ComboFix 09-02-07.01 - Boris 2009-02-08 17:23:02.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.590 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Boris\Bureaublad\ComboFix.exe
AV: Telenet Security Pack 8.00 *On-access scanning disabled* (Updated)
FW: Telenet Security Pack 8.00 *enabled*
* Resident AV is active
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
c:\documents and settings\Boris\Application Data\Hotbar_Icons
c:\documents and settings\Boris\Application Data\Hotbar_Icons\Registryrepair.ico
c:\documents and settings\Loes\Application Data\Hotbar_Icons
c:\documents and settings\Loes\Application Data\Hotbar_Icons\Registryrepair.ico
c:\program files\coolplay
c:\program files\coolplay\Uninstall.exe
c:\program files\QUAD Utilities
c:\recycler\S-0-7-77-100025195-100005569-100016028-3382.0om
c:\windows\IE4 Error Log.txt
c:\windows\system32\drivers\gaopdxtusorsmj.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxepynbnfb.dll
c:\windows\system32\TDSSerrors.log
c:\windows\system32\tdssinit.dll
c:\windows\system32\tdssservers.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_gaopdxserv.sys
(((((((((((((((((((( Bestanden Gemaakt van 2009-01-08 to 2009-02-08 ))))))))))))))))))))))))))))))
.
2009-02-07 12:52 . 2009-02-07 12:52 <DIR> d-------- c:\program files\Trend Micro
2009-02-06 18:05 . 2009-02-06 18:05 <DIR> d-------- c:\documents and settings\Boris\Application Data\F-Secure
2009-02-06 08:43 . 2009-02-06 12:08 <DIR> d-------- c:\program files\Free Window Registry Repair
2009-02-05 16:11 . 2009-02-06 12:08 <DIR> d-------- c:\program files\Eusing Free Registry Cleaner
2009-02-05 15:34 . 2009-02-05 15:34 230 --a------ c:\windows\system32\spupdsvc.inf
2009-02-04 12:03 . 2009-02-04 12:03 33,408 --a------ c:\windows\system32\drivers\fsbts.sys
2009-02-04 11:47 . 2008-09-23 14:35 79,904 --a------ c:\windows\system32\drivers\fsdfw.sys
2009-02-04 11:46 . 2009-02-07 18:29 <DIR> d-------- c:\program files\Telenet Security Pack
2009-02-04 11:46 . 2009-02-04 11:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\fssg
2009-02-04 11:45 . 2009-02-04 11:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\f-secure
2009-02-03 14:38 . 2009-02-03 14:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\MSN6
2009-01-31 12:26 . 2009-01-31 12:26 <DIR> d-------- c:\documents and settings\Stiene\Application Data\dvdcss
2009-01-30 20:43 . 2009-01-30 20:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-01-27 23:22 . 2009-01-27 23:22 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-25 20:28 . 2009-01-25 20:28 <DIR> d-------- c:\program files\Common Files\Bcgsoft
2009-01-25 20:28 . 2004-07-14 12:54 676,864 --a------ c:\windows\system32\drivers\hardlock.sys
2009-01-25 20:28 . 2009-01-25 20:28 47,616 --a------ c:\windows\system32\drivers\Haspnt.sys
2009-01-25 20:28 . 2009-01-25 20:28 6,656 --a------ c:\windows\system32\haspvdd.dll
2009-01-25 20:28 . 2008-08-12 21:18 2,845 --a------ c:\windows\system32\config.hsp
2009-01-25 20:28 . 2009-01-25 20:28 2,464 --a------ c:\windows\netdet.ini
2009-01-25 20:28 . 2009-01-25 20:28 383 --a------ c:\windows\system32\haspdos.sys
2009-01-25 20:27 . 2009-01-25 20:28 <DIR> d-------- c:\program files\CADdy++ - SEE Electrical School
2009-01-17 13:28 . 2009-01-17 13:28 <DIR> d-------- c:\documents and settings\NetworkService\Mijn documenten
2009-01-17 12:00 . 2009-01-17 12:00 <DIR> dr------- c:\documents and settings\NetworkService\Favorieten
2009-01-09 20:28 . 2009-01-09 20:30 <DIR> d-------- c:\documents and settings\Stiene\Application Data\vlc
2009-01-09 20:25 . 2009-01-09 20:25 <DIR> d-------- c:\program files\VideoLAN
2009-01-09 19:54 . 2009-01-09 19:54 <DIR> d-------- c:\program files\PowerFolder.com
2009-01-09 19:54 . 2009-02-04 16:42 <DIR> d--h----- c:\documents and settings\Stiene\.PowerFolder
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-06 13:33 --------- d-----w c:\program files\Google
2009-02-06 07:19 --------- d-----w c:\program files\Messenger Plus! Live
