ComboFix 09-07-25.05 - Michel van Gerwen 26-07-2009 14:06.1.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1014.441 [GMT 2:00] Gestart vanuit: F:\ComboFix.exe AV: Norton 360 *On-access scanning disabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4} FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycler\NPROTECT D:\Autorun.inf . (((((((((((((((((((( Bestanden Gemaakt van 2009-06-26 to 2009-07-26 )))))))))))))))))))))))))))))) . 2009-07-26 11:42 . 2009-07-26 11:58 -------- d--h--r- c:\documents and settings\Michel van Gerwen\Onlangs geopend 2009-07-26 11:32 . 2009-07-26 11:37 -------- d-----w- C:\CCleaner logfile 2009-07-26 11:29 . 2009-07-26 11:29 -------- d-----w- c:\program files\CCleaner 2009-07-26 10:49 . 2009-07-26 10:49 -------- d-----w- c:\documents and settings\Michel van Gerwen\Application Data\Malwarebytes 2009-07-26 10:48 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-26 10:48 . 2009-07-26 10:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-07-26 10:48 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-26 10:48 . 2009-07-26 11:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-26 10:25 . 2009-07-26 10:30 -------- d-----w- c:\documents and settings\Michel van Gerwen\Local Settings\Application Data\ToggleEN 2009-07-26 10:25 . 2009-07-26 10:25 -------- d-----w- c:\program files\Conduit 2009-07-26 10:25 . 2009-07-26 10:25 -------- d-----w- c:\documents and settings\Michel van Gerwen\Local Settings\Application Data\Conduit 2009-07-26 10:25 . 2009-07-26 10:25 -------- d-----w- c:\program files\ToggleEN 2009-07-22 20:17 . 2009-07-22 20:17 -------- d-----w- c:\program files\Windows Defender 2009-07-22 19:59 . 2009-07-22 19:59 -------- d-----w- c:\program files\Enigma Software Group 2009-07-22 19:25 . 2009-07-26 11:09 -------- d-----w- c:\documents and settings\All Users\Application Data\15143904 2009-07-18 20:12 . 2009-07-09 11:34 4937040 ----a-w- c:\documents and settings\Michel van Gerwen\Application Data\TomTom\HOME\Profiles\fiss2l8n.default\extensions\Navcore.8.414.1239@tomtom.com\8-414-1239-1.dll 2009-07-18 18:50 . 2009-03-19 13:07 4937040 ----a-w- c:\documents and settings\Michel van Gerwen\Application Data\TomTom\HOME\Profiles\fiss2l8n.default\extensions\Navcore.8.411.1219@tomtom.com\8-411-1219-1.dll 2009-07-10 19:40 . 2009-07-10 19:58 -------- d-----w- C:\CD_4_Vanalles 2009-07-10 19:13 . 2009-07-10 19:27 -------- d-----w- C:\CD_3_Heavy_2 2009-07-10 18:57 . 2009-07-10 19:01 -------- d-----w- C:\CD_2_90s 2009-07-10 18:29 . 2009-07-10 18:49 -------- d-----w- C:\CD_1_Heavy 2009-07-04 18:25 . 2009-07-04 18:26 -------- d-----w- c:\program files\LimeWire 2009-06-26 20:26 . 2009-06-26 20:26 -------- d-----w- c:\documents and settings\All Users\Application Data\TomTom 2009-06-26 20:26 . 2009-06-26 20:26 -------- d-----w- c:\documents and settings\Michel van Gerwen\Local Settings\Application Data\TomTom 2009-06-26 20:26 . 2009-06-26 20:26 -------- d-----w- c:\documents and settings\Michel van Gerwen\Application Data\TomTom 2009-06-26 20:25 . 2009-06-26 20:25 -------- d-----w- c:\program files\TomTom International B.V 2009-06-26 20:25 . 2009-06-26 20:25 -------- d-----w- c:\program files\TomTom HOME 2 2009-06-26 20:24 . 2009-06-26 20:24 -------- d-----w- c:\program files\TomTom DesktopSuite . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-26 10:30 . 2006-06-15 17:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-06-23 14:42 . 2006-11-14 18:08 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-06-16 14:40 . 2004-08-04 08:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:40 . 2004-08-04 08:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-03 19:11 . 2004-08-04 08:00 1295360 ----a-w- c:\windows\system32\quartz.dll 2009-05-07 15:34 . 2004-08-04 08:00 347136 ----a-w- c:\windows\system32\localspl.dll 2009-04-29 04:46 . 2004-08-04 08:00 669696 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:46 . 2004-08-04 08:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-03-30 19:25 . 2009-03-30 19:25 8946541 ----a-w- c:\program files\MuziicSetup.exe 2009-03-16 12:35 . 2009-03-16 12:35 525128 ----a-w- c:\program files\DXSETUP.exe 2009-03-16 12:35 . 2009-03-16 12:35 94024 ----a-w- c:\program files\DSETUP.dll 2006-11-18 11:21 . 2006-11-18 11:21 43004980 ----a-w- c:\program files\NSWBE06901NL.exe 2006-11-18 11:15 . 