ComboFix 08-04-18.3 - Joost 2008-04-19 20:29:51.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.1622 [GMT 2:00] Gestart vanuit: H:\ComboFix.exe * Nieuw herstelpunt werd aangemaakt [color=red][b]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b][/color] . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . D:\Documents and Settings\Joost\Application Data\macromedia\Flash Player\#SharedObjects\M6HK4ZA9\iforex.com D:\Documents and Settings\Joost\Application Data\macromedia\Flash Player\#SharedObjects\M6HK4ZA9\iforex.com\Emerp\Events\flash_object.swf\user_data.sol D:\Documents and Settings\Joost\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com D:\Documents and Settings\Joost\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol D:\WINDOWS\pskt.ini D:\WINDOWS\system32\bwnqyyod.dll D:\WINDOWS\system32\bwvrvgqu.dll D:\WINDOWS\system32\ddcCVMcb.dll D:\WINDOWS\system32\lneilnyo.dll D:\WINDOWS\system32\mcrh.tmp D:\WINDOWS\system32\rdjldhjj.ini D:\WINDOWS\system32\rrsfpojy.dll D:\WINDOWS\system32\wsqorecl.ini . (((((((((((((((((((( Bestanden Gemaakt van 2008-03-19 to 2008-04-19 )))))))))))))))))))))))))))))) . 2008-04-19 20:12 . 2008-04-19 20:12 d-------- D:\Program Files\Malwarebytes' Anti-Malware 2008-04-19 20:12 . 2008-04-19 20:12 d-------- D:\Documents and Settings\Joost\Application Data\Malwarebytes 2008-04-19 20:12 . 2008-04-19 20:12 d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-04-19 19:20 . 2008-04-19 19:20 d-------- D:\Program Files\Trend Micro 2008-04-15 18:33 . 2008-04-16 09:34 354 ---hs---- D:\WINDOWS\system32\pcnhwnvu.ini 2008-04-15 01:58 . 2008-04-15 01:58 d-------- D:\Program Files\Windows Sidebar 2008-04-15 01:57 . 2008-04-15 02:19 d-------- D:\Program Files\Norton Internet Security 2008-04-15 01:55 . 2008-04-15 02:12 123,952 --a------ D:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-04-15 01:55 . 2008-04-15 02:12 60,800 --a------ D:\WINDOWS\system32\S32EVNT1.DLL 2008-04-15 01:55 . 2008-04-15 02:12 10,740 --a------ D:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-04-15 01:55 . 2008-04-15 02:12 805 --a------ D:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-04-15 01:54 . 2008-04-15 02:12 d-------- D:\Program Files\Symantec 2008-04-15 01:49 . 2008-04-15 01:50 d-------- D:\RegClean 2008-04-15 01:30 . 2008-04-15 01:30 d-------- D:\WINDOWS\system32\regdacl 2008-04-15 01:30 . 2008-04-16 09:46 90,112 --a------ D:\WINDOWS\system32\regdacl.exe 2008-04-15 01:30 . 2008-04-16 09:46 53,248 --a------ D:\WINDOWS\system32\process.exe 2008-04-15 01:30 . 2008-04-16 09:46 16,384 --a------ D:\WINDOWS\system32\restart.exe 2008-04-15 01:30 . 2008-04-16 09:46 4,096 --a------ D:\WINDOWS\system32\reboot.exe 2008-04-14 22:02 . 2008-04-19 20:22 dr-h----- D:\Documents and Settings\Joost\Onlangs geopend 2008-04-12 23:00 . 2008-04-19 14:59 109,111 --a------ D:\WINDOWS\BM3b0d81cf.xml 2008-04-07 20:01 . 2008-04-13 09:32 54,156 --ah----- D:\WINDOWS\QTFont.qfn 2008-04-07 20:01 . 2008-04-07 20:02 1,409 --a------ D:\WINDOWS\QTFont.for 2008-03-23 16:43 . 2008-04-03 20:02 1,324 --a------ D:\WINDOWS\system32\d3d9caps.dat . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-19 08:55 --------- d-----w D:\Program Files\UltimateZip 2008-04-16 11:59 --------- d--h--w D:\Program Files\InstallShield Installation Information 2008-04-16 08:20 --------- d-----w D:\Program Files\RegCleaner 2008-04-15 06:22 --------- d-----w D:\Program Files\Common Files\Symantec Shared 2008-04-15 00:15 --------- d-----w D:\Documents and Settings\All Users\Application Data\Symantec 2008-04-14 16:57 --------- d-----w D:\Documents and Settings\Joost\Application Data\Symantec 2008-04-14 15:49 --------- d-----w D:\Documents and Settings\Joost\Application Data\U3 2008-03-23 09:34 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP 2008-03-06 19:32 706 ----a-w D:\WINDOWS\system32\drivers\COH_Mon.inf 2008-03-06 19:32 23,904 ----a-w D:\WINDOWS\system32\drivers\COH_Mon.sys 2008-03-06 19:32 10,537 ----a-w D:\WINDOWS\system32\drivers\coh_mon.cat 2008-02-28 14:34 22,328 ----a-w D:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-02-28 20:34 1 ----a-w D:\Documents and Settings\Joost\SI.bin 2004-03-11 12:27 40,960 ----a-w D:\Program Files\Uninstall_CDS.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] 2007-08-24 21:51 316784 --a------ D:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] 2008-04-15 02:11 116088 --a------ D:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "D:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-24 21:51 316784] [HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= D:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 21:51 316784] [HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIDIA nTune"="D:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 12:32 81920] "ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="D:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048] "osCheck"="D:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 22:53 714608] "NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43 8466432] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:03 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SetDefaultMIDI"="MIDIDEF.exe" [2007-04-09 12:19 28672 D:\WINDOWS\system32\MIDIDEF.EXE] D:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcCVMcb] ddcCVMcb.dll [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk] path=D:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk backup=D:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^BTTray.lnk] path=D:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\BTTray.lnk backup=D:\WINDOWS\pss\BTTray.lnkCommon Startup [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^MediaChecker.lnk] path=D:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\MediaChecker.lnk backup=D:\WINDOWS\pss\MediaChecker.lnkCommon Startup [HKLM\~\startupfolder\D:^Documents and Settings^Joost^Menu Start^Programma's^Opstarten^UltimateZip Quick Start.lnk] path=D:\Documents and Settings\Joost\Menu Start\Programma's\Opstarten\UltimateZip Quick Start.lnk backup=D:\WINDOWS\pss\UltimateZip Quick Start.