ComboFix 09-11-08.03 - Eigenaar 09/11/2009 19:55.1.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.666 [GMT 1:00] Gestart vanuit: c:\documents and settings\Eigenaar.UW-6IQJEP381REK\Bureaublad\ComboFix.exe AV: Telenet Security Pack 8.00 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15} FW: Telenet Security Pack 8.00 *enabled* {D4747503-0346-49EB-9262-997542F79BF4} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Eigenaar.UW-6IQJEP381REK\Application Data\Desktopicon c:\program files\Downloaded Installers c:\program files\Downloaded Installers\{7EB6D433-8D45-4BFD-B3E6-D2790DEAC795}\setup.msi c:\recycler\S-1-5-21-3861122419-963235432-2021509678-1003 c:\recycler\S-1-5-21-967650614-25076854-1781745924-1003 c:\windows\system32\ps2.bat D:\Autorun.inf . (((((((((((((((((((( Bestanden Gemaakt van 2009-10-09 to 2009-11-09 )))))))))))))))))))))))))))))) . 2009-10-14 15:03 . 2009-10-14 15:03 2560 ----a-w- c:\windows\_MSRSTRT.EXE . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-09 17:10 . 2009-02-27 11:51 -------- d-----w- c:\program files\Telenet Security Pack 2009-10-29 18:11 . 2009-07-31 21:45 -------- d-----w- c:\documents and settings\Eigenaar.UW-6IQJEP381REK\Application Data\Reg Tool 2009-10-27 05:01 . 2009-08-01 08:05 -------- d-----w- c:\documents and settings\Eigenaar.UW-6IQJEP381REK\Application Data\AntiMalware 2009-10-27 05:01 . 2009-08-01 08:04 -------- d-----w- c:\program files\AntiMalware 2009-10-25 10:56 . 2002-11-11 23:37 84654 ----a-w- c:\windows\system32\perfc013.dat 2009-10-25 10:56 . 2002-11-11 23:37 474514 ----a-w- c:\windows\system32\perfh013.dat 2009-10-21 02:35 . 2002-11-11 17:07 -------- d-----w- c:\program files\Common Files\Adobe 2009-10-16 05:20 . 2009-07-31 21:44 -------- d-----w- c:\program files\Reg Tool 2009-10-15 06:35 . 2009-04-12 17:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-10-10 22:13 . 2009-09-07 19:30 -------- d-----w- c:\program files\PDG 4 2009-10-06 04:57 . 2009-07-29 16:19 -------- d-----w- c:\program files\DivX 2009-10-05 16:41 . 2008-12-30 20:03 -------- d-----w- c:\program files\Microsoft Silverlight 2009-10-05 16:17 . 2008-07-01 14:50 -------- d-----w- c:\program files\Java 2009-10-05 16:15 . 2009-10-05 16:15 152576 ----a-w- c:\documents and settings\Eigenaar.UW-6IQJEP381REK\Application Data\Sun\Java\jre1.6.0_16\lzma.dll 2009-10-03 11:01 . 2009-08-29 09:03 -------- d-----w- c:\program files\Microsoft SQL Server 2009-10-02 12:32 . 2009-09-23 19:07 -------- d-----w- c:\program files\Common Files\Nokia 2009-10-02 12:32 . 2009-09-23 19:06 -------- d-----w- c:\program files\Nokia 2009-10-02 12:32 . 2009-10-02 12:19 24504088 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\NokiaSoftwareUpdaterSetup_nl.exe 2009-10-02 12:20 . 2009-10-02 12:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia 2009-10-02 12:18 . 2009-10-02 12:18 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\msxml6Exec.exe 2009-10-02 12:18 . 2009-10-02 12:18 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\Sleep.exe 2009-10-02 12:18 . 2009-10-02 12:18 3181612 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\vcredistExec.exe 2009-10-02 12:18 . 2009-09-23 19:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations 2009-09-30 18:31 . 2009-09-23 19:09 -------- d-----w- c:\documents and settings\Eigenaar.UW-6IQJEP381REK\Application Data\Nokia 2009-09-30 18:27 . 2009-09-30 18:27 -------- d-----w- c:\program files\PC Connectivity Solution 2009-09-28 05:13 . 2008-10-14 22:44 -------- d-----w- c:\program files\Google 2009-09-27 20:18 . 2009-09-27 18:42 5276 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-09-27 20:18 . 2009-09-27 18:42 3260 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2009-09-27 20:18 . 2009-09-27 18:42 313632 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-09-27 20:18 . 2009-09-27 18:42 23328 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2009-09-27 19:53 . 2008-10-13 19:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-09-27 19:43 . 2009-09-27 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic 2009-09-27 18:07 . 2009-03-23 11:59 39344 ----a-w- c:\documents and settings\Eigenaar.UW-6IQJEP381REK\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-27 17:37 . 2009-09-27 17:37 -------- d-----w- c:\documents and settings\Eigenaar.UW-6IQJEP381REK\Application Data\Simply Super Software 2009-09-27 17:37 . 2009-09-27 17:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software 2009-09-25 14:46 . 2009-09-25 14:46 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf 2009-09-23 19:13 . 2009-09-23 19:13 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf 2009-09-23 19:13 . 2009-09-23 19:09 -------- d-----w- c:\documents and settings\Eigenaar.UW-6IQJEP381REK\Application Data\PC Suite 2009-09-23 19:13 . 2009-09-23 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite 2009-09-23 19:13 . 