ComboFix 08-12-09.03 - Administrator 2008-12-17 20:19:33.1 - NTFSx86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.829 [GMT 1:00] [COLOR=RED][B]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/B][/COLOR] . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\moduleie.dll c:\documents and settings\All Users\Application Data\svhost.exe c:\windows\system32\drivers\TDSSmxfe.sys c:\windows\system32\TDSSehys.log c:\windows\system32\TDSSixgp.dll c:\windows\system32\TDSSkrxx.dll c:\windows\system32\TDSSmtpe.dat c:\windows\system32\TDSSnmxh.log c:\windows\system32\TDSSnpur.dll c:\windows\system32\TDSSoitu.dll c:\windows\system32\TDSSsahc.dll c:\windows\system32\TDSSwkod.log c:\windows\system32\TDSSyaqu.dll c:\windows\system32\winscenter.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_TDSSSERV.SYS -------\Legacy_TDSSSERV.SYS (((((((((((((((((((( Bestanden Gemaakt van 2008-11-17 to 2008-12-17 )))))))))))))))))))))))))))))) . 2008-12-17 19:47 . 2008-12-17 19:47 d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes 2008-12-17 19:35 . 2008-12-17 19:35 d-------- c:\documents and settings\Gebruiker\Application Data\Malwarebytes 2008-12-17 19:35 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-17 19:35 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-17 19:34 . 2008-12-17 19:34 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-17 19:11 . 2008-12-17 19:11 580,096 --a--c--- c:\windows\system32\dllcache\user32.dll 2008-12-17 19:03 . 2008-12-17 19:03 d-------- c:\windows\ERUNT 2008-12-17 19:02 . 2008-12-17 19:27 d-------- C:\SDFix 2008-12-16 20:51 . 2008-12-16 20:51 d-------- c:\documents and settings\All Users\Application Data\NortonInstaller 2008-12-16 20:51 . 2008-12-16 20:51 d-------- c:\documents and settings\All Users\Application Data\Avg8 2008-12-16 20:43 . 2008-12-16 20:43 d-------- c:\documents and settings\Administrator\Application Data\Thinstall 2008-12-16 19:54 . 2008-12-16 19:54 d-------- c:\program files\Trend Micro 2008-12-16 19:54 . 2008-12-17 19:35 d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-15 18:37 . 2008-12-15 18:37 d-------- c:\documents and settings\Administrator\Application Data\Apple Computer 2008-12-15 17:33 . 2008-12-15 17:33 d-------- c:\program files\Common Files\Wise Installation Wizard 2008-12-14 19:12 . 2008-12-14 19:12 d-------- c:\documents and settings\Administrator\Application Data\U3 2008-12-14 16:40 . 2008-12-14 16:40 d-------- c:\program files\Spybot - Search & Destroy 2008-12-14 16:40 . 2008-12-14 16:40 d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-12-14 15:48 . 2008-12-14 15:48 d-------- c:\program files\Common Files\Download Manager 2008-12-14 10:38 . 2008-02-06 14:56 d--h----- c:\documents and settings\Administrator\Sjablonen 2008-12-14 10:38 . 2008-12-17 19:41 d--h----- c:\documents and settings\Administrator\Onlangs geopend 2008-12-14 10:38 . 2008-02-06 15:14 d--h----- c:\documents and settings\Administrator\Netwerkprinteromgeving 2008-12-14 10:38 . 2008-02-06 15:14 d-------- c:\documents and settings\Administrator\Mijn documenten 2008-12-14 10:38 . 2008-02-06 15:14 dr------- c:\documents and settings\Administrator\Menu Start 2008-12-14 10:38 . 2008-02-06 15:14 d-------- c:\documents and settings\Administrator\Favorieten 2008-12-14 10:38 . 2008-12-17 20:10 d-------- c:\documents and settings\Administrator\Bureaublad 2008-12-14 10:38 . 2008-12-16 20:50 d-------- c:\documents and settings\Administrator 2008-12-13 20:49 . 2008-12-13 20:49 552 --a------ c:\windows\system32\d3d8caps.dat 2008-12-04 17:13 . 2008-12-04 17:14 d-------- c:\program files\iTunes 2008-12-04 17:13 . 2008-12-04 17:13 d-------- c:\program files\iPod 2008-12-04 17:13 . 2008-12-04 17:14 d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-12-04 17:11 . 2008-12-04 17:12 d-------- c:\program files\QuickTime 2008-11-28 17:09 . 2008-11-28 17:09 d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant 2008-11-21 16:28 . 2008-11-21 16:28 d-------- c:\documents and settings\All Users\Application Data\Oberon Games 2008-11-21 15:30 . 2008-11-21 15:30 d-------- c:\documents and settings\Gebruiker\Application Data\Meridian93 2008-11-21 15:29 . 2008-11-21 15:29 d-------- c:\program files\iWin.com 2008-11-21 15:25 . 2008-11-21 15:25 d-------- c:\documents and settings\Gebruiker\Application Data\iWinArcade 2008-11-21 15:25 . 2008-11-22 18:08 d-------- c:\documents and settings\All Users\Application Data\iWin Games 2008-11-20 16:16 . 2008-11-20 16:16 d-------- c:\documents and settings\Gebruiker\Application Data\Gogii Games 2008-11-20 16:16 . 2008-11-20 16:16 d-------- c:\documents and settings\All Users\Application Data\Gogii Games 2008-11-20 15:40 . 2008-11-20 15:40 d-------- c:\documents and settings\All Users\Application Data\SpinTopV1005 2008-11-19 18:46 . 2008-11-19 18:46 d-------- c:\documents and settings\Gebruiker\Application Data\Mushroom Age 2008-11-18 18:16 . 2008-11-18 18:16 d-------- c:\documents and settings\Gebruiker\Application Data\PlayFirst 2008-11-18 18:16 . 2008-11-18 18:16 d-------- c:\documents and settings\All Users\Application Data\PlayFirst 2008-11-18 16:42 . 