hoi juisterr hier het logje
ComboFix 08-03-18.1 - Mijn Pc 2008-03-19 19:20:56.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.434 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Mijn Pc\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mijn Pc\Bureaublad\CFScript.txt..txt
* Nieuw herstelpunt werd aangemaakt
FILE ::
C:\WINDOWS\mmhren1.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-02-19 to 2008-03-19 ))))))))))))))))))))))))))))))
.
2008-03-16 20:38 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-16 20:37 . 2008-03-16 20:38 <DIR> d-------- C:\Program Files\Java
2008-03-16 20:37 . 2008-03-16 20:37 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-16 18:53 . 2008-03-19 19:19 <DIR> dr-h----- C:\Documents and Settings\Mijn Pc\Onlangs geopend
2008-03-14 20:33 . 2008-03-14 20:33 <DIR> d-------- C:\Program Files\BearShare Applications
2008-03-14 20:33 . 2008-03-17 19:16 <DIR> d-------- C:\Documents and Settings\Mijn Pc\Application Data\BearShare
2008-03-14 20:33 . 2006-11-12 11:39 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-03-11 20:37 . 2008-03-13 17:58 11,776 --a------ C:\WINDOWS\system32\WLCtrl32.bak
2008-03-11 17:09 . 2008-03-19 19:06 <DIR> dr-h----- C:\Documents and Settings\Christel\Onlangs geopend
2008-03-05 16:40 . 2008-03-05 16:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-04 21:13 . 2008-03-04 21:15 <DIR> d-------- C:\Documents and Settings\Lara\Contacts
2008-03-04 21:11 . 2008-03-04 21:11 <DIR> d-------- C:\Documents and Settings\Lara\Application Data\MSN6
2008-03-04 21:02 . 2008-03-12 19:12 <DIR> d-------- C:\Documents and Settings\Lara\Application Data\SPAMfighter
2008-03-04 21:01 . 2004-09-10 09:11 <DIR> d--h----- C:\Documents and Settings\Lara\Sjablonen
2008-03-04 21:01 . 2008-03-04 21:02 <DIR> dr-h----- C:\Documents and Settings\Lara\Onlangs geopend
2008-03-04 21:01 . 2004-09-10 10:37 <DIR> d--h----- C:\Documents and Settings\Lara\Netwerkprinteromgeving
2008-03-04 21:01 . 2008-03-12 19:15 <DIR> dr------- C:\Documents and Settings\Lara\Mijn documenten
2008-03-04 21:01 . 2004-09-10 10:37 <DIR> dr------- C:\Documents and Settings\Lara\Menu Start
2008-03-04 21:01 . 2008-03-04 21:02 <DIR> dr------- C:\Documents and Settings\Lara\Favorieten
2008-03-04 21:01 . 2008-03-05 16:40 <DIR> d-------- C:\Documents and Settings\Lara\Bureaublad
2008-03-02 22:26 . 2008-03-02 22:26 <DIR> d-------- C:\Documents and Settings\Mijn Pc\Application Data\Sereniti
2008-03-02 20:06 . 2008-03-02 20:06 <DIR> d-------- C:\Documents and Settings\Mijn Pc\Application Data\iMesh
2008-03-02 14:57 . 2004-09-10 09:11 <DIR> d--h----- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Sjablonen
2008-03-02 14:57 . 2008-03-02 14:57 <DIR> dr-h----- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Onlangs geopend
2008-03-02 14:57 . 2004-09-10 10:37 <DIR> d--h----- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Netwerkprinteromgeving
2008-03-02 14:57 . 2008-03-02 15:30 <DIR> dr------- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Mijn documenten
2008-03-02 14:57 . 2004-09-10 10:37 <DIR> dr------- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Menu Start
2008-03-02 14:57 . 2008-03-02 15:49 <DIR> dr------- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Favorieten
2008-03-02 14:57 . 2008-03-05 16:40 <DIR> d-------- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Bureaublad
2008-03-02 14:57 . 2008-03-02 15:15 <DIR> d-------- C:\Documents and Settings\Lara.MIJN-AP8Q6JXN9H\Application Data\SPAMfighter
2008-03-02 12:09 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys
2008-03-01 22:04 . 2008-03-01 22:04 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-01 15:06 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-03-01 15:01 . 2006-06-30 14:13 8,704 --a------ C:\WINDOWS\system32\pfdnnt.exe
2008-03-01 14:00 . 2008-03-02 12:12 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-03-01 14:00 . 2008-03-02 12:08 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-03-01 14:00 . 2008-03-02 12:08 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-01 14:00 . 2008-03-02 12:08 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-29 22:56 . 2008-02-29 22:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-29 22:23 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-02-29 22:04 . 2008-02-29 22:04 <DIR> d--h----- C:\WINDOWS\PIF
2008-02-28 23:38 . 2008-03-01 18:25 3,796 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-28 23:10 . 2008-03-01 14:15 57 --------- C:\WINDOWS\win.ini
2008-02-28 23:10 . 2008-03-19 19:23 0 --a------ C:\WINDOWS\system.ini
2008-02-28 11:58 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-02-28 11:47 . 2008-02-28 11:49 <DIR> d-------- C:\Temp
2008-02-28 11:47 . 2008-02-28 11:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-02-28 11:35 . 2008-02-28 11:35 <DIR> d-------- C:\Program Files\SurfRight
