ComboFix 09-03-25.04 - Roel 2009-03-25 21:24:35.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.767.348 [GMT 1:00] Gestart vanuit: c:\docume~1\Roel\LOCALS~1\Temp\hoyuy87l.tmp\ComboFix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) FW: McAfee Personal Firewall *disabled* * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\IE4 Error Log.txt [color=blue]Besmet exemplaar van c:\windows\system32\userinit.exe werd aangetroffen en gedesinfecteerd Hersteld exemplaar van - c:\qoobox\Quarantine\C\WINDOWS\system32\userinit.exe.vir[/COLOR] . (((((((((((((((((((( Bestanden Gemaakt van 2009-02-25 to 2009-03-25 )))))))))))))))))))))))))))))) . 2009-03-25 16:35 . 2009-03-25 16:35 d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-25 16:35 . 2009-03-25 16:35 d-------- c:\documents and settings\Roel\Application Data\Malwarebytes 2009-03-25 16:35 . 2009-03-25 16:35 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-25 16:35 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-25 16:35 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-25 16:33 . 2009-03-25 16:33 d-------- c:\program files\PowerChallenge 2009-03-25 15:33 . 2009-03-25 16:43 d-------- C:\ComboFixe 2009-03-25 15:10 . 2009-03-25 15:10 d-------- c:\program files\Trend Micro 2009-03-25 14:00 . 2009-03-25 14:00 dr------- c:\documents and settings\NetworkService\Favorieten 2009-03-25 12:58 . 2009-03-25 12:58 74,240 --a------ c:\windows\system32\7333uq64.exe 2009-03-25 12:50 . 2009-03-25 12:50 2,679 --a------ C:\Hai.JPG 2009-03-23 16:18 . 2009-03-25 21:29 d-------- c:\documents and settings\Roel\Tracing 2009-03-22 08:31 . 2009-03-22 08:31 d-------- c:\program files\Microsoft 2009-03-22 08:29 . 2009-03-22 08:29 d-------- c:\program files\Windows Live SkyDrive 2009-03-22 08:27 . 2009-03-22 08:34 d-------- c:\program files\Windows Live 2009-03-22 08:21 . 2009-03-22 08:21 d-------- c:\program files\Common Files\Windows Live 2009-03-07 19:02 . 2009-03-07 19:02 d-------- c:\documents and settings\Roel\Application Data\Apple Computer 2009-03-07 19:02 . 2009-03-18 17:39 54,156 --ah----- c:\windows\QTFont.qfn 2009-03-07 19:02 . 2009-03-07 19:02 53,012 --ah----- c:\windows\system32\mlfcache.dat 2009-03-07 19:02 . 2009-03-07 19:02 1,409 --a------ c:\windows\QTFont.for 2009-03-07 19:01 . 2009-03-07 19:02 d-------- c:\program files\Safari 2009-03-07 19:01 . 2009-03-07 19:01 d-------- c:\documents and settings\All Users\Application Data\Apple Computer 2009-03-07 19:00 . 2009-03-07 19:00 d-------- c:\program files\Apple Software Update 2009-03-07 19:00 . 2009-03-07 19:00 d-------- c:\documents and settings\All Users\Application Data\Apple 2009-03-05 20:01 . 2009-03-05 20:08 d-------- c:\program files\WinAVI Video Converter 2009-03-05 19:40 . 2009-03-05 19:40 d-------- c:\program files\AviSynth 2.5 2009-03-05 19:38 . 2009-03-05 20:00 d-------- c:\program files\Avi2Dvd 2009-03-03 14:09 . 2009-03-03 14:14 d-------- c:\program files\DAEMON Tools Pro 2009-03-03 14:09 . 2009-03-03 14:09 d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro 2009-03-03 14:03 . 2009-03-03 14:03 d-------- c:\documents and settings\Roel\Application Data\DAEMON Tools Pro 2009-03-03 14:03 . 2009-03-03 14:03 717,296 --a------ c:\windows\system32\drivers\sptd.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-25 20:29 --------- d-----w c:\program files\DNA 2009-03-25 20:29 --------- d-----w c:\documents and settings\Roel\Application Data\DNA 2009-03-25 14:09 --------- d-----w c:\program files\Java 2009-03-24 16:11 --------- d-----w c:\program files\McAfee 2009-03-18 20:28 --------- d-----w c:\documents and settings\Roel\Application Data\BitTorrent 2009-03-11 06:04 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-03-08 16:09 34 ----a-w c:\documents and settings\Roel\jagex_runescape_preferences.dat 2009-03-03 22:29 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore 2009-02-19 08:24 --------- d-----w c:\program files\Common Files\Blizzard Entertainment 2009-01-30 16:01 --------- d-----w c:\documents and settings\Roel\Application Data\Leadertech 2009-01-30 16:00 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-30 15:21 --------- d-----w c:\program files\Infogrames Interactive 2009-01-30 15:16 --------- d-----w c:\documents and settings\Roel\Application Data\Local Settings 2009-01-30 15:15 37,376 ----a-w c:\windows\system32\drivers\WMDrive.sys 2009-01-30 15:15 --------- d-----w c:\program files\WinMount3 2009-01-29 21:04 --------- d-----w c:\documents and settings\Roel\Application Data\vlc 2009-01-29 20:58 --------- d-----w c:\program files\VideoLAN 2009-01-29 18:04 --------- d-----w c:\program files\BitTorrent . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-29 342848] "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-06-25 2321600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184] "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752] "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-07-08 282624] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "CTHelper"="CTHELPER.EXE" [2006-08-11 c:\windows\CTHELPER.EXE] "CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 c:\windows\system32\CTXFIHLP.EXE] "nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Pinnacle Scheduler.lnk - c:\program files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2007-06-23 237568] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.PIM1"= PCLEPIM1.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Games\\FM2007\\fm.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-10-04 203280] R2 WMDrive;WMDrive;c:\windows\system32\drivers\WMDrive.sys [2009-01-30 37376] R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2007-06-23 6400] R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [2007-06-23 163328] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-03-25 38496] . Inhoud van de 'Gedeelde Taken' map 2009-03-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-03-25 c:\windows\Tasks\At1.job - c:\windows\system32\7333uq64.exe [2009-03-25 12:58] 2009-03-25 c:\windows\Tasks\At10.job - c:\windows\system32\7333uq64.exe [2009-03-25 12:58] 2009-03-25 c:\windows\Tasks\At11.job - c:\windows\system32\7333uq64.exe [2009-03-25 12:58] 2009-03-25 c:\windows\Tasks\At12.job - c:\windows\system32\7333uq64.exe [2009-03-25 12:58] 2009-03-25 c:\windows\Tasks\At13.job - c:\windows\system32\7333uq64.exe [2009-03-25 12:58] 2009-03-25 c:\windows\Tasks\At14.job - c:\windows\system32\7333uq64.exe [2009-03-25 12:58] 2009-03-25 c:\windows\Tasks\At15.job - c:\windows\system32\7333uq64.exe [2009-03-25 12:58] 2009-03-25 c:\windows\Tasks\At16.job - c:\windows\system32\7333uq64.exe [2009-03-25 12:58] 2009-03-25 c:\windows\Tasks\At17.job - c:\windows\system32\7333uq64.exe [2009-03-25 12:58] 2009-03-25 c:\windows\Tasks\At18.job - c:\windows\system32\7333uq64.exe [2009-03-25 12:58] 2009-03-25 c:\windows\Tasks\At19.job - c:\windows\system32\7333uq64.exe [2009-03-25 12:58] 2009-03-25 c:\windows\Tasks\At2.job - c:\windows\system32\7333uq64.exe [2009-03-25 12:58] 2009-03-25 c:\windows\Tasks\At20.job - c:\windows\system32\7333uq64.exe [2009-03-25 12:58] 2009-03-25 c:\windows\Tasks\At21.job - c:\windows\system32\7333uq64.exe [2009-03-25 12:58] 2009-03-25 c:\windows\Tasks\At22.job - c:\windows\system32\7333uq64.exe [2009-03-25 12:58] 2009-03-25 c:\windows\Tasks\At23.job - c:\windows\system32\7333uq64.exe [2009-03-25 12:58] 2009-03-25 c:\windows\Tasks\At24.job - c:\windows\system32\7333uq64.exe [2009-03-25 12:58] 2009-03-25 c:\windows\Tasks\At3.job - c:\windows\system32\7333uq64.exe [2009-03-25 12:58] 2009-03-25 c:\windows\Tasks\At4.job - c:\windows\system32\7333uq64.exe [2009-03-25 12:58] 2009-03-25 c:\windows\Tasks\At5.job - c:\windows\system32\7333uq64.exe [2009-03-25 12:58] 2009-03-25 c:\windows\Tasks\At6.job - c:\windows\system32\7333uq64.exe [2009-03-25 12:58] 2009-03-25 c:\windows\Tasks\At7.job - c:\windows\system32\7333uq64.exe [2009-03-25 12:58] 2009-03-25 c:\windows\Tasks\At8.job - c:\windows\system32\7333uq64.exe [2009-03-25 12:58] 2009-03-25 c:\windows\Tasks\At9.job - c:\windows\system32\7333uq64.exe [2009-03-25 12:58] 2008-10-14 c:\windows\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2009-01-09 10:53] 2008-11-01 c:\windows\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2009-01-09 10:53] . . ------- Bijkomende Scan ------- . IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-25 21:30:08 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . ------------------------ Andere Aktieve Processen ------------------------ . c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\windows\system32\rundll32.exe c:\program files\Common Files\McAfee\MNA\McNASvc.exe c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe c:\program files\Microsoft ActiveSync\rapimgr.exe c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files\McAfee\MPF\MpfSrv.exe c:\program files\McAfee\MSK\msksrver.exe c:\windows\system32\nvsvc32.exe c:\program files\Logitech\Video\FxSvr2.exe c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Voltooingstijd: 2009-03-25 21:35:50 - machine werd herstart ComboFix-quarantined-files.txt 2009-03-25 20:35:37 Pre-Run: 5.776.703.488 bytes beschikbaar Post-Run: 6,920,806,400 bytes beschikbaar WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 237 --- E O F --- 2009-03-15 08:47:14