:\WINDOWS\system32\bmmrexdyrgnsi.dll-uninst.exe 2009-01-08 10:29 . 2009-01-08 10:30 d-------- C:\Program Files\MindMan Personal 2008-12-28 11:47 . 2008-12-28 11:47 2,581,984 --a------ C:\WINDOWS\dbplugin.ocx 2008-12-28 11:47 . 2008-12-28 11:47 2,438,640 --a------ C:\WINDOWS\npdbplug.dll 2008-12-28 11:47 . 2008-12-28 11:47 1,023,456 --a------ C:\WINDOWS\dbplugin.exe 2008-12-28 11:47 . 2008-12-28 11:47 356,352 --a------ C:\WINDOWS\eSellerateEngine.dll 2008-12-28 11:47 . 2008-12-28 11:47 225,360 --a------ C:\WINDOWS\system32\DNLEng.dll 2008-12-28 11:47 . 2008-12-28 11:47 143,360 --a------ C:\WINDOWS\picn1120.dll 2008-12-28 11:47 . 2008-12-28 11:47 143,360 --a------ C:\WINDOWS\picn1020.dll 2008-12-28 11:47 . 2008-12-28 11:47 31,728 --a------ C:\WINDOWS\dbrmdwb.exe 2008-12-28 11:47 . 2008-12-28 11:47 633 --a------ C:\WINDOWS\npdbplug.xpt 2008-12-28 11:47 . 2008-12-28 11:47 26 --a------ C:\WINDOWS\dbrmdwb.bat . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-17 11:09 --------- d-----w C:\Documents and Settings\Jeanine\Application Data\Free Download Manager 2009-01-16 19:50 --------- d-----w C:\Program Files\POLS_Netwerk_PO 2009-01-15 16:12 --------- d--h--w C:\Program Files\InstallShield Installation Information 2009-01-15 16:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8 2009-01-13 09:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\KESI 2009-01-10 09:49 --------- d-----w C:\Documents and Settings\Jeanine\Application Data\LimeWire 2008-12-24 09:16 --------- d-----w C:\Program Files\Sprint Nederlands 2008-12-12 09:19 410,976 ----a-w C:\WINDOWS\system32\deploytk.dll 2008-12-12 09:18 --------- d-----w C:\Program Files\Java 2008-12-11 17:31 --------- d-----w C:\Program Files\Windows Live SkyDrive 2008-12-11 10:57 333,952 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-11-18 13:53 --------- d-----w C:\Program Files\MSECache 2008-11-18 13:32 --------- d-----w C:\Program Files\Krowser 2008-11-18 13:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\krowser2 2008-11-18 10:01 15,496 ----a-w C:\WINDOWS\system32\drivers\vffilter.sys 2008-11-09 17:01 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE 2008-11-09 17:01 249,856 ------w C:\WINDOWS\Setup1.exe 2008-10-23 12:43 286,720 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-09-05 07:10 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008090520080906\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 18:03 1695232] "Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2007-10-08 02:39 2445359] "Free Upload Manager"="C:\Program Files\Free Download Manager\fum\fum.exe" [2007-07-29 19:13 253952] "Free Uploader Oe Integration"="C:\Program Files\Free Download Manager\FUM\fumoei.exe" [2007-06-10 18:02 40960] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-24 16:46 68856] "BattStat"="C:\Program Files\Battery Status\BattStat.exe" [2007-10-20 22:44 284160] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:02 15360] "PSTSchedule"="C:\Program Files\Aminsoft\PSTSync\PSTSchedule.exe" [2006-08-28 06:47 606208] "MobileConnect.EXE"="C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE" [2008-01-08 12:44 2707456] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-07-23 22:11 8433664] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-07-23 22:11 81920] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-07-23 22:12 159744] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-23 22:13 827392] "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-07-23 22:13 752136] "Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2008-04-14 18:03 144384] "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-12-12 10:19 136600] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 15:09 63712] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-09 10:07 