ComboFix 08-06-20.4 - Compaq_Eigenaar 2008-07-01 18:48:16.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.576 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\Compaq_Eigenaar\Bureaublad\ComboFix.exe Command switches used :: C:\Documents and Settings\Compaq_Eigenaar\Bureaublad\CFScript.txt..txt * Nieuw herstelpunt werd aangemaakt FILE :: C:\WINDOWS\BMc34a3f86.xml C:\WINDOWS\system32\gagchbfu.dll C:\WINDOWS\system32\gsdbayvv.dll C:\WINDOWS\system32\hnppomxr.dll C:\WINDOWS\system32\trsbvetv.dll C:\WINDOWS\system32\vkugorwa.dll . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Ssk.log C:\WINDOWS\BMc34a3f86.xml C:\WINDOWS\pskt.ini C:\WINDOWS\system32\gagchbfu.dll C:\WINDOWS\system32\gsdbayvv.dll C:\WINDOWS\system32\hnppomxr.dll C:\WINDOWS\system32\trsbvetv.dll . (((((((((((((((((((( Bestanden Gemaakt van 2008-06-01 to 2008-07-01 )))))))))))))))))))))))))))))) . 2039-10-12 20:42 . 2039-10-12 20:42 3,120 --a------ C:\WINDOWS\MF_C421.lfa 2039-10-12 20:42 . 2039-10-12 20:42 3,120 --a------ C:\WINDOWS\MF_C420.lfa 2008-07-01 18:42 . 2008-07-01 18:42 d-------- C:\WINDOWS\LastGood.Tmp 2008-06-21 19:22 . 2008-06-21 19:22 127 --a------ C:\WINDOWS\system32\MRT.INI 2008-06-18 19:57 . 2008-06-18 19:57 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-06-18 19:57 . 2008-06-18 19:57 d-------- C:\Documents and Settings\Compaq_Eigenaar\Application Data\Malwarebytes 2008-06-18 19:57 . 2008-06-18 19:57 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-06-18 19:57 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-06-18 19:57 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-06-12 16:54 . 2008-06-12 16:54 d-------- C:\Program Files\America's Army Server Manager 2008-06-12 16:52 . 2008-06-22 11:00 d-------- C:\Program Files\America's Army 2008-06-12 09:49 . 2008-06-14 19:36 272,640 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-12 09:49 . 2008-05-08 16:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-06-11 11:53 . 2002-07-30 21:38 647,168 --a------ C:\WINDOWS\system32\cdr.dll 2008-06-05 13:44 . 2008-06-05 13:44 d-------- C:\Archivos de programa 2008-06-05 13:43 . 2008-06-12 11:29 d-------- C:\Program Files\eMule 2008-06-01 15:30 . 2008-06-01 15:30 d-------- C:\Taccels 2008-06-01 15:30 . 2008-06-01 15:30 d-------- C:\Program Files\TAC 2008-06-01 15:30 . 2008-06-02 12:45 d-------- C:\Documents and Settings\Compaq_Eigenaar\Application Data\TAC 2008-06-01 15:30 . 2006-05-08 09:54 132,880 --a------ C:\WINDOWS\system32\msinet.ocx . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-01 16:47 --------- d-----w C:\Documents and Settings\Compaq_Eigenaar\Application Data\OpenOffice.org2 2008-07-01 16:42 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-06-29 14:19 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-06-25 15:51 --------- d-----w C:\Documents and Settings\Compaq_Eigenaar\Application Data\AdobeUM 2008-06-24 09:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-06-22 22:36 --------- d-----w C:\Program Files\NCH Swift Sound 2008-06-22 22:01 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-22 14:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-06-20 11:35 --------- d-----w C:\Documents and Settings\Compaq_Eigenaar\Application Data\LimeWire 2008-06-14 17:36 272,640 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-11 09:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound 2008-06-06 09:00 --------- d-----w C:\Program Files\BitComet 2008-05-19 15:57 --------- d-----w C:\Program Files\MessengerDiscovery 2008-05-17 13:39 --------- d-----w C:\Program Files\Apple Software Update 2008-05-17 13:39 --------- d-----w C:\Documents and Settings\Compaq_Eigenaar\Application Data\Apple Computer 2008-05-17 11:23 --------- d-----w C:\Program Files\Ashampoo 2008-05-17 11:23 --------- d-----w C:\Documents and Settings\Compaq_Eigenaar\Application Data\Ashampoo 2008-05-17 10:27 --------- d-----w C:\Program Files\Windows Journal Viewer 2008-05-17 10:27 --------- d-----w C:\Program Files\GameSpy Arcade 2008-05-17 10:23 --------- d-----w C:\Program Files\Opera 9.5 beta 2008-05-15 18:49 --------- d-----w C:\Program Files\MSN Messenger 2008-05-15 18:49 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-05-08 16:07 --------- d-----w C:\Program Files\Common Files\Adobe 2008-05-08 16:07 --------- d-----w C:\Program Files\Bonjour 2008-05-08 15:57 --------- d-----w C:\Program Files\Common Files\Macrovision Shared 2008-05-08 15:14 --------- d-----w C:\Program Files\PokerStars 2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-04 10:09 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-04 08:44 --------- d-----w C:\Program Files\Gpotato 2008-05-04 08:42 --------- d-----w C:\Program Files\3D Online Pool 2008-05-01 18:57 --------- d-----w C:\Program Files\Common Files\INCA Shared 2008-04-14 17:03 70,144 ----a-w C:\WINDOWS\notepad.exe 2008-04-14 17:03 32,866 ------w C:\WINDOWS\slrundll.exe 2008-04-14 17:03 287,232 ----a-w C:\WINDOWS\winhlp32.exe 2008-04-14 17:03 153,088 ----a-w C:\WINDOWS\regedit.exe 2008-04-14 17:03 10,752 ----a-w C:\WINDOWS\hh.exe 2008-04-14 17:02 50,688 ----a-w C:\WINDOWS\twain_32.dll 2008-04-14 17:02 1,037,312 ----a-w C:\WINDOWS\explorer.exe 