2008-02-28 11:35 . 2008-02-28 11:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SurfRight
2008-02-27 22:59 . 2008-02-27 22:59 89,600 --a------ C:\WINDOWS\WCSMON.EXE
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-03-19 18:09 --------- d-----w C:\Program Files\SPAMfighter
2008-03-14 21:08 --------- d-----w C:\Program Files\Kazaa Lite K++
2008-03-05 15:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-02 11:47 --------- d-----w C:\Program Files\Eset
2008-03-02 11:11 --------- d-----w C:\Program Files\Google
2008-03-02 11:10 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-02-28 19:29 --------- d-----w C:\Documents and Settings\Mijn Pc\Application Data\Lavasoft
2008-02-28 19:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-28 11:47 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-15 18:41 --------- d-----w C:\Documents and Settings\Mijn Pc\Application Data\AutoTransfer
2008-02-11 13:56 19,512 ----a-w C:\WINDOWS\system32\drivers\nvcw32mf.sys
2008-02-08 21:06 --------- d-----w C:\Program Files\Unity
2008-02-01 16:55 --------- d-----w C:\Program Files\Common Files\Nullsoft
2008-02-01 15:23 20,888 ----a-w C:\Documents and Settings\Christel\Application Data\GDIPFONTCACHEV1.DAT
2008-01-22 15:35 --------- d-----w C:\Program Files\Common Files\Ankiro
2008-01-22 15:32 --------- d-----w C:\Program Files\Common Files\Application
2007-07-16 15:03 20,888 ----a-w C:\Documents and Settings\Mijn Pc\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
"EPSON Stylus C46 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\ 3\E_S4I0T1.exe" [2004-01-13 19:00 99840]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-09-01 11:52 376912]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-17 21:20 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 09:50 155648]
"Cmaudio"="cmicnfg.cpl" []
"VTTimer"="VTTimer.exe" [2004-01-15 13:33 49152 C:\WINDOWS\system32\VTTimer.exe]
"iKeyWorks"="C:\PROGRA~1\Hardware\Keyboard\Ikeymai n.exe" [2004-01-04 16:44 61440]
"WheelMouse"="C:\PROGRA~1\Hardware\Mouse\Amoumain. exe" [2003-07-19 00:59 143360]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 09:54 65024 C:\WINDOWS\SOUNDMAN.EXE]
"Norman ZANDA"="C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Npm\bin\ZLH.exe" [2007-08-09 13:40 183352]
"EPSON Stylus C46 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\ 3\E_S4I0T1.exe" [2004-01-13 19:00 99840]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.e xe" [2006-01-07 01:36 81920]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-02 17:03 308880]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"= shdocvw.dll [ ]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
C:\WINDOWS\mmhren1.exe
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
R1 anftdird.sys;anftdird.sys;C:\WINDOWS\system32\driv ers\anftdird.sys [2007-08-28 20:24]
R2 Belkin 54g Wireless USB Network Adapter Service;Belkin 54g Wireless USB Network Adapter;C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe [2004-03-29 16:08]
R2 Ndiskio;Ndiskio;C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 09:55]
R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2008-01-02 17:03]
R3 Amps2prt;Compatible PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2003-01-07 17:16]
R3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2004-07-16 11:14]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32 mf.sys [2008-02-11 14:56]
R3 nvcoas;Norman Virus Control on-access component;C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\bin\nvcoas.exe [2007-12-12 11:45]
R3 NVCScheduler;Norman Virus Control Scheduler;C:\Documents and Settings\Mijn Pc\Mijn documenten\Norman\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 12:23]
S3 nvcfsr;nvcfsr;C:\NORMAN\Nvc\BIN\nvcfsr.sys [2004-11-05 09:47]
S3 nvcoafl51;nvcoafl51;C:\NORMAN\Nvc\BIN\nvcoafl51.sy s [2005-05-13 14:20]
S3 nvcoaft51;nvcoaft51;C:\NORMAN\Nvc\BIN\nvcoaft51.sy s [2006-06-14 13:39]
S3 nvcoarc51;nvcoarc51;C:\NORMAN\Nvc\BIN\nvcoarc51.sy s [2005-05-13 14:10]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{3bf7b612-b7be-11dc-8f28-0011507741d2}]
\Shell\AutoRun\command - E:\AutoTransfer.exe
.
Inhoud van de 'Gedeelde Taken' map
"2007-03-24 11:37:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-29 15:00:08 C:\WINDOWS\Tasks\{69B2FB2F-DBCD-4C46-8E1E-25404F6499E6}_MIJN-AP8Q6JXN9H_Mijn Pc.job"
- C:\WINDOWS\system32\mobsync.exe
"2008-02-29 15:00:08 C:\WINDOWS\Tasks\{CDEF5967-310E-48EE-908E-4B20132FC970}_MIJN-AP8Q6JXN9H_Mijn Pc.job"
- C:\WINDOWS\system32\mobsync.exe
"2008-02-28 08:00:13 C:\WINDOWS\Tasks\{E10560A8-A027-4A79-B7FE-77089204A9CD}_MIJN-AP8Q6JXN9H_Mijn Pc.job"
- C:\WINDOWS\system32\mobsync.exeL /Schedule=
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 19:23:53
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\IKEYRFK8.DLL
-> C:\WINDOWS\system32\Amhooker.dll
.
Voltooingstijd: 2008-03-19 19:25:26
.
2008-03-01 23:03:52 --- E O F ---
Favorieten/bladwijzers