Feb

2

Trojan Horse readme.exe

Filed Under Virus | 

Hi guys,

I’ve got several programs on my pc: Spybot S&D, MBAM, Norton Anti-Virus and Spyware Doctor. I picked up a virus from a download I guess, and now Norton keeps sending me notices of a Trojan Horse located in a readme.exe on my desktop. It wasn’t there before. I cannot remove it, nor right-click it. I’ve tried looking up if it was a process, but it wasn’t in my task-manager. I’ve run several scans with the programs mentioned above, none of them have solved this problem so far. In need of help.

Thanks in advance,

Eatgarfield

Hi,

Read this post as indicated at the top of this forum & follow the instructions.

DDS Logs

Ok, thanks very much, I’ve got the results of both the logs here.

Have to say though, the file no longer shows on my desktop and I don’t get any pop-ups anymore but I still don’t trust it.

DDS (Ver_09-01-07.01) - NTFSx86

Run by lijklema at 19:07:10,92 on za 17-01-2009

Internet Explorer: 7.0.5730.13

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2046.1014 [GMT 1:00]

AV: Norton Internet Security 2006 *On-access scanning disabled* (Outdated)

FW: Norton Internet Worm Protection *disabled*

FW: Norton Internet Security 2006 *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\PSIService.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\ehome\mcrdsvc.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\RTHDCPL.EXE

C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe

C:\WINDOWS\vsnp2std.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

C:\Program Files\Wireless\Client Manager\CMags.EXE

C:\Program Files\MagicDisc\MagicDisc.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Program Files\Azureus\Azureus.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Documents and Settings\lijklema\Bureaublad\dds.scr

C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uLocal Page = \blank.htm

uStart Page = hxxp://www.startpagina.nl/

uInternet Settings,ProxyOverride = *.local

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll

BHO: CNavExtBho Class: {a8f38d8d-e480-4d52-b7a2-731bb6995fdd} - c:\program files\norton internet security\norton antivirus\NavShExt.dll

BHO: CmjBrowserHelperObject Object: {ac41d38f-b56d-40ad-94e0-b493d130c959} - c:\program files\mindjet\mindmanager 6\Mm6InternetExplorer.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll

TB: Norton Internet Security 2006: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll

TB: Norton AntiVirus: {c4069e3a-68f1-403e-b40e-20066696354b} - c:\program files\norton internet security\norton antivirus\NavShExt.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun

uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork

uRun: [pdfSaver3] "c:\program files\tracker software\pdf-xchange 3\pdfsaver\pdfSaver3.exe"

uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Lexmark X83 Button Manager] c:\progra~1\lexmar~1\AcBtnMgr_X83.exe

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [PrinTray] c:\windows\system32\spool\drivers\w32×86\3\printray.exe

mRun: [snp2std] c:\windows\vsnp2std.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"

mRun: [MMReminderService] c:\program files\mindjet\mindmanager 6\MMReminderService.exe

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe

mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"

mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\lijklema\menust~1\progra~1\opstar~1\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe

StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\wirele~1.lnk - c:\program files\wireless\client manager\CMags.EXE

IE: &Search

IE: Add to AMV Convert Tool… - c:\program files\mp3 player utilities 3.78\amvconverter\grab.html

IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: MediaManager tool grab multimedia file - c:\program files\mp3 player utilities 3.78\mediamanager\grab.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - {AC41D38F-B56D-40AD-94E0-B493D130C959} - c:\program files\mindjet\mindmanager 6\Mm6InternetExplorer.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-1-17 40840]

R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-1-17 66952]

R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-1-17 81288]

R1 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2005-8-26 334984]

R1 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\Savrtpel.sys [2005-8-26 53896]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-9-2 99376]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090117.006\NAVENG.Sy s [2009-1-17 89104]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090117.006\NavEx15 .Sys [2009-1-17 876112]

R3 wlags51b;Agere Wireless USB Driver;c:\windows\system32\drivers\wlags51b.sys [2008-2-15 178688]

R4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2005-9-17 191848]

R4 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2005-9-17 202088]

R4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2005-9-17 169320]

R4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-17 99328]

R4 navapsvc;Norton AntiVirus Auto-Protect-service;c:\program files\norton internet security\norton antivirus\NAVAPSVC.EXE [2005-9-23 139888]