2006-11-18 11:15 1048576 ----a-w- c:\program files\NIS07100NL.exe.xds 2006-10-02 14:03 . 2006-10-02 14:03 22 --sha-w- c:\windows\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTogg.dll" [2009-07-02 2215960] [HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}] 2009-07-02 08:18 2215960 ----a-w- c:\program files\ToggleEN\tbTogg.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTogg.dll" [2009-07-02 2215960] [HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{038CB5C7-48EA-4AF9-94E0-A1646542E62B}"= "c:\program files\ToggleEN\tbTogg.dll" [2009-07-02 2215960] [HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-09-01 376912] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-05 68856] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-06-03 251240] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] ""="c:\program files\Internet Explorer\iexplore.exe" [2008-04-14 93184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-03 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-03 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-03 118784] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-11 761945] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208] "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 409600] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-06-29 233534] "RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840] "Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-06 856064] "Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-03-14 116328] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2005-11-08 61952] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Acrobat Snelle start.lnk - c:\windows\Installer\{AC76BA86-1030-D700-7760-100000000002}\SC_Acrobat.exe [2006-10-23 25214] Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] HP Photosmart Premier Snelstart.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728] Microsoft Office.lnk - c:\ms office\Office\OSA9.EXE [2000-1-21 65588] Sitecom Wireless Utility.lnk - c:\program files\Sitecom\Wireless Network USB Adapter 54G WL-113_002\Installer\WLANUTL.EXE [2006-9-26 909312] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoViewOnDrive"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"= "c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\system32\\ftp.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26108:TCP"= 26108:TCP:BitComet 26108 TCP "26108:UDP"= 26108:UDP:BitComet 26108 UDP R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [3-6-2009 14:46 92008] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 19:19 13592] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [26-2-2009 12:45 101936] --- Andere Services/Drivers In Geheugen --- *NewlyCreated* - COMHOST . Inhoud van de 'Gedeelde Taken' map 2009-07-18 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34] 2009-07-26 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20] . . ------- Bijkomende Scan ------- . uStart Page = www.ld.nl/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/ uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Converteren naar Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Converteren naar bestaand PDF-bestand - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Geselecteerde koppelingen converteren naar Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Koppelingdoel converteren naar Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Koppelingdoel converteren naar bestaand PDF-bestand - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Selectie converteren naar Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Selectie converteren naar bestaand PDF-bestand - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} - hxxp://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-26 14:14 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?????? ???B?????????????hLC? ?????? scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-1942263703-3723316243-2480699287-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . Voltooingstijd: 2009-07-26 14:17 ComboFix-quarantined-files.txt 2009-07-26 12:17 Pre-Run: 50.157.871.104 bytes beschikbaar Post-Run: 51.750.346.752 bytes beschikbaar WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 195 --- E O F --- 2009-07-26 10:27