ComboFix 09-05-31.06 - JORDY 02/06/2009 21:51.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.32.1043.18.1023.647 [GMT 2:00] Gestart vanuit: c:\documents and settings\JORDY\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\JORDY\Bureaublad\CFScript.txt AV: F-Secure Anti-Virus for Workstations 7.10 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15} WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! FILE :: "C:\gmres.exe" "C:\undlh.exe" "c:\windows\system32\1483083334.dat" "c:\windows\system32\acctresp.exe" "c:\windows\system32\drivers\1ced9354.sys" "c:\windows\system32\drivers\6a0ee38b.sys" "c:\windows\system32\drivers\6dca4fc3.sys" "c:\windows\system32\drivers\86b7b066.sys" "c:\windows\system32\jbnmcd.dll" "c:\windows\system32\jbnmck.dll" "C:\ysjmlii.exe" . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\gmres.exe C:\undlh.exe c:\windows\system32\1483083334.dat c:\windows\system32\acctresp.exe c:\windows\system32\drivers\1ced9354.sys c:\windows\system32\drivers\6a0ee38b.sys c:\windows\system32\drivers\6dca4fc3.sys c:\windows\system32\drivers\86b7b066.sys c:\windows\system32\jbnmcd.dll c:\windows\system32\jbnmck.dll C:\ysjmlii.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_1ced9354 -------\Service_6a0ee38b -------\Service_6dca4fc3 -------\Service_86b7b066 (((((((((((((((((((( Bestanden Gemaakt van 2009-05-02 to 2009-06-02 )))))))))))))))))))))))))))))) . 2009-06-02 19:18 . 2009-06-02 19:21 -------- d-----w- C:\cfbef49694ca12a892ffc2f4bebbff5f 2009-06-02 19:03 . 2009-06-02 19:05 -------- d-----w- C:\e9e3c0a33bb385737a0e 2009-06-02 10:46 . 2009-06-02 10:46 -------- d-----r- c:\documents and settings\LocalService\Favorieten 2009-06-02 10:38 . 2009-06-02 10:38 -------- d-----w- c:\documents and settings\JORDY\Application Data\Malwarebytes 2009-06-02 10:38 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-02 10:38 . 2009-06-02 10:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-02 10:38 . 2009-06-02 10:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-06-02 10:38 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-01 10:07 . 2009-06-02 10:45 -------- d-----w- c:\windows\dhcp 2009-06-01 10:07 . 2009-06-02 08:37 -------- d-sh--r- c:\program files\MicPhone 2009-05-25 19:12 . 2009-05-25 19:12 -------- d-----w- c:\documents and settings\JORDY\Local Settings\Application Data\Nemex 2009-05-22 11:34 . 2009-05-22 11:35 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-05-22 11:34 . 2009-05-22 11:34 -------- d-----w- c:\program files\NOS 2009-05-18 18:56 . 2008-03-21 11:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll 2009-05-18 18:53 . 2009-05-18 18:53 -------- d-----w- c:\documents and settings\JORDY\Application Data\Nokia 2009-05-18 18:52 . 2009-05-18 19:01 -------- d-----w- c:\documents and settings\JORDY\Application Data\PC Suite 2009-05-18 18:52 . 2009-05-18 19:00 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite 2009-05-18 18:49 . 2009-05-18 18:49 -------- d-----w- c:\program files\Common Files\PCSuite 2009-05-18 18:48 . 2009-05-18 18:49 -------- d-----w- c:\program files\Common Files\Nokia 2009-05-18 18:48 . 2009-05-18 18:48 -------- d-----w- c:\program files\DIFX 2009-05-18 18:48 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys 2009-05-18 18:47 . 2009-05-18 18:48 -------- d-----w- c:\program files\PC Connectivity Solution 2009-05-18 18:47 . 2009-02-09 05:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys 2009-05-18 18:47 . 2009-02-09 05:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys 2009-05-18 18:47 . 2009-02-09 05:37 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys 2009-05-18 18:47 . 2009-02-09 05:37 659968 ----a-w- c:\windows\system32\nmwcdcocls.dll 2009-05-18 18:47 . 2009-02-09 05:37 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys 2009-05-18 18:47 . 2009-02-09 05:32 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll 2009-05-18 18:47 . 2009-05-19 18:17 -------- d-----w- c:\program files\Nokia 2009-05-18 18:47 . 2009-05-18 18:44 34396584 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_eng_web.exe 2009-05-18 18:46 . 2009-05-18 18:46 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe 2009-05-18 18:46 . 