ComboFix 08-09-12.07 - fret en co 2008-09-13 14:08:38.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.639 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\fret en co\Bureaublad\ComboFix.exe Command switches used :: C:\Documents and Settings\fret en co\Bureaublad\CFScript.txt..txt * Nieuw herstelpunt werd aangemaakt [color=red][b]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b][/color] . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users.WINDOWS\Application Data\SweetIM C:\Documents and Settings\All Users.WINDOWS\Application Data\SweetIM\Messenger\conf\adapter.xml C:\Documents and Settings\All Users.WINDOWS\Application Data\SweetIM\Messenger\conf\autoupdate.xml C:\Documents and Settings\All Users.WINDOWS\Application Data\SweetIM\Messenger\conf\logger.xml C:\Documents and Settings\All Users.WINDOWS\Application Data\SweetIM\Messenger\conf\messages.xml C:\Documents and Settings\All Users.WINDOWS\Application Data\SweetIM\Messenger\conf\sweetim.xml C:\Documents and Settings\All Users.WINDOWS\Application Data\SweetIM\Messenger\conf\sweetimapp.xml C:\Documents and Settings\All Users.WINDOWS\Application Data\SweetIM\Messenger\conf\users\fretdo@hotmail.com\emoticons_shortcut.xml C:\Documents and Settings\All Users.WINDOWS\Application Data\SweetIM\Messenger\conf\users\fretdo@hotmail.com\user_config.xml C:\Documents and Settings\All Users.WINDOWS\Application Data\SweetIM\Messenger\conf\users\main_user_config.xml C:\Documents and Settings\All Users.WINDOWS\Application Data\SweetIM\Messenger\data\contentdb\cache_indx.dat C:\Documents and Settings\All Users.WINDOWS\Application Data\SweetIM\Toolbars\Internet Explorer\cache\f64a71f602d078aa84829e36b8992194.toolbar31.xml C:\WINDOWS\divx32.dll C:\WINDOWS\Internet Logs\xDB1.tmp C:\WINDOWS\Internet Logs\xDB2.tmp C:\WINDOWS\Internet Logs\xDB3.tmp C:\WINDOWS\MSBLT.EXE C:\WINDOWS\system32\bsc32.dll C:\WINDOWS\system32\CSRLT.EXE C:\WINDOWS\system32\LSASSMGR.EXE C:\WINDOWS\system32\LSSMON.EXE C:\WINDOWS\system32\spool.exe C:\WINDOWS\system32\srtsrv32.exe C:\WINDOWS\system32\upd01.exe . (((((((((((((((((((( Bestanden Gemaakt van 2008-08-13 to 2008-09-13 )))))))))))))))))))))))))))))) . 2008-09-12 07:58 . 2008-09-12 07:59 dr------- C:\Documents and Settings\LocalService.NT AUTHORITY\Favorieten 2008-09-11 15:27 . 2008-09-13 14:01 dr-h----- C:\Documents and Settings\fret en co\Onlangs geopend 2008-09-11 14:26 . 2008-09-12 23:20 5,903 --a------ C:\WINDOWS\system32\mssc32.dll 2008-09-10 21:33 . 2008-09-10 21:33 d-------- C:\Program Files\uTorrent 2008-09-10 21:33 . 2008-09-13 00:23 d-------- C:\Documents and Settings\fret en co\Application Data\uTorrent 2008-09-04 21:31 . 2008-09-04 21:31 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2008-09-04 21:04 . 2008-09-04 21:04 d-------- C:\Program Files\Rockstar Games 2008-08-23 23:57 . 2005-09-01 11:03 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys 2008-08-23 23:57 . 2005-09-01 11:03 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys 2008-08-23 23:56 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll 2008-08-23 23:56 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll 2008-08-23 23:56 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll 2008-08-23 23:56 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll 2008-08-23 23:56 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll 2008-08-18 19:56 . 2008-08-18 19:56 d-------- C:\DVD_VIDEO . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-13 11:53 --------- d-----w C:\Documents and Settings\fret en co\Application Data\WTablet 2008-09-12 17:18 2,602,853 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip 2008-09-12 12:42 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP 2008-09-12 12:38 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2008-09-12 06:21 --------- d-----w C:\Documents and Settings\fret en co\Application Data\OpenOffice.org2 2008-09-09 22:04 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-09 22:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys 2008-09-06 22:20 --------- d-----w C:\Documents and Settings\fret en co\Application Data\dvdcss 2008-09-04 19:04 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-31 19:40 --------- d-----w C:\Program Files\SubSync 2008-08-31 10:32 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8 2008-08-31 10:29 