ComboFix 08-03-03.6 - Mijn Pc 2008-03-04 19:56:24.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.282 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Mijn Pc\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mijn Pc\Bureaublad\CFScript.txt..txt
* Nieuw herstelpunt werd aangemaakt
FILE ::
C:\Documents and Settings\Mijn Pc\coseai.exe
C:\Documents and Settings\Mijn Pc\dgkooi.exe
C:\Documents and Settings\Mijn Pc\dzicpm.exe
C:\Documents and Settings\Mijn Pc\fzwezc.exe
C:\Documents and Settings\Mijn Pc\mocapc.exe
C:\Documents and Settings\Mijn Pc\nrmncd.exe
C:\Documents and Settings\Mijn Pc\stszev.exe
C:\Documents and Settings\Mijn Pc\waytlk.exe
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Mijn Pc\coseai.exe
C:\Documents and Settings\Mijn Pc\dgkooi.exe
C:\Documents and Settings\Mijn Pc\dzicpm.exe
C:\Documents and Settings\Mijn Pc\fzwezc.exe
C:\Documents and Settings\Mijn Pc\mocapc.exe
C:\Documents and Settings\Mijn Pc\nrmncd.exe
C:\Documents and Settings\Mijn Pc\stszev.exe
C:\Documents and Settings\Mijn Pc\waytlk.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-02-04 to 2008-03-04 ))))))))))))))))))))))))))))))
.
2008-03-04 17:49 . 2008-03-04 17:49 11,776 --a------ C:\WINDOWS\system32\WLCtrl32.dl_
2008-03-02 22:26 . 2008-03-02 22:26 <DIR> d-------- C:\Documents and Settings\Mijn Pc\Application Data\Sereniti
2008-03-02 20:06 . 2008-03-02 20:06 <DIR> d-------- C:\Documents and Settings\Mijn Pc\Application Data\iMesh
2008-03-02 20:00 . 2008-03-04 19:54 <DIR> dr-h----- C:\Documents and Settings\Mijn Pc\Onlangs geopend
2008-03-02 14:57 . 2004-09-10 09:11 <DIR> d--h----- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Sjablonen
2008-03-02 14:57 . 2008-03-02 14:57 <DIR> dr-h----- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Onlangs geopend
2008-03-02 14:57 . 2004-09-10 10:37 <DIR> d--h----- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Netwerkprinteromgeving
2008-03-02 14:57 . 2008-03-02 15:30 <DIR> dr------- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Mijn documenten
2008-03-02 14:57 . 2004-09-10 10:37 <DIR> dr------- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Menu Start
2008-03-02 14:57 . 2008-03-02 15:49 <DIR> dr------- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Favorieten
2008-03-02 14:57 . 2004-09-10 10:37 <DIR> d-------- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Bureaublad
2008-03-02 14:57 . 2008-03-02 15:15 <DIR> d-------- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Application Data\SPAMfighter
2008-03-02 14:57 . 2008-03-02 14:57 <DIR> d-------- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Application Data\AVG7
2008-03-02 12:09 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys
2008-03-02 11:40 . 2008-03-02 11:42 <DIR> dr-h----- C:\Documents and Settings\Christel\Onlangs geopend
2008-03-02 11:39 . 2008-03-02 11:40 <DIR> d-------- C:\Documents and Settings\Christel\Application Data\AVG7
2008-03-01 22:04 . 2008-03-01 22:04 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-01 21:44 . 2008-03-01 23:42 <DIR> d-------- C:\SDFix
2008-03-01 18:40 . 2008-03-04 17:51 <DIR> d-------- C:\Documents and Settings\Mijn Pc\Application Data\AVG7
2008-03-01 18:40 . 2008-03-01 18:40 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-01 18:40 . 2008-03-01 18:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7
2008-03-01 15:06 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-03-01 15:01 . 2006-06-30 14:13 8,704 --a------ C:\WINDOWS\system32\pfdnnt.exe
2008-03-01 14:00 . 2008-03-02 12:12 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-03-01 14:00 . 2008-03-02 12:08 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-03-01 14:00 . 2008-03-02 12:08 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-01 14:00 . 2008-03-02 12:08 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-29 22:56 . 2008-02-29 22:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-29 22:23 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-02-29 22:04 . 2008-02-29 22:04 <DIR> d--h----- C:\WINDOWS\PIF
2008-02-29 00:22 . 2008-03-01 18:31 26,240 --a------ C:\WINDOWS\system32\drivers\Mqt03.sys
2008-02-28 23:44 . 2008-03-01 21:41 <DIR> d-------- C:\fixwareout
2008-02-28 23:38 . 2008-03-01 18:25 3,796 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-28 23:10 . 2008-03-01 14:15 57 --------- C:\WINDOWS\win.ini
2008-02-28 23:10 . 2008-03-04 20:00 0 --a------ C:\WINDOWS\system.ini
2008-02-28 11:58 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-02-28 11:47 . 2008-02-28 11:49 <DIR> d-------- C:\Temp
2008-02-28 11:47 . 2008-02-28 11:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prevx
2008-02-28 11:35 . 2008-02-28 11:35 <DIR> d-------- C:\Program Files\SurfRight
2008-02-28 11:35 . 2008-02-28 11:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SurfRight
2008-02-27 22:59 . 2008-02-27 22:59 89,600 --a------ C:\WINDOWS\WCSMON.EXE
2008-02-15 19:41 . 2008-02-15 19:41 <DIR> d-------- C:\Documents and Settings\Mijn Pc\Application Data\AutoTransfer
2008-02-07 18:07 . 2008-02-08 22:06 <DIR> d-------- C:\Program Files\Unity