R4 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-1-17 356920]

R4 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-1-17 1079176]

R4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2008-2-15 1251720]

S3 SAVScan;Symantec AVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2005-8-26 198368]

S4 BulkUsb;Genesys Logic USB Scanner Controller NT 5.0;c:\windows\system32\drivers\usbscan.sys [2008-2-16 15104]

=============== Created Last 30 ================

2009-01-17 00:37 81,288 a——- c:\windows\system32\drivers\iksyssec.sys

2009-01-17 00:37 66,952 a——- c:\windows\system32\drivers\iksysflt.sys

2009-01-17 00:37 40,840 a——- c:\windows\system32\drivers\ikfilesec.sys

2009-01-17 00:37 29,576 a——- c:\windows\system32\drivers\kcom.sys

2009-01-17 00:37 <DIR> –d—– c:\program files\Spyware Doctor

2009-01-17 00:37 <DIR> –d—– c:\docume~1\lijklema\applic~1\PC Tools

2009-01-16 21:04 69 a——- c:\windows\NeroDigital.ini

2009-01-16 20:50 <DIR> –d—– c:\program files\Nero

2009-01-16 20:50 <DIR> –d—– c:\docume~1\alluse~1\applic~1\Nero

2009-01-14 19:25 <DIR> –d—– c:\docume~1\lijklema\applic~1\Petroglyph

2009-01-14 19:03 116,736 a——- c:\windows\system32\drivers\mcdbus.sys

2009-01-14 19:03 <DIR> –d—– c:\program files\MagicDisc

2009-01-14 15:06 <DIR> –d—– c:\program files\LucasArts

2009-01-04 13:28 <DIR> –d—– c:\program files\Bethesda Softworks

2009-01-04 13:27 <DIR> –d—– c:\windows\Logs

2009-01-04 13:24 <DIR> –d—– c:\windows\system32\XPSViewer

2009-01-04 13:23 14,048 ——– c:\windows\system32\spmsg2.dll

2009-01-04 13:22 <DIR> –d—– c:\windows\system32\xlive

2008-12-25 18:13 <DIR> –d—– c:\docume~1\alluse~1\applic~1\Launcher

2008-12-25 18:12 <DIR> –d—– c:\docume~1\alluse~1\applic~1\Graboid Inc

2008-12-25 18:11 <DIR> –d—– c:\docume~1\lijklema\applic~1\MozillaControl

2008-12-25 17:42 <DIR> –d—– c:\program files\Mozilla ActiveX Control v1.7.12

2008-12-25 17:42 <DIR> –d—– c:\program files\VideoLAN

2008-12-25 17:42 <DIR> –d—– c:\program files\Graboid

2008-12-24 08:26 268 a—h— C:\sqmdata12.sqm

2008-12-24 08:26 244 a—h— C:\sqmnoopt12.sqm

2008-12-24 00:45 268 a—h— C:\sqmdata11.sqm

2008-12-24 00:45 244 a—h— C:\sqmnoopt11.sqm

==================== Find3M ====================

2009-01-17 00:39 506,504 a——- c:\windows\system32\perfh013.dat

2009-01-17 00:39 90,206 a——- c:\windows\system32\perfc013.dat

2009-01-06 10:27 124,464 a——- c:\windows\system32\drivers\SYMEVENT.SYS

2009-01-06 10:27 60,808 a——- c:\windows\system32\S32EVNT1.DLL

2009-01-06 10:27 10,635 a——- c:\windows\system32\drivers\SYMEVENT.CAT

2009-01-06 10:27 806 a——- c:\windows\system32\drivers\SYMEVENT.INF

2008-12-11 11:57 333,952 a——- c:\windows\system32\drivers\srv.sys

2008-11-25 13:29 86,811 a——- c:\windows\pchealth\helpctr\offlinecache\index.dat

2008-10-23 20:22 19,518 a——- c:\windows\hpqins13.dat

2008-10-23 13:43 286,720 a——- c:\windows\system32\gdi32.dll

2008-04-28 11:15 1 a——- c:\documents and settings\lijklema\SI.bin

2008-04-02 19:13 22,328 a——- c:\docume~1\lijklema\applic~1\PnkBstrK.sys

2001-06-20 15:19 40,960 a——- c:\program files\ACMonitor_X83.exe

2008-02-17 19:43 8 —shr– c:\windows\system32\6622C2784B.sys

2008-09-21 18:39 88 —shr– c:\windows\system32\7D1A886136.sys

2008-09-21 18:39 2,724 a–sh— c:\windows\system32\KGyGaAvL.sys

============= FINISH: 19:08:33,15 ===============

DDS (Ver_09-01-07.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 15-2-2008 13:58:11

