ComboFix 12-02-06.02 - x 06/02/2012 18:27:22.1.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.1789.1352 [GMT 1:00] Gestart vanuit: e:\programdownloads\ComboFix.exe AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Nieuw herstelpunt werd aangemaakt * Aanwezig AV is actief . . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\Application Data\TEMP\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\PostBuild.exe c:\documents and settings\All Users\Application Data\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe c:\documents and settings\x\Application Data\.# c:\documents and settings\x\Application Data\.#\MBX@1514@3837D8.### c:\documents and settings\x\Application Data\.#\MBX@1514@3837E8.### c:\documents and settings\x\Application Data\.#\MBX@B48@3837D8.### c:\documents and settings\x\Application Data\.#\MBX@B48@3837E8.### c:\documents and settings\x\Application Data\.#\MBX@CFC@3437D8.### c:\documents and settings\x\Application Data\.#\MBX@CFC@3437E8.### c:\documents and settings\x\Application Data\.#\MBX@F44@3437D8.### c:\documents and settings\x\Application Data\.#\MBX@F44@3437E8.### c:\documents and settings\x\Application Data\.#\MBX@FD0@3837C8.### c:\documents and settings\x\Application Data\.#\MBX@FD0@3837D8.### c:\documents and settings\x\Application Data\.#\MBX@FD0@3837E8.### c:\documents and settings\x\Application Data\Adobe\plugs c:\documents and settings\x\Application Data\Adobe\shed c:\documents and settings\x\Application Data\inst.exe c:\documents and settings\x\Application Data\Toolbar4 c:\documents and settings\x\Application Data\vso_ts_preview.xml c:\documents and settings\x\WINDOWS c:\documents and settings\x\xf9poa4vaz.exe c:\program files\MPAccess c:\windows\$NtUninstallKB7968$\1082744745\@ c:\windows\$NtUninstallKB7968$\1082744745\bckfg.tmp c:\windows\$NtUninstallKB7968$\1082744745\cfg.ini c:\windows\$NtUninstallKB7968$\1082744745\Desktop.ini c:\windows\$NtUninstallKB7968$\1082744745\kwrd.dll c:\windows\$NtUninstallKB7968$\1082744745\L\tmqwhjct c:\windows\$NtUninstallKB7968$\1082744745\twl.dll c:\windows\$NtUninstallKB7968$\1082744745\U\00000001.@ c:\windows\$NtUninstallKB7968$\1082744745\U\00000002.@ c:\windows\$NtUninstallKB7968$\1082744745\U\00000004.@ c:\windows\$NtUninstallKB7968$\1082744745\U\80000000.@ c:\windows\$NtUninstallKB7968$\1082744745\U\80000004.@ c:\windows\$NtUninstallKB7968$\1082744745\U\80000032.@ c:\windows\$NtUninstallKB7968$\1082744745\version c:\windows\$NtUninstallKB7968$\4035376521 c:\windows\IsUn0413.exe c:\windows\PIF\cmd.vbe c:\windows\PIF\firewall.vbe c:\windows\PIF\reg.reg c:\windows\PIF\reg1.reg c:\windows\unin0413.exe c:\windows\XSxS c:\windows\$NtUninstallKB7968$ . . . . konden niet verwijderd worden . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_xcpip . . (((((((((((((((((((( Bestanden Gemaakt van 2012-01-06 to 2012-02-06 )))))))))))))))))))))))))))))) . . 2012-02-06 15:34 . 2012-02-06 15:34 0 --sha-w- c:\windows\system32\dds_trash_log.cmd . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys [-] 2008-04-13 22:49 . 0DCF7982F3DEFF7DBB4F1B9D4685A655 . 75264 . . [------] . . c:\windows\system32\drivers\ipsec.sys . [7] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys [-] 2008-04-13 22:49 . 0DCF7982F3DEFF7DBB4F1B9D4685A655 . 75264 . . [------] . . c:\windows\system32\drivers\ipsec.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 1204224] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2008-03-26 16859136] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-04 1632360] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2009-03-08 128512] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Belkin F5D8053 N Wireless USB Adapter Utility.lnk - e:\program files\Belkin\F5D8053\Belkinwcui.exe [2007-9-17 1732608] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{93994DE8-8239-4655-B1D1-5F4E91300429}"= "e:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2011-10-14 13:46 87424 ----a-w- c:\windows\system32\LMIinit.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^i-Buddy Manager.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\i-Buddy Manager.lnk backup=c:\windows\pss\i-Buddy Manager.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^x^Menu Start^Programma's^Opstarten^i-Buddy Manager.lnk] path=c:\documents and settings\x\Menu Start\Programma's\Opstarten\i-Buddy Manager.lnk backup=c:\windows\pss\i-Buddy Manager.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^x^Menu Start^Programma's^Opstarten^Zentom System Guard.lnk] path=c:\documents and settings\x\Menu Start\Programma's\Opstarten\Zentom System Guard.lnk backup=c:\windows\pss\Zentom System Guard.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer] c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager] 2010-02-22 02:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid] 2009-06-04 16:51 2056192 ----a-w- c:\program files\Belgium Identity Card\beid35gui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2005-09-08 10:06 94208 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer] 2009-09-16 09:34 202024 ------w- e:\program files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2011-08-02 07:33 4910912 ----a-w- e:\program files\DAEMON Tools Lite\DTLite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent] 2007-09-06 13:08 136136 ----a-w- e:\program files\DAEMON Tools Pro\DTProAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-26 22:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] 2005-11-15 20:50 1204224 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck] 2008-05-14 03:16 29831168 ----a-r- c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-09-24 01:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] 2007-05-17 08:52 505368 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2007-05-17 08:53 780312 ----a-w- c:\program files\Logitech\QuickCam10\QuickCam10.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI] 2011-01-11 17:04 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2] 2011-01-31 11:16 703360 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2011-05-25 06:09 111208 ----a-w- c:\windows\system32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] 2010-12-21 09:53 1483264 ----a-w- e:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMAgent] 2009-09-16 09:34 148776 ------w- e:\program files\CyberLink\PowerCinema\PCMAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie] 2009-09-08 16:07 177384 ------w- e:\program files\CyberLink\PlayMovie\PMVService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-09-08 10:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2010-04-06 00:27 26102056 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-10-11 03:17 149280 ----a-w- e:\program files\Java\jre6\bin\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard] 2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVEService] 2009-09-29 15:56 226536 ------w- e:\program files\CyberLink\TV Enhance\TVEService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip] 2007-02-20 09:07 199752 ----a-w- c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Mouse] 2011-05-13 08:11 219792 ----a-w- e:\program files\Multifunctional Wireless Mouse Driver\StartMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "LogMeIn"=2 (0x2) "LMIMaint"=2 (0x2) "JavaQuickStarterService"=2 (0x2) "ose"=3 (0x3) "odserv"=3 (0x3) "nlsvc"=2 (0x2) "LVSrvLauncher"=2 (0x2) "idsvc"=3 (0x3) "gusvc"=3 (0x3) "FLEXnet Licensing Service"=3 (0x3) "AdobeActiveFileMonitor8.0"=2 (0x2) "ACDaemon"=3 (0x3) "WMPNetworkSvc"=2 (0x2) "Webcam Corp. Service Starter"=3 (0x3) "RichVideo"=2 (0x2) "osppsvc"=3 (0x3) "Microsoft SharePoint Workspace Audit Service"=3 (0x3) "iPod Service"=3 (0x3) "i-Buddy IM Service"=2 (0x2) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "KMService"=2 (0x2) "Boonty Games"=3 (0x3) "Microsoft Office Groove Audit Service"=3 (0x3) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "e:\\Program Files\\uTorrent.exe"= "e:\\Program Files\\Ares\\Ares.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\VIA\\VIAudioi\\HDADeck\\HDeck.exe"= "c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"= "c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"= "e:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"= "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "e:\\Program Files\\CyberLink\\TV Enhance\\TVEnhance.exe"= "e:\\Program Files\\CyberLink\\TV Enhance\\TVEService.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"= "c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"= "c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"= "e:\\Program Files\\Mozilla Firefox\\plugin-container.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "1042:TCP"= 1042:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface "5445:TCP"= 5445:TCP:@xpsp2res.dll,-22003 "3389:TCP"= 3389:TCP:Remote Desktop "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/03/2010 22:25 691696] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11/09/2009 7:23 108792] R2 AWISp50;AWISp50 NDIS Protocol Driver;c:\windows\system32\drivers\AWISp50.sys [15/03/2006 16:35 17664] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11/09/2009 7:24 735960] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [6/07/2011 15:32 374152] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11/01/2011 18:04 12856] R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);e:\program files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe [27/06/2010 22:51 464224] R2 TVESched;TVEnhance Task Scheduler (TTS));e:\program files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe [27/06/2010 22:51 189792] R2 UsbGlcsService;UsbGlcsService;e:\program files\Multifunctional Wireless Mouse Driver\UsbglcsSrv.exe [25/08/2011 12:06 1105920] R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [7/05/2011 12:43 17984] R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [20/09/2011 14:01 232512] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [9/12/2009 11:22 47360] R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [27/06/2010 22:16 24288] R3 usbglcs1100101;usbglcs1100101_Display;c:\windows\system32\drivers\usbglcs1100101.sys [25/08/2011 12:18 19456] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [21/11/2009 7:48 238080] S1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [11/09/2009 7:26 96408] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 12:16 130384] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [21/06/2011 20:54 2214504] S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [26/01/2010 15:20 37632] S3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys --> c:\windows\system32\Drivers\HDJBulk.sys [?] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [6/08/2010 15:47 36608] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [13/08/2011 13:15 13224] S3 HDJMidi;DJ Control MP3 e2 MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys --> c:\windows\system32\DRIVERS\HDJMidi.sys [?] S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\DRIVERS\k510bus.sys --> c:\windows\system32\DRIVERS\k510bus.sys [?] S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\DRIVERS\k510mdfl.sys --> c:\windows\system32\DRIVERS\k510mdfl.sys [?] S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\DRIVERS\k510mdm.sys --> c:\windows\system32\DRIVERS\k510mdm.sys [?] S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\k510mgmt.sys --> c:\windows\system32\DRIVERS\k510mgmt.sys [?] S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\k510obex.sys --> c:\windows\system32\DRIVERS\k510obex.sys [?] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [23/11/2009 21:33 22216] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [4/03/2011 13:25 137600] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [4/03/2011 13:25 8576] S3 NuVision;Hauppauge WinTV USB Pro (PAL I);c:\windows\system32\DRIVERS\NUVision.sys --> c:\windows\system32\DRIVERS\NUVision.sys [?] S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 12:37 517096] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [25/06/2010 15:01 100496] S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 12:16 753504] S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?] S4 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;e:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [6/09/2009 5:06 169312] S4 KMService;KMService;c:\windows\system32\srvany.exe [19/07/2011 17:36 8192] S4 MBAMService;MBAMService;e:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [23/11/2009 21:33 366152] S4 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/01/2010 20:37 4640000] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs lsdiorw vvdsvc vmparport w550mgmt btserial beatjamupnpmusicserver PAC7302 lvpopflt . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}] 2010-02-16 17:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe . Inhoud van de 'Gedeelde Taken' map . 2011-08-19 c:\windows\Tasks\AdobeAAMUpdater-1.0-FRE-x.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-06-20 01:44] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ mSearch Bar = hxxp://www.google.com IE: &Verzenden naar OneNote - e:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{EFEED92A-A33D-4873-BA8F-32BAA631E54D} - (no file) HKCU-Run-AdobeBridge - (no file) HKCU-Run-xf9poa4vaz - c:\documents and settings\x\xf9poa4vaz.exe HKLM-Run-NWEReboot - (no file) HKLM-Run-NPSStartup - (no file) HKU-Default-Run-VI8Y9F2W9IUJ9X5DIPCR - c:\sys920e.bin\A6AA6194359.exe SafeBoot-WudfPf SafeBoot-WudfRd MSConfigStartUp-AutoStartNPSAgent - c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe MSConfigStartUp-BCSSync - e:\program files\Microsoft Office\Office14\BCSSync.exe MSConfigStartUp-Google Update - c:\documents and settings\x\Local Settings\Application Data\Google\Update\GoogleUpdate.exe MSConfigStartUp-Hercules DJ Series - c:\program files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe MSConfigStartUp-MediaGet2 - c:\documents and settings\x\Local Settings\Application Data\MediaGet2\mediaget.exe MSConfigStartUp-OfficeSyncProcess - c:\program files\Microsoft Office\Office14\MSOSYNC.EXE MSConfigStartUp-RDP - c:\docume~1\x\LOCALS~1\Temp\ESC.exe MSConfigStartUp-Sony Ericsson PC Companion - c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe MSConfigStartUp-YZ5CZHZY9D1F0A9X - c:\$recycle$\B8DEA5BB359.exe MSConfigStartUp-_3DWonder - \_3DWonder.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-02-06 18:39 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . . c:\windows\system32\sys_drv.dat 7028 bytes c:\windows\system32\sys_drv_2.dat 6024 bytes c:\windows\system32\WinFLdrv.sys 17984 bytes executable c:\documents and settings\x\Application Data\systemfl.$dk 990 bytes . Scan succesvol afgerond verborgen bestanden: 4 . ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(624) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll . - - - - - - - > 'lsass.exe'(704) c:\windows\system32\LMIRfsClientNP.dll . - - - - - - - > 'explorer.exe'(7900) c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll e:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll e:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL e:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_dut.nlr e:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\savedump.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\windows\System32\SCardSvr.exe c:\progra~1\MI3AA1~1\rapimgr.exe e:\program files\CDBurnerXP\NMSAccessU.exe c:\windows\system32\nvsvc32.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\system32\wscntfy.exe c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE . ************************************************************************** . Voltooingstijd: 2012-02-06 18:40:41 - machine werd herstart ComboFix-quarantined-files.txt 2012-02-06 17:40 . Pre-Run: 36.213.755.904 bytes beschikbaar Post-Run: 36.553.744.384 bytes beschikbaar . WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - E13287A6B87809D474804B7BF56A3DB0