ComboFix 08-03-10.1 - Lien 2008-03-13 22:01:19.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.121 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Lien\Bureaublad\ComboFix.exe Command switches used :: C:\Documents and Settings\Lien\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt [color=red][b]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b][/color] FILE :: C:\WINDOWS\system32\qpmgew.exe C:\WINDOWS\whsyst32.exe C:\WINDOWS\winsyn32.dll File::C:\WINDOWS\mrofinu1423.exe.tmp . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\qpmgew.exe C:\WINDOWS\whsyst32.exe C:\WINDOWS\winsyn32.dll . (((((((((((((((((((( Bestanden Gemaakt van 2008-02-13 to 2008-03-13 )))))))))))))))))))))))))))))) . 2008-03-13 20:18 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-03-13 20:16 . 2008-03-13 20:16 d-------- C:\Program Files\Common Files\Java 2008-03-12 22:57 . 2008-03-12 22:57 d-------- C:\Program Files\Trend Micro 2008-03-12 21:34 . 2008-03-13 12:20 37,376 --a------ C:\WINDOWS\mrofinu1423.exe.tmp 2008-03-02 20:55 . 2008-03-07 11:39 d-------- C:\VanDale 2008-02-28 18:29 . 2008-02-28 18:30 d-------- C:\Documents and Settings\Ann\Application Data\Canon 2008-02-27 17:17 . 2008-02-28 01:06 d-------- C:\WINDOWS\system32\nl-nl 2008-02-24 12:14 . 2008-02-24 12:14 d-------- C:\Documents and Settings\Lien\WINDOWS . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-13 19:18 --------- d-----w C:\Program Files\Java 2007-01-13 14:44 70,720 ----a-w C:\Documents and Settings\Ann\Application Data\GDIPFONTCACHEV1.DAT 2006-10-26 15:04 70,720 ----a-w C:\Documents and Settings\Lien\Application Data\GDIPFONTCACHEV1.DAT 2005-09-14 10:24 158 ----a-w C:\Documents and Settings\Casper\Application Data\wklnhst.dat 2005-09-14 10:24 158 ----a-w C:\Documents and Settings\Ann\Application Data\wklnhst.dat 2005-09-14 10:24 158 ----a-w C:\Documents and Settings\Lien\Application Data\wklnhst.dat 2005-09-14 09:18 8 --sh--r C:\WINDOWS\system32\6F4823E4A3.sys 2005-09-14 09:18 5,224 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( snapshot@2008-03-13_17.38.42.37 ))))))))))))))))))))))))))))))))))))))))) . - 2006-03-01 18:31:28 262,144 ---ha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat + 2008-03-13 18:57:15 262,144 ---ha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - 2006-09-07 12:14:36 49,248 ----a-w C:\WINDOWS\system32\java.exe + 2008-02-22 00:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe - 2006-09-07 12:14:46 53,346 ----a-w C:\WINDOWS\system32\javaw.exe + 2008-02-22 00:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe - 2006-09-07 13:51:24 127,078 ----a-w C:\WINDOWS\system32\javaws.exe + 2008-02-22 01:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe - 2008-02-04 23:09:46 18,214,008 ----a-w C:\WINDOWS\system32\MRT.exe + 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe - 2007-10-28 08:57:34 54,390 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-03-13 20:39:43 54,390 ----a-w C:\WINDOWS\system32\perfc009.dat - 2007-10-28 08:57:34 71,334 ----a-w C:\WINDOWS\system32\perfc013.dat + 2008-03-13 20:39:43 71,334 ----a-w C:\WINDOWS\system32\perfc013.dat - 2007-10-28 08:57:34 382,646 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-03-13 20:39:43 382,646 ----a-w C:\WINDOWS\system32\perfh009.dat - 2007-10-28 08:57:34 444,710 ----a-w C:\WINDOWS\system32\perfh013.dat + 2008-03-13 20:39:43 444,710 ----a-w C:\WINDOWS\system32\perfh013.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-29 09:33 68856] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 21:53 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-30 23:40 57344] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 16:07 61952 C:\WINDOWS\system32\HdAShCut.exe] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 18:51 53248] "RTHDCPL"="RTHDCPL.EXE" [2005-08-18 06:20 14820864 C:\WINDOWS\RTHDCPL.EXE] "AGRSMMSG"="AGRSMMSG.exe" [2005-08-24 15:24 88203 C:\WINDOWS\AGRSMMSG.exe] "LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 12:36 32768] "HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2005-08-17 09:05 61440] "CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 13:28 20480] "LMgrOSD"="C:\Program Files\Launch Manager\OSD.exe" [2005-03-16 12:52 204800] "Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2005-09-02 14:14 81920] "AntivirusRegistration"="C:\Program Files\CA\Etrust Antivirus\Register.exe" [2005-01-31 14:09 458752] "Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2004-04-06 16:14 504080] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 13:00 208952] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 13:00 59392] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00 455168] "SMSERIAL"="sm56hlpr.exe" [2005-09-16 14:01 557056 C:\WINDOWS\sm56hlpr.exe] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-10 18:04 761945] "RemoteControl"="C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768] "PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2005-11-10 11:33 139264] "InstantOn"="C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe" [2005-03-26 00:07 93640] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 16:28 49152] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 07:38 241664] "DXDllRegExe"="dxdllreg.exe" [] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-24 03:24 282624] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-25 14:54 229952] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-21 22:06 185896] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 12:16 185896] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 11:45 75304] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 04:19:24 237568] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "5E39J1V19L"= C:\WINDOWS\whsyst32.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%WinDir%\\system32\\fxsclnt.exe"= "%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe"= "%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe"= "%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe"= "%ProgramFiles%\\WIDCOMM\\Bluetooth Software\\BTTray.exe"= "C:\\Program Files\\Home Cinema\\PowerCinema\\PowerCinema.exe"= "C:\\Program Files\\Home Cinema\\PowerCinema\\PCMService.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 10:27] S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys [] S3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-06-08 02:35] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20f75870-4e76-11db-9a99-000ae4b10e0c}] \Shell\AutoRun\command - H:\LaunchU3.exe . Inhoud van de 'Gedeelde Taken' map "2008-03-12 09:36:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-13 22:04:03 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-03-13 22:04:50 ComboFix-quarantined-files.txt 2008-03-13 21:04:36 ComboFix2.txt 2008-03-13 16:39:05 . 2008-03-13 19:22:02 --- E O F ---