185896] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "CONNECTScheduler"="C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe" [2005-11-15 03:54 69632] "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 18:58 81920] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "spywarefighterguard"="C:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe" [2008-11-18 11:01 180872] "nwiz"="nwiz.exe" [2007-07-23 22:12 1626112 C:\WINDOWS\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2007-07-23 22:12 16342528 C:\WINDOWS\RTHDCPL.exe] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-04-01 08:02:38 568176] CONNECTAUTrayApp.lnk - C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe [2005-11-15 03:54:01 114688] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.dvsd"= pdvcodec.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\mIRC\\mirc.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\Free Download Manager\\fdm.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\Program Files\\PrinterAnywhere\\paConsole.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service R3 nsesvc;Norman Scanner Engine Service;C:\VIRUSfighter\Nse\Bin\Nsesvc.exe [2009-01-15 17:25:10 322616] R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\drivers\nvcw32mf.sys [2009-01-15 17:24:29 19512] R3 nvcoas;Norman Virus Control on-access component;C:\VIRUSfighter\Nvc\Bin\Nvcoas.exe [2009-01-15 17:24:29 183352] R3 NVCScheduler;Norman Virus Control Scheduler;C:\VIRUSfighter\Nvc\Bin\Nvcsched.exe [2009-01-15 17:24:30 146488] R3 Vfscan;Vfscan;C:\WINDOWS\system32\drivers\vffilter.sys [2008-11-18 11:01:46 15496] R4 Ndiskio;Ndiskio;C:\VIRUSfighter\Nse\Bin\Ndiskio.sys [2009-01-15 17:25:10 20448] R4 PTK License-FIGHTERS-297811811;PTK License-FIGHTERS-297811811;C:\Program Files\Fighters\LicenseService.exe [2008-11-18 11:01:26 283272] R4 PTK Live Update-FIGHTERS-297811811;PTK Live Update-FIGHTERS-297811811;C:\Program Files\Fighters\UpdateService.exe [2008-11-18 11:01:30 307848] R4 PTK Scanner-FIGHTERS-297811811;PTK Scanner-FIGHTERS-297811811;C:\Program Files\Fighters\ScannerService.exe [2008-11-18 11:01:28 311944] R4 PTK SharedAccess-FIGHTERS-297811811;PTK SharedAccess-FIGHTERS-297811811;C:\Program Files\Fighters\ConfigService.exe [2008-11-18 11:01:20 139912] S3 GT72NDISIPXP;GT 72 IP NDIS;C:\WINDOWS\system32\drivers\Gt51Ip.sys [2008-05-26 10:33:32 96000] S3 GT72UBUS;GT 72 U BUS;C:\WINDOWS\system32\drivers\gt72ubus.sys [2008-05-26 10:33:28 49792] S3 GTPTSER;GT PT SER;C:\WINDOWS\system32\drivers\gtptser.sys [2008-05-26 10:33:39 8064] S3 GTUQBUS;GT UQ BUS;C:\WINDOWS\system32\drivers\gtuqbus.sys [2008-05-26 17:23:09 37120] S3 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-01-05 18:05:00 10624] . Inhoud van de 'Gedeelde Taken' map 2009-01-17 C:\WINDOWS\Tasks\AJCDirectorySync_Sychroniseren outlook Nin.job - C:\Program Files\AJC Software\AJC Directory Synchronizer\AJCDirS.exe [] . - - - - ORPHANS VERWIJDERD - - - - WebBrowser-{32A2279A-AE6F-48F5-9F7A-856D7ED202A7} - (no file) HKCU-Run-Uniblue RegistryBooster 2009 - C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe HKLM-Run-BroadcomWireless - C:\Program Files\Broadcom\Wireless\Utility\WlanUtil.exe HKLM-Run-PrevxCSI - C:\Program Files\PrevxCSI\prevxcsi.exe HKLM-Run-Norman ZANDA - C:\VIRUSfighter\Bin\ZLH.EXE . ------- Bijkomende Scan ------- . uStart Page = www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Download alles met Free Download Manager. - file://C:\Program Files\Free Download Manager\dlall.htm IE: Download met Free Download Manager. - file://C:\Program Files\Free Download Manager\dllink.htm IE: Download selectie met Free Download Manager. - file://C:\Program Files\Free Download Manager\dlselected.htm IE: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: {{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-17 12:09:59 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ...