ComboFix 09-04-13.A2 - john 2009-04-13 17:27.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.3071.2269 [GMT 2:00] Gestart vanuit: c:\documents and settings\john\Bureaublad\ComboFix.exe AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) AV: Webroot Internet Security Essentials *On-access scanning enabled* (Updated) FW: Webroot Internet Security Essentials *enabled* * Nieuw herstelpunt werd aangemaakt * Resident AV is active . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . M:\Autorun.inf . (((((((((((((((((((( Bestanden Gemaakt van 2009-03-13 to 2009-04-13 )))))))))))))))))))))))))))))) . 2009-04-13 15:27 . 2009-04-13 15:27 -------- d-----w c:\documents and settings\john\Local Settings\Application Data\ESET 2009-04-13 13:28 . 2009-04-13 13:28 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\ESET 2009-04-11 11:55 . 2009-04-11 11:55 271 ----a-w c:\windows\SysMech.INI 2009-04-11 10:00 . 2009-04-13 15:07 -------- d--h--r c:\documents and settings\john\Onlangs geopend 2009-04-11 08:21 . 2009-04-11 08:21 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache 2009-04-11 05:51 . 2009-04-11 05:51 -------- d-sh--w c:\documents and settings\john\IECompatCache 2009-04-11 05:50 . 2009-04-11 05:50 -------- d-sh--w c:\documents and settings\john\PrivacIE 2009-04-11 05:49 . 2009-04-11 05:49 -------- d-sh--w c:\documents and settings\john\IETldCache 2009-04-11 05:47 . 2009-04-11 05:47 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache 2009-04-11 05:43 . 2009-04-11 05:43 -------- d-----w c:\windows\ie8updates 2009-04-11 05:41 . 2009-04-11 05:41 -------- dc-h--w c:\windows\ie8 2009-04-11 05:40 . 2009-02-28 04:55 105984 -c----w c:\windows\system32\dllcache\iecompat.dll 2009-03-20 16:53 . 2009-04-09 05:22 -------- d-----w c:\documents and settings\All Users\Bureaublad . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-13 15:12 . 2007-08-29 15:43 -------- d-----w c:\documents and settings\john\Application Data\U3 2009-04-13 13:10 . 2009-01-27 14:33 -------- d-----w c:\program files\SPAMfighter 2009-04-13 13:09 . 2008-05-25 14:26 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-04-12 23:15 . 2009-04-12 23:15 -------- d-----w c:\program files\Trend Micro 2009-04-12 14:30 . 2007-08-28 08:55 -------- d-----w c:\program files\DYMO Label 2009-04-11 11:57 . 2009-04-11 05:47 245760 --sha-w c:\windows\system32\config\systemprofile\IETldCache\index.dat 2009-04-09 05:05 . 2009-03-02 01:40 108296 ----a-w c:\windows\system32\drivers\pwipf6.sys 2009-04-06 15:37 . 2007-08-28 17:07 -------- d-----w c:\program files\PC Doc Pro 2009-04-06 11:32 . 2007-08-28 17:34 1563008 ----a-w c:\windows\WRSetup.dll 2009-04-04 14:54 . 2009-01-31 01:09 -------- d-----w c:\documents and settings\john\Application Data\VersionTracker Pro 2009-04-02 12:30 . 2007-08-28 17:34 176752 ----a-w c:\windows\system32\drivers\ssidrv.sys 2009-04-02 12:30 . 2007-08-28 17:34 23152 ----a-w c:\windows\system32\drivers\sshrmd.sys 2009-04-02 12:30 . 2008-07-28 14:44 29808 ----a-w c:\windows\system32\drivers\ssfs0bbc.sys 2009-04-01 05:45 . 2009-01-02 09:02 -------- d-----w c:\documents and settings\All Users\Application Data\iolo 2009-03-29 04:40 . 2008-03-09 11:50 -------- d-----w c:\program files\SIW 2009-03-29 02:45 . 2006-03-02 12:00 91922 ----a-w c:\windows\system32\perfc013.dat 2009-03-29 02:45 . 2006-03-02 12:00 511840 ----a-w c:\windows\system32\perfh013.dat 2009-03-28 16:54 . 2007-08-28 05:12 -------- d-----w c:\program files\Common Files\Adobe 2009-03-27 12:49 . 2009-01-02 09:05 938336 ----a-w c:\windows\system32\Incinerator.dll 2009-03-26 07:57 . 2007-12-11 01:52 464 ----a-w c:\documents and settings\john\Application Data\wklnhst.dat 2009-03-24 15:28 . 2009-03-24 15:28 -------- d-----w c:\program files\SmartPCTools 2009-03-23 05:30 . 2008-03-23 08:09 -------- d-----w c:\documents and settings\All Users\Application Data\Babylon 2009-03-23 03:49 . 