2008-11-18 16:42 d-------- c:\documents and settings\Gebruiker\Saved Games 2008-11-18 16:42 . 2008-11-18 16:42 d-------- c:\documents and settings\Gebruiker\Application Data\Flood Light Games 2008-11-18 16:42 . 2008-11-18 16:42 d-------- c:\documents and settings\All Users\Application Data\Flood Light Games . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-15 16:20 98,304 ----a-w c:\windows\DUMP6d02.tmp 2008-12-14 14:54 --------- d-----w c:\documents and settings\Gebruiker\Application Data\U3 2008-12-14 14:50 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-12-11 17:18 --------- d-----w c:\documents and settings\Gebruiker\Application Data\uTorrent 2008-12-04 16:11 --------- d-----w c:\program files\Common Files\Apple 2008-12-04 16:05 --------- d-----w c:\program files\Safari 2008-12-03 12:13 --------- d-----w c:\program files\Common Files\Symantec Shared 2008-12-03 12:11 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2008-11-28 16:10 --------- d-----w c:\program files\HP 2008-11-28 16:10 --------- d-----w c:\program files\Hewlett-Packard 2008-11-22 12:38 --------- d-----w c:\program files\TomTom HOME 2 2008-11-16 18:06 --------- d-----w c:\documents and settings\Gebruiker\Application Data\SpinTop Games 2008-11-16 16:27 --------- d-----w c:\documents and settings\Gebruiker\Application Data\SpinTop 2008-11-16 16:27 --------- d-----w c:\documents and settings\All Users\Application Data\MumboJumbo 2008-11-13 14:09 --------- d-----w c:\program files\Playrix Games 2008-11-13 13:44 --------- d-----w c:\program files\ReflexiveArcade 2008-11-06 10:41 --------- d-----w c:\program files\ConsoleClassix.com 2008-10-30 18:10 --------- d-----w c:\program files\Google 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-20 13:10 --------- d-----w c:\program files\Microsoft Works 2008-10-20 13:07 --------- d--h--w c:\program files\InstallShield Installation Information . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-09-26 206184] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-01-17 486856] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-07-15 110592] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-07-15 618496] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2003-11-18 241664] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-03-18 204862] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-02-03 3072000] "nwiz"="nwiz.exe" [2004-02-03 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048] Snelstart HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2004-02-03 10:26 3072000 c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2008-07-07 09:42 2156368 c:\program files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R3 EMCR;EMCR;c:\windows\system32\DRIVERS\EMCR7SK.sys [2008-02-06 68480] S0 ugzeep;ugzeep;c:\windows\system32\drivers\aobtqr.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\LaunchU3.exe -a . Inhoud van de 'Gedeelde Taken' map 2008-09-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2008-12-13 c:\windows\Tasks\HPpromotions psc 2350 series.job - c:\program files\HP\Digital Imaging\bin\HP Promotions\AiOMVC\HPpromo.exe [2005-04-22 17:36] 2008-03-22 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job - c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 12:01] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uInternet Settings,ProxyOverride = *.local c:\windows\Downloaded Program Files\stg_drm.ocx - c:\windows\Downloaded Program Files\CONFLICT.1\stg_drm.ocx c:\windows\Downloaded Program Files\CONFLICT.2\stg_drm.ocx c:\windows\Downloaded Program Files\CONFLICT.3\stg_drm.ocx c:\windows\Downloaded Program Files\CONFLICT.4\stg_drm.ocx c:\windows\Downloaded Program Files\CONFLICT.5\stg_drm.ocx c:\windows\Downloaded Program Files\CONFLICT.6\stg_drm.ocx c:\windows\Downloaded Program Files\CONFLICT.7\stg_drm.ocx O16 -: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Turbo%20Pizza/Images/stg_drm.ocx c:\windows\Downloaded Program Files\zylomgamesplayer.dll - O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game06.zylom.com/activex/zylomgamesplayer.cab c:\windows\Downloaded Program Files\ZylomGamesPlayer.inf c:\windows\Downloaded Program Files\armhelper.ocx - O16 -: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Samantha%20Swift%20and%20the%20Hidden%20Roses%20of%20Athena/Images/armhelper.ocx . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-17 20:23:26 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????1?6?4?2??@???? ?|?B???????????????B? ?????? scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\windows\system32\wscntfy.exe c:\program files\Microsoft IntelliPoint\dpupdchk.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe c:\program files\HP\Digital Imaging\bin\hpqgalry.exe . ************************************************************************** . Voltooingstijd: 2008-12-17 20:26:21 - machine werd herstart [Gebruiker] ComboFix-quarantined-files.txt 2008-12-17 19:26:18 Pre-Run: 70,724,702,208 bytes beschikbaar Post-Run: 69,582,516,224 bytes beschikbaar 213 --- E O F --- 2008-12-11 17:20:37