2009-05-18 18:46 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe 2009-05-18 18:46 . 2009-05-18 18:46 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe 2009-05-18 18:46 . 2009-05-18 18:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations 2009-05-18 16:58 . 2004-08-04 05:08 25600 -c--a-w- c:\windows\system32\dllcache\usbser.sys 2009-05-18 16:58 . 2004-08-04 05:08 25600 ----a-w- c:\windows\system32\drivers\usbser.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-02 18:00 . 2003-04-08 12:00 182912 ----a-w- c:\windows\system32\drivers\ndis.sys 2009-05-30 14:08 . 2009-01-01 11:57 -------- d-----w- c:\documents and settings\JORDY\Application Data\dvdcss 2009-05-22 11:37 . 2004-11-11 15:03 -------- d-----w- c:\program files\Common Files\Adobe 2009-05-22 11:30 . 2004-11-11 15:03 -------- d-----w- c:\documents and settings\JORDY\Application Data\AdobeUM 2009-05-19 18:17 . 2004-09-10 14:35 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-18 18:56 . 2009-05-18 18:56 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-05-18 18:56 . 2009-05-18 18:56 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2009-05-18 16:48 . 2009-05-18 16:48 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2009-05-14 19:12 . 2009-05-01 13:10 -------- d-----w- c:\documents and settings\JORDY\Application Data\Skype 2009-05-14 15:57 . 2009-05-01 13:11 -------- d-----w- c:\documents and settings\JORDY\Application Data\skypePM 2009-05-01 13:11 . 2009-05-01 13:11 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2009-05-01 13:09 . 2009-05-01 13:09 -------- d-----r- c:\program files\Skype 2009-05-01 13:09 . 2009-05-01 13:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2009-05-01 13:09 . 2009-05-01 13:09 -------- d-----w- c:\program files\Common Files\Skype 2009-04-15 17:35 . 2003-04-08 12:00 86132 ----a-w- c:\windows\system32\perfc013.dat 2009-04-15 17:35 . 2003-04-08 12:00 497310 ----a-w- c:\windows\system32\perfh013.dat 2009-03-06 14:47 . 2003-04-08 12:00 285184 ----a-w- c:\windows\system32\pdh.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-24 5537792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360] "ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [BU] c:\documents and settings\JORDY\Menu Start\Programma's\Opstarten\ Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-5-26 3450608] c:\documents and settings\All Users\Application Data\Microsoft\Shortcuts\ ACER WLAN 11g USB Utility.lnk - c:\program files\ACER Technology Corporation\ACER WLAN 11g USB adapter\ACERWlan.exe [2004-11-11 442368] hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456] hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-28 805392] VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2004-9-10 565248] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTServ] 2008-05-02 01:41 145936 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTServ.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 01:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] 2001-12-20 21:34 24576 ----a-w- c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\wbsys.dll HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "MIDI1"= SYNCOR11.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\liveupd.exe"= "f:\\Steam\\steamapps\\necron\\counter-strike\\hl.exe"= "f:\\Soulseek\\slsk.exe"= "f:\\mIRC\\mirc.exe"= "f:\\Cabal Online\\launcher\\update\\ESTdnheadless.exe"= "f:\\CuteFTP\\ftpte.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "f:\\Trackmania Nations Forever\\TmForever.exe"= "f:\\Ghost Recon Advanced Warfighter\\graw.