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-03-04 17:52 --------- d-----w C:\Program Files\SPAMfighter
2008-03-02 11:47 --------- d-----w C:\Program Files\Eset
2008-03-02 11:11 --------- d-----w C:\Program Files\Google
2008-03-02 11:10 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-01 21:27 --------- d-----w C:\Program Files\Java
2008-03-01 17:40 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
2008-02-28 19:29 --------- d-----w C:\Documents and Settings\Mijn Pc\Application Data\Lavasoft
2008-02-28 19:29 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2008-02-28 11:47 --------- d---a-w C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2008-02-11 13:56 19,512 ----a-w C:\WINDOWS\system32\drivers\nvcw32mf.sys
2008-02-01 16:55 --------- d-----w C:\Program Files\Common Files\Nullsoft
2008-02-01 15:23 20,888 ----a-w C:\Documents and Settings\Christel\Application Data\GDIPFONTCACHEV1.DAT
2008-01-22 15:35 --------- d-----w C:\Program Files\Common Files\Ankiro
2008-01-22 15:32 --------- d-----w C:\Program Files\Common Files\Application
2007-07-16 15:03 20,888 ----a-w C:\Documents and Settings\Mijn Pc\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
"EPSON Stylus C46 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\ 3\E_S4I0T1.exe" [2004-01-13 19:00 99840]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-09-01 11:52 376912]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-17 21:20 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 09:50 155648]
"Cmaudio"="cmicnfg.cpl" []
"VTTimer"="VTTimer.exe" [2004-01-15 13:33 49152 C:\WINDOWS\system32\VTTimer.exe]
"iKeyWorks"="C:\PROGRA~1\Hardware\Keyboard\Ikeymai n.exe" [2004-01-04 16:44 61440]
"WheelMouse"="C:\PROGRA~1\Hardware\Mouse\Amoumain. exe" [2003-07-19 00:59 143360]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 09:54 65024 C:\WINDOWS\SOUNDMAN.EXE]
"Norman ZANDA"="C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ZLH.exe" [2007-08-09 13:40 183352]
"EPSON Stylus C46 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\ 3\E_S4I0T1.exe" [2004-01-13 19:00 99840]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.e xe" [2006-01-07 01:36 81920]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-02 17:03 308880]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-01 18:41 579072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-01 18:40 219136]
C:\DOCUME~1\ALLUSE~1\MENUST~1\PROGRA~1\OPSTAR~1\
Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"= shdocvw.dll [ ]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
C:\WINDOWS\mmhren1.exe
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
R0 Mqt03;Mqt03;C:\WINDOWS\system32\Drivers\Mqt03.sys [2008-03-01 18:31]
R1 anftdird.sys;anftdird.sys;C:\WINDOWS\system32\driv ers\anftdird.sys [2007-08-28 20:24]
R2 Belkin 54g Wireless USB Network Adapter Service;Belkin 54g Wireless USB Network Adapter;C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe [2004-03-29 16:08]
R2 Ndiskio;Ndiskio;C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 09:55]
R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2008-01-02 17:03]
R3 Amps2prt;Compatible PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2003-01-07 17:16]
R3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2004-07-16 11:14]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32 mf.sys [2008-02-11 14:56]
R3 nvcoas;Norman Virus Control on-access component;C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\bin\nvcoas.exe [2007-12-12 11:45]
R3 NVCScheduler;Norman Virus Control Scheduler;C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 12:23]
S1 ctredrv.sys;ctredrv.sys;C:\WINDOWS\system32\driver s\ctredrv.sys []
S3 {FF9BACB3-2B8E-45ba-9E68-B6720E5D81A3};{FF9BACB3-2B8E-45ba-9E68-B6720E5D81A3};C:\WINDOWS\system32\{FF9BACB3-2B8E-45ba-9E68-B6720E5D81A3} []
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS []
S3 nvcfsr;nvcfsr;C:\NORMAN\Nvc\BIN\nvcfsr.sys [2004-11-05 09:47]
S3 nvcoafl51;nvcoafl51;C:\NORMAN\Nvc\BIN\nvcoafl51.sy s [2005-05-13 14:20]
S3 nvcoaft51;nvcoaft51;C:\NORMAN\Nvc\BIN\nvcoaft51.sy s [2006-06-14 13:39]
S3 nvcoarc51;nvcoarc51;C:\NORMAN\Nvc\BIN\nvcoarc51.sy s [2005-05-13 14:10]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{3bf7b612-b7be-11dc-8f28-0011507741d2}]
\Shell\AutoRun\command - E:\AutoTransfer.exe
*Newly Created Service* - GTNDIS5
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-04 20:00:11
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
EPSON Stylus C46 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T 1.EXE /P23 "EPSON Stylus C46 Series" /M "Stylus C46" /EF "HKCU"????????? ?J???????J????????????Y:~????????????????????????? ????????????Y:~???????????? ???8???????????X?;~????????????j?;~??????????????? |???????
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\WLCtrl32.dll
.
Voltooingstijd: 2008-03-04 20:01:48
ComboFix-quarantined-files.txt 2008-03-04 19:01:41
ComboFix2.txt 2008-03-04 17:36:26
ComboFix3.txt 2008-03-03 22:16:37
.
2008-03-01 23:03:52 --- E O F ---
Favorieten/bladwijzers