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] --------- 2004-08-04 10:03 110592 D:\WINDOWS\system32\bthprops.cpl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray] D:\Program Files\Creative\Shared Files\CAMTRAY.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet] D:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper] --a------ 2006-08-11 14:56 17920 D:\WINDOWS\CTHELPER.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol] D:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp] --a------ 2006-08-11 14:56 18944 D:\WINDOWS\system32\CTXFIHLP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2006-11-12 12:48 157592 D:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core] D:\Program Files\Electronic Arts\EA Downloader\Core.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] --------- 2002-07-10 11:32 1048576 D:\Program Files\Ahead\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2007-07-09 22:32 270648 D:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBBalloon] D:\Program Files\HOTALBUMMyBOX\MBBalloon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 18:24 1694208 D:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 12:34 5724184 D:\Program Files\Windows Live\Messenger\MsnMsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] --------- 2001-07-09 10:50 155648 D:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune] --a------ 2007-07-03 12:32 81920 D:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-06-29 00:43 81920 D:\WINDOWS\system32\NvMcTray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-06-29 00:43 1626112 D:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] D:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] --a------ 2004-09-23 13:41 860160 D:\Program Files\Analog Devices\SoundMAX\Smax4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] --a------ 2004-10-14 10:11 1388544 D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPAMfighter Agent] D:\Program Files\SPAMfighter\SFAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spywarefighterguard] D:\Program Files\SPYWAREfighter\spftray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WireLessMouse] D:\Program Files\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "iPodService"=3 (0x3) "ccEvtMgr"=2 (0x2) "BthServ"=2 (0x2) "BITS"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "D:\\Program Files\\Messenger\\msmsgs.exe"= "D:\\Games\\Company of Heroes Opposing Fronts\\RelicCOH.exe"= "D:\\Games\\World in Conflict\\wic.exe"= "D:\\Games\\World in Conflict\\wic_online.exe"= "D:\\Games\\World in Conflict\\wic_ds.exe"= "D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "D:\\Program Files\\iTunes\\iTunes.exe"= R0 BsStor;InCD Storage Helper Driver;D:\WINDOWS\system32\DRIVERS\bsstor.sys [2002-06-06 01:07] R0 PzWDM;PzWDM;D:\WINDOWS\system32\Drivers\PzWDM.sys [2007-07-17 11:33] R2 BsUDF;InCD UDF Driver;D:\WINDOWS\system32\drivers\BsUDF.sys [2002-07-10 11:35] R2 LiveUpdate Notice;LiveUpdate Notice;"D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [] S3 COH_Mon;COH_Mon;D:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32] S3 ctgame;Game Port;D:\WINDOWS\system32\DRIVERS\ctgame.sys [2002-12-30 10:53] S3 efipsk;efipsk;D:\DOCUME~1\Joost\LOCALS~1\Temp\efipsk.sys [] S3 KMWDFilter;KMWDFilter;D:\WINDOWS\System32\Drivers\KMWDFilter.SYS [2007-02-13 08:42] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{292de416-710f-11dc-bfe8-87a1a7d954df}] \Shell\AutoRun\command - G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{292de417-710f-11dc-bfe8-87a1a7d954df}] \Shell\Auto\command - J:\UFO.exe \Shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe *Newly Created Service* - COMHOST . Inhoud van de 'Gedeelde Taken' map "2008-04-14 23:00:50 D:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job" - D:\Program Files\AdwareAlert\AdwareAlert.ex - D:\Program Files\AdwareAlert "2008-04-08 15:07:00 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - D:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-04-15 00:05:27 D:\WINDOWS\Tasks\Norton Internet Security - Volledige systeemscan uitvoeren - Joost.job" - D:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK: . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-19 20:36:27 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 1 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . D:\WINDOWS\system32\LEXBCES.EXE D:\WINDOWS\system32\LEXPPS.EXE D:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe D:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe D:\WINDOWS\system32\nvsvc32.exe D:\WINDOWS\system32\PnkBstrA.exe D:\WINDOWS\system32\PnkBstrB.exe D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe D:\WINDOWS\system32\MsPMSPSv.exe . ************************************************************************** . Voltooingstijd: 2008-04-19 20:40:48 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-19 18:40:45 Pre-Run: 67,683,356,672 bytes beschikbaar Post-Run: 69,705,285,632 bytes beschikbaar 243 --- E O F --- 2008-04-12 10:58:03