2009-02-04 07:33 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-27 22:22 --------- d-----w c:\program files\Java
2009-01-25 19:27 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-24 15:12 --------- d-----w c:\documents and settings\Stiene\Application Data\LimeWire
2009-01-09 18:49 --------- d-----w c:\documents and settings\Stiene\Application Data\Nokia
2008-12-31 16:04 691,560 ----a-w c:\windows\system32\OGACheckControl.dll
2008-12-31 16:04 528,744 ----a-w c:\windows\system32\OGAVerify.exe
2008-12-31 16:04 502,120 ----a-w c:\windows\system32\OGAAddin.dll
2008-12-15 12:23 --------- d-----w c:\program files\Musicnotes
2008-12-14 12:06 --------- d-----w c:\program files\SpeedFan
2008-12-13 15:37 --------- d-----w c:\program files\Bonjour
2008-12-13 15:35 --------- d-----w c:\program files\Windows Live
2008-12-13 15:30 --------- d-----w c:\program files\Yahoo!
2008-12-13 15:30 --------- d-----w c:\program files\Windows Live Toolbar
2008-12-13 15:28 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-13 14:11 --------- d-----w c:\program files\Motherboard Monitor 5
2008-12-13 13:35 --------- d-----w c:\program files\CCleaner
2008-12-13 13:29 --------- d-----w c:\documents and settings\Boris\Application Data\SmartShopper
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-08 11:10 --------- d-----w c:\documents and settings\Stiene\Application Data\v3.0
2008-12-03 12:02 37,520 ----a-w c:\documents and settings\Stiene\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"MaBtSh"="c:\program files\Mobile Action\Bluetooth Manager\MaBtSh.exe" [2006-02-08 24576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-27 136600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"F-Secure Manager"="c:\program files\Telenet Security Pack\Common\FSM32.EXE" [2008-09-23 182936]
"F-Secure TNB"="c:\program files\Telenet Security Pack\FSGUI\TNBUtil.exe" [2008-09-23 957024]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 c:\windows\RTHDCPL.EXE]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 c:\windows\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 c:\windows\ALCWZRD.EXE]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Stiene\Menu Start\Programma's\Opstarten\
PowerFolder.lnk - c:\program files\PowerFolder.com\PowerFolder\PowerFolder.exe [2008-12-25 86528]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo"= VfwECamC.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1337:TCP"= 1337:TCP

owerFolder
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-02-04 33408]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-02-04 79904]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Telenet Security Pack\HIPS\drivers\fshs.sys [2009-02-04 66720]
R2 AT6JI96F;AT6JI96F;c:\windows\system32\drivers\WXTH76D8.sys [2008-09-08 28384]
R2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2008-11-01 6784]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Telenet Security Pack\Anti-Virus\minifilter\fsgk.sys [2009-02-04 84096]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Telenet Security Pack\ORSP Client\fsorsp.exe [2009-02-04 55904]
R3 Ma730Pt;MA730 Bluetooth VCOM Driver;c:\windows\system32\drivers\ma730Pt.sys [2008-09-07 103680]
R3 Ma730VaA;MA730 Bluetooth Advanced Audio;c:\windows\system32\drivers\Ma730VaA.sys [2008-09-07 21851]
R3 Ma730Vad;MA730 Bluetooth Audio;c:\windows\system32\drivers\Ma730Vad.sys [2008-09-07 50522]
S2 gupdate1c98607e84abcf8;Google Update Service (gupdate1c98607e84abcf8);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 133104]
S3 Ma730c;MA730 Bluetooth Core Driver;c:\windows\system32\drivers\ma730c.sys [2008-09-07 157024]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [2008-08-26 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [2008-08-26 85696]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Telenet Security Pack\Anti-Virus\win2k\fsfilter.sys [2009-02-04 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Telenet Security Pack\Anti-Virus\win2k\fsrec.sys [2009-02-04 25184]
.