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys 2008-08-26 19:02 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink 2008-08-23 22:03 --------- d-----w C:\Program Files\Ahead 2008-08-18 17:56 --------- d-----w C:\Documents and Settings\fret en co\Application Data\RipIt4Me 2008-08-11 00:49 --------- d-----w C:\Program Files\PC Tune-Up 2008-08-06 01:03 --------- d-----w C:\Program Files\Windows Live 2008-08-06 01:02 --------- d-----w C:\Program Files\Java 2008-08-06 01:00 --------- d-----w C:\Program Files\BearFlix 2008-08-05 19:24 --------- d-----w C:\Documents and Settings\fret en co\Application Data\JustWrite Office 2008-08-05 17:20 --------- d-----w C:\Program Files\Tablet 2008-07-22 06:08 --------- d-----w C:\Program Files\MessenPass 2008-07-22 06:05 --------- d-----w C:\Program Files\Ares 2008-07-21 22:06 39,424 ----a-w C:\WINDOWS\zipinst.exe 2008-07-19 23:12 --------- d-----w C:\Documents and Settings\fret en co\Application Data\TuneUp Software 2008-07-13 18:44 --------- d-----w C:\Program Files\Zone Labs 2008-07-09 07:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll 2008-07-03 01:10 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll 2007-09-28 20:28 47,360 ----a-w C:\Documents and Settings\fret en co\Application Data\pcouffin.sys 2007-02-06 19:09 87,608 ----a-w C:\Documents and Settings\Eigenaar\Application Data\ezpinst.exe 2007-02-06 19:09 47,360 ----a-w C:\Documents and Settings\Eigenaar\Application Data\pcouffin.sys 2006-11-13 21:18 49 ----a-w C:\Documents and Settings\Eigenaar\Application Data\internaldb41.dat 2006-11-13 21:17 337 ----a-w C:\Documents and Settings\Eigenaar\Application Data\internaldb1942.dat 2006-11-12 20:09 20,480 ----a-w C:\Documents and Settings\Eigenaar\Application Data\internaldb4827.dat 2006-11-12 20:08 9,216 ----a-w C:\Documents and Settings\Eigenaar\Application Data\internaldb8467.dat 2006-11-12 20:08 0 ----a-w C:\Documents and Settings\Eigenaar\Application Data\internaldb6334.dat 2006-11-12 20:08 0 ----a-w C:\Documents and Settings\Eigenaar\Application Data\internaldb5436.dat 2006-07-15 21:01 6,144 --sha-w C:\Program Files\Thumbs.db 2007-05-22 17:14 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll 2007-05-22 17:17 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll . ((((((((((((((((((((((((((((( snapshot_2008-09-12_19.28.05.92 ))))))))))))))))))))))))))))))))))))))))) . - 2008-09-12 12:22:24 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat + 2008-09-12 22:16:00 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WUSB54GPv4"="C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\InvokeSvc3.exe" [2004-04-19 24576] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-16 163840] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-12-05 8523776] "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-02-10 155648] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-02-10 118784] "type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2003-05-16 114688] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-12-05 81920] "BootSkin Startup Jobs"="C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 270336] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-31 1235736] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 155648] "Cmaudio"="cmicnfg.cpl" [BU] "nwiz"="nwiz.exe" [2007-12-05 C:\WINDOWS\system32\nwiz.exe] "SoundMan"="SOUNDMAN.EXE" [2003-06-10 C:\WINDOWS\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360] C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\ LocalCooling.lnk - C:\Program Files\Uniblue\LocalCooling\localcooling2.exe [2008-02-29 5054464] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableChangePassword"= 0 (0x0) "DisableLockWorkstation"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoLogoff"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{93994DE8-8239-4655-B1D1-5F4E91300429}"= "C:\PROGRA~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.dvsd"= pdvcodec.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\firefox.exe] "Debugger"=C:\Program Files\Mozilla Firefox\firefoxe.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe] "Debugger"=C:\Program Files\Internet Explorer\iexplor.