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5/07/2006 14:46 63352] R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [10/09/2004 16:50 77312] R1 ANVIOCTL;ANVIOCTL;c:\windows\system32\drivers\anvioctl.sys [11/11/2004 17:27 233816] R3 als4k;Avance Audio Miniport Driver (WDM);c:\windows\system32\drivers\als4000.sys [26/05/2008 19:45 28919] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [26/05/2008 20:12 62064] S3 Cap713x;Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [11/09/2004 15:12 328320] S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [22/05/2009 13:34 33176] S3 phil2vid;Philips USB VGA-camera;c:\windows\system32\drivers\philcam2.sys [11/11/2004 15:12 173696] S3 ZD1211U(ACER);ACER WLAN 11g USB Adapter(ACER);c:\windows\system32\drivers\ZD1211U.sys [11/11/2004 15:13 233472] S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\fsfilter.sys [26/05/2008 20:12 39792] S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\fsrec.sys [26/05/2008 20:12 25200] . Inhoud van de 'Gedeelde Taken' map 2009-05-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-05-05 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8236099608.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52] 2009-05-05 c:\windows\Tasks\WebReg 20090505180037.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe [2003-04-06 00:01] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uInternet Settings,ProxyServer = http=localhost:7171 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Verzenden naar &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - c:\documents and settings\JORDY\Application Data\Mozilla\Firefox\Profiles\5hi53tun.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - prefs.js: network.proxy.http - localhost FF - prefs.js: network.proxy.http_port - 7171 FF - prefs.js: network.proxy.type - 1 FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll FF - plugin: f:\quicktime\Plugins\npqtplugin.dll FF - plugin: f:\quicktime\Plugins\npqtplugin2.dll FF - plugin: f:\quicktime\Plugins\npqtplugin3.dll FF - plugin: f:\quicktime\Plugins\npqtplugin4.dll FF - plugin: f:\quicktime\Plugins\npqtplugin5.dll FF - plugin: f:\quicktime\Plugins\npqtplugin6.dll FF - plugin: f:\quicktime\Plugins\npqtplugin7.dll FF - plugin: f:\videolan\VLC\npvlc.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-02 21:56 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-1417001333-1078081533-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-1417001333-1078081533-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] @Denied: (Full) (LocalSystem) [HKEY_USERS\S-1-5-21-1417001333-1078081533-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:f1,b4,61,6b,df,30,07,d9,cb,b5,ef,17,ff,cf,f0,18,3e,86,54,97,b6,be,d8, 9e,46,b2,06,69,56,5c,ba,fa,7a,1c,f2,37,b8,24,5f,c2,65,c3,9d,cb,0d,1f,2d,1a,\ "??"=hex:f3,75,1f,3c,82,0b,d4,fe,dd,59,06,4e,80,01,a8,e2 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(616) c:\program files\Common Files\Logitech\Bluetooth\lbtserv.dll c:\program files\common files\logitech\bluetooth\LBTWlgn.dll c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll - - - - - - - > 'explorer.exe'(2748) c:\program files\Stardock\ObjectDock\DockShellHook.dll c:\program files\Logitech\SetPoint\GameHook.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\System32\btncopy.dll c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Common Files\Logitech\Bluetooth\LBTServ.exe c:\windows\system32\WudfHost.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\asuskbservice.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\F-Secure\Anti-Virus\fsgk32st.exe c:\program files\F-Secure\Anti-Virus\fsgk32.exe c:\program files\F-Secure\common\FSMA32.EXE c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\program files\F-Secure\common\FSMB32.EXE c:\windows\system32\nvsvc32.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\program files\F-Secure\common\FCH32.EXE c:\program files\F-Secure\Anti-Virus\fssm32.exe c:\program files\F-Secure\Anti-Virus\fsqh.exe c:\program files\F-Secure\common\FAMEH32.EXE c:\program files\F-Secure\common\FNRB32.exe c:\windows\system32\wscntfy.exe c:\program files\F-Secure\common\FIH32.exe c:\program files\F-Secure\FSAUA\program\fsaua.exe c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe c:\program files\F-Secure\Anti-Virus\fsav32.exe . ************************************************************************** . Voltooingstijd: 2009-06-02 22:00 - machine werd herstart ComboFix-quarantined-files.txt 2009-06-02 20:00 ComboFix2.txt 2009-06-02 19:49 ComboFix3.txt 2009-06-02 18:02 Pre-Run: 13.612.367.872 bytes beschikbaar Post-Run: 13.597.331.456 bytes beschikbaar 269 --- E O F --- 2009-05-13 20:34