ComboFix 09-11-16.03 - Eigenaar 16/11/2009 0:06.3.1 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.659 [GMT 1:00] Gestart vanuit: c:\documents and settings\Eigenaar.UW-6IQJEP381REK\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Eigenaar.UW-6IQJEP381REK\Bureaublad\CFScript.txt AV: Telenet Security Pack 8.00 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15} FW: Telenet Security Pack 8.00 *enabled* {D4747503-0346-49EB-9262-997542F79BF4} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_ocstjdj (((((((((((((((((((( Bestanden Gemaakt van 2009-10-15 to 2009-11-15 )))))))))))))))))))))))))))))) . 2009-11-15 20:03 . 2009-11-15 20:03 4045528 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-11-13 14:13 . 2009-11-13 14:16 -------- d-----w- c:\program files\Error Repair Professional 2009-11-12 17:13 . 2009-11-12 17:11 24416992 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_1.8.10NP.exe 2009-11-12 17:11 . 2009-11-12 17:11 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe 2009-11-12 17:11 . 2009-11-12 17:11 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe 2009-11-12 17:11 . 2009-11-12 17:11 3203453 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-15 22:30 . 2009-08-01 08:04 -------- d-----w- c:\program files\AntiMalware 2009-11-15 21:58 . 2009-03-23 11:59 37720 ----a-w- c:\documents and settings\Eigenaar.UW-6IQJEP381REK\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-15 20:04 . 2009-09-07 18:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-15 20:03 . 2009-02-27 11:51 -------- d-----w- c:\program files\Telenet Security Pack 2009-11-15 11:08 . 2009-04-12 17:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-11-15 11:06 . 2008-07-02 17:17 -------- d-----w- c:\program files\Microsoft Works 2009-11-12 17:19 . 2009-11-12 17:19 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2009-11-12 17:15 . 2009-09-23 19:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations 2009-11-12 17:14 . 2009-09-23 19:07 -------- d-----w- c:\program files\Common Files\Nokia 2009-11-12 17:14 . 2009-09-23 19:06 -------- d-----w- c:\program files\Nokia 2009-11-12 17:03 . 2009-09-23 19:09 -------- d-----w- c:\documents and settings\Eigenaar.UW-6IQJEP381REK\Application Data\Nokia 2009-10-27 05:01 . 2009-08-01 08:05 -------- d-----w- c:\documents and settings\Eigenaar.UW-6IQJEP381REK\Application Data\AntiMalware 2009-10-25 10:56 . 2002-11-11 23:37 84654 ----a-w- c:\windows\system32\perfc013.dat 2009-10-25 10:56 . 2002-11-11 23:37 474514 ----a-w- c:\windows\system32\perfh013.dat 2009-10-21 02:35 . 2002-11-11 17:07 -------- d-----w- c:\program files\Common Files\Adobe 2009-10-14 15:03 . 2009-10-14 15:03 2560 ----a-w- c:\windows\_MSRSTRT.EXE 2009-10-10 22:13 . 2009-09-07 19:30 -------- d-----w- c:\program files\PDG 4 2009-10-06 04:57 . 2009-07-29 16:19 -------- d-----w- c:\program files\DivX 2009-10-05 16:41 . 2008-12-30 20:03 -------- d-----w- c:\program files\Microsoft Silverlight 2009-10-05 16:17 . 2008-07-01 14:50 -------- d-----w- c:\program files\Java 2009-10-05 16:15 . 2009-10-05 16:15 152576 ----a-w- c:\documents and settings\Eigenaar.UW-6IQJEP381REK\Application Data\Sun\Java\jre1.6.0_16\lzma.dll 2009-10-03 11:01 . 2009-08-29 09:03 -------- d-----w- c:\program files\Microsoft SQL Server 2009-10-02 12:20 . 2009-10-02 12:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia 2009-09-30 18:27 . 2009-09-30 18:27 -------- d-----w- c:\program files\PC Connectivity Solution 2009-09-28 05:13 . 2008-10-14 22:44 -------- d-----w- c:\program files\Google 2009-09-27 20:18 . 2009-09-27 18:42 5276 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-09-27 20:18 . 2009-09-27 18:42 3260 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2009-09-27 20:18 . 2009-09-27 18:42 313632 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-09-27 20:18 . 2009-09-27 18:42 23328 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2009-09-27 19:53 . 2008-10-13 19:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-09-27 19:43 . 2009-09-27 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic 2009-09-27 17:37 . 2009-09-27 17:37 -------- d-----w- c:\documents and settings\Eigenaar.UW-6IQJEP381REK\Application Data\Simply Super Software 2009-09-27 17:37 . 2009-09-27 17:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software 2009-09-25 14:46 . 2009-09-25 14:46 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf 2009-09-23 19:13 . 2009-09-23 19:13 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf 2009-09-23 19:13 . 2009-09-23 19:09 -------- d-----w- c:\documents and settings\Eigenaar.UW-6IQJEP381REK\Application Data\PC Suite 2009-09-23 19:13 . 2009-09-23 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite 2009-09-23 19:13 . 2009-09-23 19:13 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2009-09-23 19:13 . 2009-09-23 19:13 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-09-23 19:08 . 2009-09-23 19:07 -------- d-----w- c:\program files\DIFX 2009-09-23 19:08 . 2009-09-23 19:08 -------- d-----w- c:\program files\Common Files\PCSuite 2009-09-23 19:05 . 2009-09-23 19:05 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe 2009-09-23 19:05 . 2009-09-23 19:05 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe 2009-09-23 19:05 . 2009-09-23 19:05 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe 2009-09-23 19:05 . 2009-09-23 19:05 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe 2009-09-23 19:05 . 