2007-08-28 16:52 53256 ----a-w c:\documents and settings\john\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-22 02:30 . 2009-01-28 16:22 -------- d-----w c:\documents and settings\john\Application Data\Apple Computer 2009-03-20 16:17 . 2008-11-26 06:38 -------- d-----w c:\program files\OpenOffice.org 3 2009-03-18 06:53 . 2007-08-28 16:32 -------- d-----w c:\documents and settings\john\Application Data\Webroot 2009-03-11 14:24 . 2009-01-02 09:02 -------- d-----w c:\documents and settings\john\Application Data\iolo 2009-03-08 02:34 . 2006-03-02 12:00 914944 ----a-w c:\windows\system32\wininet.dll 2009-03-08 02:34 . 2006-03-02 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll 2009-03-08 02:33 . 2006-03-02 12:00 18944 ----a-w c:\windows\system32\corpol.dll 2009-03-08 02:33 . 2006-03-02 12:00 420352 ----a-w c:\windows\system32\vbscript.dll 2009-03-08 02:32 . 2006-03-02 12:00 72704 ----a-w c:\windows\system32\admparse.dll 2009-03-08 02:32 . 2006-03-02 12:00 71680 ----a-w c:\windows\system32\iesetup.dll 2009-03-08 02:31 . 2006-03-02 12:00 34816 ----a-w c:\windows\system32\imgutil.dll 2009-03-08 02:31 . 2006-03-02 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll 2009-03-08 02:31 . 2006-03-02 12:00 45568 ----a-w c:\windows\system32\mshta.exe 2009-03-08 02:22 . 2006-03-02 12:00 156160 ----a-w c:\windows\system32\msls31.dll 2009-02-27 21:44 . 2008-03-23 08:09 -------- d-----w c:\documents and settings\john\Application Data\Babylon 2009-02-21 00:58 . 2008-02-02 21:36 2828 --sha-w c:\windows\system32\KGyGaAvL.sys 2009-02-21 00:58 . 2008-02-02 21:36 2828 --sha-w c:\windows\system32\KGyGaAvL.sys 2009-02-20 23:39 . 2008-06-20 13:15 -------- d-----w c:\program files\Panda Security 2009-02-19 14:46 . 2009-01-02 09:05 -------- d-----w c:\documents and settings\LocalService\Application Data\iolo 2009-02-17 09:26 . 2009-01-02 09:04 8704 ----a-w c:\windows\system32\smrgdf.exe 2009-02-17 09:26 . 2009-01-02 09:04 29184 ----a-w c:\windows\system32\iolobtdfg.exe 2009-02-09 14:08 . 2006-03-02 12:00 1846912 ----a-w c:\windows\system32\win32k.sys 2009-02-03 18:08 . 2007-08-28 18:03 164 ----a-w C:\install.dat 2009-01-31 17:25 . 2009-01-31 00:16 29480 ----a-w c:\windows\system32\msxml3a.dll 2007-12-24 01:40 . 2007-12-24 01:40 12190 ----a-w c:\documents and settings\All Users\DymoTemplates745418728.zip 2007-11-01 11:43 . 2007-11-01 11:43 42168 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2007-08-29 13:53 . 2007-08-29 13:53 127 ----a-w c:\documents and settings\john\Local Settings\Application Data\fusioncache.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId] @="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}" [HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}] 2009-02-14 13:00 238968 --a------ c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Registry Repair Wizard Scheduler"="c:\program files\SmartPCTools\Registry Repair Wizard\RCHelper.exe" [2009-04-12 1052928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144] "nwiz"="c:\windows\system32\nwiz.exe" [2008-09-18 1657376] "FinePrint Dispatcher v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2007-11-07 507904] "CaretakerNotifier"="c:\program files\SurfRight\Caretaker\Notifier.exe" [2008-09-05 581368] "SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2009-01-16 325768] "RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240] "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-10-24 1451264] "SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-04-06 6345840] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ HPAiODevice(hp officejet d series) - 1.lnk - c:\program files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe [2002-09-26 491582] LaunchU3.exe.lnk - c:\windows\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2008-05-09 22486] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 02:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.enc"= ITIG726.