2008-03-06 14:22 56 --sha-w C:\Documents and Settings\All Users\Application Data\dc64vg9.sys 2008-02-28 21:55 22,328 ----a-w C:\Documents and Settings\Compaq_Eigenaar\Application Data\PnkBstrK.sys 2005-07-29 14:24 472 -csha-r C:\WINDOWS\TWFyayBOb3JicnVpcw\nqIVuV1ivaL2wBpDwT.vbs . ((((((((((((((((((((((((((((( snapshot@2008-06-24_11.59.08.37 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-24 09:52:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-07-01 16:52:25 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2008-06-23 19:04:29 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe + 2008-06-29 14:19:04 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-02-01 09:20 2194744] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PS2"="C:\WINDOWS\system32\ps2.exe" [2003-09-12 21:13 98304] "AlcWzrd"="ALCWZRD.EXE" [2005-02-18 22:32 2754560 C:\WINDOWS\ALCWZRD.EXE] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-02-21 20:28 100056] "ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-02-21 18:22 58984] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Eigenaar^Menu Start^Programma's^Opstarten^OpenOffice.org 2.3 .lnk] path=C:\Documents and Settings\Compaq_Eigenaar\Menu Start\Programma's\Opstarten\OpenOffice.org 2.3 .lnk backup=C:\WINDOWS\pss\OpenOffice.org 2.3 .lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2005-07-14 15:09 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] --a------ 2004-06-29 19:06 88363 C:\WINDOWS\AGRSMMSG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet] --a------ 2008-02-01 09:20 2194744 C:\Program Files\BitComet\BitComet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a------ 2007-02-21 18:22 58984 c:\Program Files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-02-14 01:09 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] --a------ 2003-10-23 20:51 233472 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2003-06-25 12:24 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv] --a------ 1998-05-07 18:04 52736 c:\windows\system\hpsysdrv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2004-10-14 00:04 278528 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD] C:\HP\KBD\KBD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] --a------ 2007-02-08 02:13 774168 C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3] --a------ 2008-02-20 23:50 190024 C:\Program Files\MessengerPlus! 3\MsgPlus.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-04-14 19:03 1695232 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] --a------ 2007-11-09 14:16 688128 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2005-01-02 01:54 98304 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard] --a------ 2004-04-14 22:43 233472 C:\WINDOWS\SMINST\RECGUARD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder] --a------ 2004-12-14 02:23 663552 C:\Windows\Creator\Remind_XP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sclauncher] --a------ 2007-01-30 11:43 94208 C:\Program Files\SimpleCenter\bin\win\sclauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Snelkoppeling naar eigenschappenvenster voor High Definition Audio] --a------ 2004-03-18 00:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2005-02-21 22:49 90112 C:\WINDOWS\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "LightScribeService"=2 (0x2) "iPodService"=3 (0x3) "WLSetupSvc"=3 (0x3) "usnjsvc"=3 (0x3) "LiveUpdate"=3 (0x3) "LVSrvLauncher"=2 (0x2) "LVPrcSrv"=2 (0x2) "WMPNetworkSvc"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "25558:TCP"= 25558:TCP:BitComet 25558 TCP "25558:UDP"= 25558:UDP:BitComet 25558 UDP "3167:TCP"= 3167:TCP:*:Disabled:SolidNetworkManager "3167:UDP"= 3167:UDP:*:Disabled:SolidNetworkManager "43577:TCP"= 43577:TCP:*:Disabled:SolidNetworkManager "43577:UDP"= 43577:UDP:*:Disabled:SolidNetworkManager "64507:TCP"= 64507:TCP:*:Disabled:SolidNetworkManager "64507:UDP"= 64507:UDP:*:Disabled:SolidNetworkManager S3 PRISM_A00;Wireless PCI 802.11b/g adapter WN4201B Driver;C:\WINDOWS\system32\DRIVERS\PCTELSAP.SYS [2004-11-30 20:54] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5eb9676c-fa63-11dc-8545-0013d42048e4}] \Shell\AutoRun\command - L:\v.exe \Shell\explore\Command - L:\v.exe \Shell\open\Command - L:\v.exe . Inhoud van de 'Gedeelde Taken' map "2008-06-27 11:16:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-06-27 13:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job" - C:\Program Files\Norton Security Scan\Nss.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-01 18:53:00 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Common Files\Symantec Shared\Security Center\symwsc.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe . ************************************************************************** . Voltooingstijd: 2008-07-01 19:00:47 - machine was rebooted [Compaq_Eigenaar] ComboFix-quarantined-files.txt 2008-07-01 17:00:36 ComboFix2.txt 2008-06-24 09:59:52 ComboFix3.txt 2008-01-25 17:45:58 ComboFix4.txt 2008-01-25 11:38:37 ComboFix5.txt 2008-01-24 22:39:21 Pre-Run: 123,580,534,784 bytes beschikbaar Post-Run: 123,568,164,864 bytes beschikbaar 256 --- E O F --- 2008-06-21 22:14:32