2009-09-23 19:06 33700216 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_dut_web.exe 2009-09-23 18:37 . 2009-03-23 11:52 -------- d-----w- c:\documents and settings\Eigenaar.UW-6IQJEP381REK\Application Data\Samsung 2009-09-11 14:20 . 2008-06-27 19:08 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-10 13:54 . 2009-09-07 18:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 13:53 . 2009-09-07 18:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-04 21:05 . 2008-06-27 19:08 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 08:00 . 2008-06-27 19:10 916480 ------w- c:\windows\system32\wininet.dll 2009-08-26 08:02 . 2008-06-27 19:10 247326 ----a-w- c:\windows\system32\strmdll.dll 2003-08-24 12:21 . 2008-06-27 19:30 0 --sha-w- c:\windows\SMINST\HPCD.SYS . ((((((((((((((((((((((((((((( SnapShot_2009-11-15_21.46.18 ))))))))))))))))))))))))))))))))))))))))) . + 2009-11-15 23:13 . 2009-11-15 23:13 16384 c:\windows\temp\Perflib_Perfdata_790.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992] "PS2"="c:\windows\system32\ps2.exe" [2002-07-31 81920] "F-Secure Manager"="c:\program files\Telenet Security Pack\Common\FSM32.EXE" [2008-09-23 182936] "F-Secure TNB"="c:\program files\Telenet Security Pack\FSGUI\TNBUtil.exe" [2008-09-23 957024] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2008-09-17 13574144] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoThumbnailCache"= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background "ctfmon.exe"=c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "nwiz"=nwiz.exe /install "NvMediaCenter"=RUNDLL32.EXE c:\windows\System32\NvMcTray.dll,NvTaskbarInit "HPDJ Taskbar Utility"=c:\windows\System32\spool\drivers\w32x86\3\hpztsb08.exe "HotKeysCmds"=c:\windows\System32\hkcmd.exe "Ulead Memory Card Detector"=c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 Trial\Monitor.exe "StorageGuard"="c:\program files\VERITAS Software\Update Manager\sgtray.exe" /r [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [27/02/2009 13:02 33920] R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [27/02/2009 12:52 79904] R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Telenet Security Pack\HIPS\drivers\fshs.sys [27/02/2009 12:51 66720] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Telenet Security Pack\Anti-Virus\minifilter\fsgk.sys [27/02/2009 12:51 101496] R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Telenet Security Pack\ORSP Client\fsorsp.exe [27/02/2009 12:51 55904] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [23/09/2009 20:06 136704] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [23/09/2009 20:06 8320] S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Telenet Security Pack\Anti-Virus\win2k\fsfilter.sys [27/02/2009 12:51 39776] S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Telenet Security Pack\Anti-Virus\win2k\fsrec.sys [27/02/2009 12:51 25184] --- Andere Services/Drivers In Geheugen --- *Deregistered* - mbr . Inhoud van de 'Gedeelde Taken' map 2009-11-15 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] 2009-11-15 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] 2009-11-15 c:\windows\Tasks\Scheduled scanning task.job - c:\progra~1\TELENE~1\ANTI-V~1\fsav.exe [2009-02-27 13:35] 2009-11-15 c:\windows\Tasks\User_Feed_Synchronization-{4109936D-0037-4F72-A9E2-EF0E1E76C5C4}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.verkenner.be/ uInternet Settings,ProxyServer = pac.telenet.be:8080 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: c:\program files\Telenet Security Pack\FSPS\program\FSLSP.DLL DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {3E90FFF5-1347-45B9-91F6-DA47926E9697} - hxxp://www.telenet.be/tisp/ocx/PlaNetSysInfo.cab DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-16 00:14 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-2611295638-6121084-399379111-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(332) c:\program files\Telenet Security Pack\Spam Control\fsscoepl.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_dut.nlr c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Telenet Security Pack\Anti-Virus\fsgk32st.exe c:\program files\Telenet Security Pack\Anti-Virus\FSGK32.EXE c:\program files\Telenet Security Pack\Common\FSMA32.EXE c:\program files\Telenet Security Pack\Common\FSMB32.EXE c:\program files\Java\jre6\bin\jqs.exe c:\program files\Telenet Security Pack\Common\FCH32.EXE c:\windows\System32\nvsvc32.exe c:\program files\Telenet Security Pack\Common\FAMEH32.EXE c:\program files\Telenet Security Pack\Anti-Virus\fsqh.exe c:\program files\Telenet Security Pack\FSPC\fspc.exe c:\program files\Telenet Security Pack\FSAUA\program\fsaua.exe c:\program files\Telenet Security Pack\Anti-Virus\fssm32.exe c:\program files\Telenet Security Pack\FWES\Program\fsdfwd.exe c:\program files\Telenet Security Pack\FSAUA\program\fsus.exe c:\program files\Telenet Security Pack\FSGUI\fsguidll.exe c:\program files\Telenet Security Pack\Anti-Virus\fsav32.exe . ************************************************************************** . Voltooingstijd: 2009-11-16 00:21 - machine werd herstart ComboFix-quarantined-files.txt 2009-11-15 23:21 ComboFix2.txt 2009-11-15 21:47 ComboFix3.txt 2009-11-09 19:03 Pre-Run: 179.899.744.256 bytes beschikbaar Post-Run: 179.791.118.336 bytes beschikbaar - - End Of File - - 89A180DF6F380F691152F3E63A057636