2009-09-23 19:13 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2009-09-23 19:13 . 2009-09-23 19:13 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-09-23 19:08 . 2009-09-23 19:07 -------- d-----w- c:\program files\DIFX 2009-09-23 19:08 . 2009-09-23 19:08 -------- d-----w- c:\program files\Common Files\PCSuite 2009-09-23 19:05 . 2009-09-23 19:05 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe 2009-09-23 19:05 . 2009-09-23 19:05 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe 2009-09-23 19:05 . 2009-09-23 19:05 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe 2009-09-23 19:05 . 2009-09-23 19:05 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe 2009-09-23 19:05 . 2009-09-23 19:06 33700216 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_dut_web.exe 2009-09-23 18:37 . 2009-03-23 11:52 -------- d-----w- c:\documents and settings\Eigenaar.UW-6IQJEP381REK\Application Data\Samsung 2009-09-11 14:20 . 2008-06-27 19:08 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:05 . 2008-06-27 19:08 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 09:57 . 2009-05-26 13:57 13470 ----a-w- c:\documents and settings\All Users\Application Data\xml1C.tmp 2009-08-29 09:57 . 2009-04-07 18:44 7918 ----a-w- c:\documents and settings\All Users\Application Data\xml2271.tmp 2009-08-29 09:57 . 2009-04-07 18:44 2311 ----a-w- c:\documents and settings\All Users\Application Data\xml2273.tmp 2009-08-29 08:00 . 2008-06-27 19:10 916480 ----a-w- c:\windows\system32\wininet.dll 2009-08-26 08:02 . 2008-06-27 19:10 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL 2003-08-24 12:21 . 2008-06-27 19:30 0 --sha-w- c:\windows\SMINST\HPCD.SYS . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992] "PS2"="c:\windows\system32\ps2.exe" [2002-07-31 81920] "F-Secure Manager"="c:\program files\Telenet Security Pack\Common\FSM32.EXE" [2008-09-23 182936] "F-Secure TNB"="c:\program files\Telenet Security Pack\FSGUI\TNBUtil.exe" [2008-09-23 957024] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2008-09-17 13574144] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoThumbnailCache"= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background "ctfmon.exe"=c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "nwiz"=nwiz.exe /install "NvMediaCenter"=RUNDLL32.EXE c:\windows\System32\NvMcTray.dll,NvTaskbarInit "HPDJ Taskbar Utility"=c:\windows\System32\spool\drivers\w32x86\3\hpztsb08.exe "HotKeysCmds"=c:\windows\System32\hkcmd.exe "Ulead Memory Card Detector"=c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 Trial\Monitor.exe "StorageGuard"="c:\program files\VERITAS Software\Update Manager\sgtray.exe" /r [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [27/02/2009 13:02 33920] R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [27/02/2009 12:52 79904] R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Telenet Security Pack\HIPS\drivers\fshs.sys [27/02/2009 12:51 66720] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Telenet Security Pack\Anti-Virus\minifilter\fsgk.sys [27/02/2009 12:51 101496] S0 ocstjdj;ocstjdj; [x] S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Telenet Security Pack\ORSP Client\fsorsp.exe [27/02/2009 12:51 55904] S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Telenet Security Pack\Anti-Virus\win2k\fsfilter.sys [27/02/2009 12:51 39776] S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Telenet Security Pack\Anti-Virus\win2k\fsrec.sys [27/02/2009 12:51 25184] --- Andere Services/Drivers In Geheugen --- *NewlyCreated* - MBR *NewlyCreated* - PROCEXP113 *Deregistered* - mbr *Deregistered* - PROCEXP113 . Inhoud van de 'Gedeelde Taken' map 2009-11-05 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] 2009-11-09 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] 2009-11-09 c:\windows\Tasks\Scheduled scanning task.job - c:\progra~1\TELENE~1\ANTI-V~1\fsav.exe [2009-02-27 13:35] 2009-11-09 c:\windows\Tasks\User_Feed_Synchronization-{4109936D-0037-4F72-A9E2-EF0E1E76C5C4}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.verkenner.be/ mStart Page = uInternet Settings,ProxyServer = pac.telenet.be:8080 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: c:\program files\Telenet Security Pack\FSPS\program\FSLSP.DLL DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {3E90FFF5-1347-45B9-91F6-DA47926E9697} - hxxp://www.telenet.be/tisp/ocx/PlaNetSysInfo.cab DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-09 20:01 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-2611295638-6121084-399379111-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . Voltooingstijd: 2009-11-09 20:03 ComboFix-quarantined-files.txt 2009-11-09 19:03 Pre-Run: 178.450.001.920 bytes beschikbaar Post-Run: 178.663.014.400 bytes beschikbaar WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn - - End Of File - - FC8EB4445F69AD12D3FE96761509B3A2