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech SetPoint.lnk] backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor] --a------ 2007-10-30 20:52 16200 c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer] --a------ 2008-02-29 03:12 76304 c:\windows\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer] --a------ 2008-02-29 03:12 76304 c:\windows\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate] --a------ 2005-06-08 15:44 196608 c:\program files\Logitech\Video\ManifestEngine.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] --a------ 2005-06-08 16:24 458752 c:\program files\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] --a------ 2005-06-08 16:14 217088 c:\program files\Logitech\Video\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX] --a------ 2005-07-19 18:32 221184 c:\windows\system32\LVCOMSX.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch] --a------ 2005-11-09 16:19 634880 c:\program files\Maxtor\OneTouch\Utils\OneTouch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu] --a------ 2005-10-17 16:24 81920 c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] --a------ 2006-06-15 12:36 229376 c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2007-04-16 16:28 577536 c:\windows\soundman.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "135:TCP"= 135:TCP:DCOM(135) R1 ctredrv.sys;ctredrv.sys; [x] R3 CaretakerAntispam;Caretaker Antispam Service;c:\program files\SurfRight\Caretaker\AntispamService.exe [2008-11-04 497400] R3 PhilCam8116_XP;Logitech QuickCam Pro 3000(PID_08B1);c:\windows\system32\DRIVERS\CamDrL20.sys [2004-05-21 245760] S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544] S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2009-04-02 29808] S1 ctredr15.sys;ctredr15.sys;c:\windows\system32\drivers\ctredr15.sys [2008-04-11 18176] S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-10-24 34824] S1 pwipf6;pwipf6;c:\windows\system32\drivers\pwipf6.sys [2009-04-09 108296] S2 CaretakerProxy;Caretaker Proxy;c:\program files\SurfRight\Caretaker\CaretakerProxy.exe [2008-11-04 1008888] S2 CaretakerSvc;Caretaker Service;c:\program files\SurfRight\Caretaker\CaretakerService.exe [2008-11-25 979192] S2 CaretakerUpdate;Caretaker Updater;c:\program files\SurfRight\Caretaker\CaretakerUpdater.exe [2008-09-05 168696] S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-10-24 468224] S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-02-06 712048] S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-02-06 712048] S2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [2009-01-16 184968] S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [2009-04-09 1181040] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Inhoud van de 'Gedeelde Taken' map 2009-04-13 c:\windows\Tasks\Controleren op updates voor Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] 2009-04-13 c:\windows\Tasks\User_Feed_Synchronization-{7C178686-14B3-49E5-85F5-9790280779DD}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 04:31] . - - - - ORPHANS VERWIJDERD - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKCU-Run-Verjaardagen - (no file) . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.ziggo.nl/ uInternet Settings,ProxyOverride = localhost IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm . . ------- Bestandsassociaties ------- . JSEFile=NOTEPAD.EXE %1 VBEFile=NOTEPAD.EXE %1 VBSFile=NOTEPAD.EXE %1 . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-13 17:28 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-1229272821-746137067-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(732) c:\program files\common files\logitech\bluetooth\LBTWlgn.dll c:\program files\common files\logitech\bluetooth\LBTServ.dll . Voltooingstijd: 2009-04-13 17:29 ComboFix-quarantined-files.txt 2009-04-13 15:29 Pre-Run: 62.507.253.760 bytes beschikbaar Post-Run: 62,545,510,400 bytes beschikbaar WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 232 --- E O F --- 2009-03-05 05:51