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\spoolsv.exe] "Debugger"=C:\WINDOWS\system32\spool.exe [HKLM\~\startupfolder\C:^Documents and Settings^fret en co^Menu Start^Programma's^Opstarten^Registration Brothers In Arms.LNK] path=C:\Documents and Settings\fret en co\Menu Start\Programma's\Opstarten\Registration Brothers In Arms.LNK backup=C:\WINDOWS\pss\Registration Brothers In Arms.LNKStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R200 Series] --a------ 2003-09-11 05:00 99840 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I0H2.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI] --a------ 2007-04-17 14:03 63048 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRC] --a------ 2007-09-20 11:16 2419200 C:\Program Files\PC Tune-Up\PCTuneUp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 15:40 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] -ra------ 2005-10-26 16:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wuauserv"=2 (0x2) "usnjsvc"=3 (0x3) "Messenger"=2 (0x2) "LogMeIn"=2 (0x2) "LMIMaint"=2 (0x2) "wscsvc"=2 (0x2) "SharedAccess"=2 (0x2) "mnmsrvc"=3 (0x3) "Avg7UpdSvc"=2 (0x2) "AASW2_Service"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Outlook Express"=C:\Program Files\Outlook Express\msimn.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler "nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" "snpstd"=C:\WINDOWS\vsnpstd.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Ares\\Ares.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "67:UDP"= 67:UDP:DHCP Discovery Service R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 63352] R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-31 97928] R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-31 875288] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-31 231704] R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-03 76040] R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 12856] R2 MarxDev1;MarxDev1;C:\WINDOWS\system32\drivers\MarxDev1.sys [2001-05-28 8864] R2 MarxDev2;MarxDev2;C:\WINDOWS\system32\drivers\MarxDev2.sys [2001-05-28 8864] R2 MarxDev3;MarxDev3;C:\WINDOWS\system32\drivers\MarxDev3.sys [2001-05-28 8864] R2 WUSB54GPv4SVC;WUSB54GPv4SVC;C:\Program Files\Wireless-G Portable USB Adapter Wireless Network Monitor\WLService.exe WUSB54GPv4.exe [ ] R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312] R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848] R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 11440] S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-06-05 13352] S3 kaspersky1;kaspersky1;C:\jaja\kaspersky\kaspersky.sys [ ] S3 ovt530;Webcam Classic;C:\WINDOWS\system32\Drivers\ov530vid.sys [ ] S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\z530bus.sys [2008-05-16 58288] S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z530mdfl.sys [2008-05-16 8336] S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\z530mdm.sys [2008-05-16 94064] S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\z530mgmt.sys [2008-05-16 85408] S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\z530obex.sys [2008-05-16 83344] S4 AutoSyncService;Memeo AutoSync ;C:\Program Files\Memeo\AutoSync\MemeoService.exe [2007-07-06 31768] S4 Boonty Games;Boonty Games;C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe [ ] S4 eyu342u3aku;Print Spooler Service;C:\WINDOWS\system32\hbxyvwklfde.exe [ ] S4 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\System32\drivers\LMIRfsDriver.sys [2007-04-05 46112] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4eeec0b4-684d-11dc-a042-0012177deaa4}] \Shell\AutoRun\command - E:\ .exe \Shell\explore\Command - E:\ .exe \Shell\open\Command - E:\ .exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4edf675-b92a-11dc-a099-0012177deaa4}] \Shell\AutoRun\command - E:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df35c606-106e-11dc-80c1-0012177deaa4}] \Shell\AutoRun\command -  .exe \Shell\explore\Command -  .exe \Shell\open\Command -  .exe . Inhoud van de 'Gedeelde Taken' map . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-13 14:12:49 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-09-13 14:16:16 ComboFix-quarantined-files.txt 2008-09-13 12:15:15 ComboFix2.txt 2008-09-12 18:02:16 ComboFix3.txt 2008-09-12 17:38:00 ComboFix4.txt 2008-07-01 18:25:22 ComboFix5.txt 2008-09-13 12:07:23 Pre-Run: 9,314,570,240 bytes beschikbaar Post-Run: 9,304,014,848 bytes beschikbaar 247 --- E O F --- 2008-07-11 18:23:30