System Uptime: 17-1-2009 10:41:02 (9 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7235

Processor: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz | Socket 775 | 2129/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 295 GiB total, 123,855 GiB free.

D: is CDROM ()

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is CDROM ()

J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 7-12-2008 23:59:09 - Controlepunt van systeem

RP2: 7-12-2008 23:59:46 - Installed Windows XP Wudf01000.

RP3: 8-12-2008 0:01:40 - Installed Windows XP MSCompPackV1.

RP4: 8-12-2008 0:39:22 - Software Distribution Service 3.0

RP5: 8-12-2008 23:38:04 - Software Distribution Service 3.0

RP6: 9-12-2008 13:01:46 - ComboFix created restore point

RP7: 10-12-2008 16:01:07 - Controlepunt van systeem

RP8: 11-12-2008 8:42:12 - Software Distribution Service 3.0

RP9: 12-12-2008 1:09:34 - Software Distribution Service 3.0

RP10: 13-12-2008 16:09:49 - Controlepunt van systeem

RP11: 14-12-2008 16:10:17 - Controlepunt van systeem

RP12: 15-12-2008 15:51:09 - Installed Far Cry

RP13: 17-12-2008 14:38:47 - Controlepunt van systeem

RP14: 18-12-2008 23:38:47 - Controlepunt van systeem

RP15: 19-12-2008 1:23:18 - Software Distribution Service 3.0

RP16: 20-12-2008 15:33:15 - Controlepunt van systeem

RP17: 21-12-2008 16:01:30 - Controlepunt van systeem

RP18: 22-12-2008 20:50:16 - Controlepunt van systeem

RP19: 23-12-2008 21:17:23 - Controlepunt van systeem

RP20: 24-12-2008 22:37:28 - Controlepunt van systeem

RP21: 25-12-2008 23:19:00 - Controlepunt van systeem

RP22: 27-12-2008 14:19:38 - Controlepunt van systeem

RP23: 28-12-2008 20:55:52 - Controlepunt van systeem

RP24: 2-1-2009 18:00:57 - Controlepunt van systeem

RP25: 4-1-2009 13:19:57 - Controlepunt van systeem

RP26: 4-1-2009 13:22:37 - DirectX is ge�nstalleerd.

RP27: 4-1-2009 13:23:23 - Installed %1 %2.

RP28: 4-1-2009 13:23:28 - Printerstuurprogramma Microsoft XPS Document W is ge�nstalleerd

RP29: 4-1-2009 13:27:50 - DirectX is ge�nstalleerd.

RP30: 4-1-2009 13:28:37 - Installed Fallout 3

RP31: 5-1-2009 20:49:58 - Controlepunt van systeem

RP32: 6-1-2009 20:57:53 - Controlepunt van systeem

RP33: 7-1-2009 21:28:25 - Controlepunt van systeem

RP34: 8-1-2009 21:40:31 - Controlepunt van systeem

RP35: 12-1-2009 21:24:53 - Controlepunt van systeem

RP36: 13-1-2009 21:55:45 - Controlepunt van systeem

RP37: 14-1-2009 15:06:46 - Installed Star Wars Republic Commando

RP38: 14-1-2009 19:16:31 - Installed Star Wars Empire at War

RP39: 15-1-2009 12:45:36 - Software Distribution Service 3.0

RP40: 16-1-2009 14:06:31 - Controlepunt van systeem

RP41: 16-1-2009 20:49:56 - Ge�nstalleerd: Nero 8

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)

32 Bit HP CIO Components Installer

Aangifte inkomstenbelasting 2007

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Media Player

Adobe Reader 8.1.2

Adobe Reader 8.1.2 Security Update 1 (KB403742)