Inhoud van de 'Gedeelde Taken' map
2009-02-05 c:\windows\Tasks\At1.job
- c:\windows\system32\f2VX2t1s.exe []
2009-02-04 c:\windows\Tasks\At10.job
- c:\windows\system32\f2VX2t1s.exe []
2009-02-06 c:\windows\Tasks\At11.job
- c:\windows\system32\f2VX2t1s.exe []
2009-02-08 c:\windows\Tasks\At12.job
- c:\windows\system32\f2VX2t1s.exe []
2009-02-08 c:\windows\Tasks\At13.job
- c:\windows\system32\f2VX2t1s.exe []
2009-02-08 c:\windows\Tasks\At14.job
- c:\windows\system32\f2VX2t1s.exe []
2009-02-08 c:\windows\Tasks\At15.job
- c:\windows\system32\f2VX2t1s.exe []
2009-02-08 c:\windows\Tasks\At16.job
- c:\windows\system32\f2VX2t1s.exe []
2009-02-08 c:\windows\Tasks\At17.job
- c:\windows\system32\f2VX2t1s.exe []
2009-02-08 c:\windows\Tasks\At18.job
- c:\windows\system32\f2VX2t1s.exe []
2009-02-07 c:\windows\Tasks\At19.job
- c:\windows\system32\f2VX2t1s.exe []
2009-02-06 c:\windows\Tasks\At2.job
- c:\windows\system32\f2VX2t1s.exe []
2009-02-07 c:\windows\Tasks\At20.job
- c:\windows\system32\f2VX2t1s.exe []
2009-02-07 c:\windows\Tasks\At21.job
- c:\windows\system32\f2VX2t1s.exe []
2009-02-07 c:\windows\Tasks\At22.job
- c:\windows\system32\f2VX2t1s.exe []
2009-02-06 c:\windows\Tasks\At23.job
- c:\windows\system32\f2VX2t1s.exe []
2009-02-06 c:\windows\Tasks\At24.job
- c:\windows\system32\f2VX2t1s.exe []
2009-02-06 c:\windows\Tasks\At3.job
- c:\windows\system32\f2VX2t1s.exe []
2009-02-06 c:\windows\Tasks\At4.job
- c:\windows\system32\f2VX2t1s.exe []
2009-02-06 c:\windows\Tasks\At5.job
- c:\windows\system32\f2VX2t1s.exe []
2009-02-06 c:\windows\Tasks\At6.job
- c:\windows\system32\f2VX2t1s.exe []
2009-02-06 c:\windows\Tasks\At7.job
- c:\windows\system32\f2VX2t1s.exe []
2009-02-06 c:\windows\Tasks\At8.job
- c:\windows\system32\f2VX2t1s.exe []
2009-02-06 c:\windows\Tasks\At9.job
- c:\windows\system32\f2VX2t1s.exe []
2009-01-25 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1225135463.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 00:52]
2009-02-08 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 15:01]
2009-02-05 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]
2009-02-08 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]
2009-02-08 c:\windows\Tasks\RegTool Scan.job
- c:\program files\RegTool\RegTool.exe []
2009-02-08 c:\windows\Tasks\RegTool Scan.job
- c:\program files\RegTool []
2009-02-08 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\TELENE~1\ANTI-V~1\fsav.exe [2008-09-23 14:35]
.
- - - - ORPHANS VERWIJDERD - - - -
WebBrowser-{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
Notify-AtiExtEvent - (no file)
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
IE: Add to Windows &Live Favorites -
Add to Windows Live Favorites
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
LSP: c:\program files\Telenet Security Pack\FSPS\program\FSLSP.DLL
FF - ProfilePath - c:\documents and settings\Boris\Application Data\Mozilla\Firefox\Profiles\o2ej4b1v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-02-08 17:26:33
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'lsass.exe'(668)
c:\program files\Telenet Security Pack\FSPS\program\FSLSP.DLL
.
Voltooingstijd: 2009-02-08 17:29:09
ComboFix-quarantined-files.txt 2009-02-08 16:28:43
Pre-Run: 101,906,300,928 bytes beschikbaar
Post-Run: 102,809,051,136 bytes beschikbaar
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
247