AIO_Scan

Apple Mobile Device Support

Apple Software Update

ArcSoft Software Suite

ArcSoft WebCam Companion 2

Audiosurf

Azureus Vuze

Beveiligingsupdate for Windows Media Player 10 (KB911565)

Beveiligingsupdate for Windows Media Player 10 (KB917734)

Beveiligingsupdate for Windows Media Player 10 (KB936782)

Beveiligingsupdate for Windows XP (KB923689)

Beveiligingsupdate for Windows XP (KB941569)

Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127)

Beveiligingsupdate voor Windows Internet Explorer 7 (KB944533)

Beveiligingsupdate voor Windows Internet Explorer 7 (KB950759)

Beveiligingsupdate voor Windows Internet Explorer 7 (KB953838)

Beveiligingsupdate voor Windows Internet Explorer 7 (KB956390)

Beveiligingsupdate voor Windows Internet Explorer 7 (KB958215)

Beveiligingsupdate voor Windows Internet Explorer 7 (KB960714)

Beveiligingsupdate voor Windows Media Player (KB911564)

Beveiligingsupdate voor Windows Media Player (KB952069)

Beveiligingsupdate voor Windows Media Player 11 (KB936782)

Beveiligingsupdate voor Windows Media Player 11 (KB954154)

Beveiligingsupdate voor Windows Media Player 6.4 (KB925398)

Beveiligingsupdate voor Windows XP (KB913433)

Beveiligingsupdate voor Windows XP (KB938464)

Beveiligingsupdate voor Windows XP (KB946648)

Beveiligingsupdate voor Windows XP (KB950760)

Beveiligingsupdate voor Windows XP (KB950762)

Beveiligingsupdate voor Windows XP (KB950974)

Beveiligingsupdate voor Windows XP (KB951066)

Beveiligingsupdate voor Windows XP (KB951376-v2)

Beveiligingsupdate voor Windows XP (KB951376)

Beveiligingsupdate voor Windows XP (KB951698)

Beveiligingsupdate voor Windows XP (KB951748)

Beveiligingsupdate voor Windows XP (KB952954)

Beveiligingsupdate voor Windows XP (KB953839)

Beveiligingsupdate voor Windows XP (KB954211)

Beveiligingsupdate voor Windows XP (KB954459)

Beveiligingsupdate voor Windows XP (KB954600)

Beveiligingsupdate voor Windows XP (KB955069)

Beveiligingsupdate voor Windows XP (KB956391)

Beveiligingsupdate voor Windows XP (KB956802)

Beveiligingsupdate voor Windows XP (KB956803)

Beveiligingsupdate voor Windows XP (KB956841)

Beveiligingsupdate voor Windows XP (KB957095)

Beveiligingsupdate voor Windows XP (KB957097)

Beveiligingsupdate voor Windows XP (KB958644)

Beveiligingsupdate voor Windows XP (KB958687)

Bonjour

BufferChm

C6200

C6200_Help

Cards_Calendar_OrderGift_DoMorePlugout

Cavoca

CC_ccProxyExt

ccCommon

ccPxyCore

Copy

CustomerResearchQFolder

Destination Component

DeviceDiscovery

DeviceManagementQFolder

DivX Web Player

DocProc

DocProcQFolder

Download Manager 2.3.6

ESET Online Scanner

eSupportQFolder

Fallout 3

Fax

FrostWire 4.13.4

Google Earth

Google Updater

GPBaseService

Graboid Video 1.3

Guitar Pro 5.0

High Definition Audio Driver Package - KB835221

High Definition Audio Driver Package - KB888111

HighMAT-uitbreiding voor de wizard Cd branden van Microsoft Windows XP

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 10 (KB903157)

Hotfix voor Windows Internet Explorer 7 (KB947864)

Hotfix voor Windows Media Player 11 (KB939683)

Hotfix voor Windows XP (KB952287)

HP Customer Participation Program 10.0

HP Imaging Device Functions 10.0

HP Photosmart All-In-One Driver Software 10.0 Rel .2

HP Photosmart Essential 3.5

HP Smart Web Printing

HP Solution Center 10.0

HP Update

HPPhotoSmartDiscLabel_PaperLabel

HPPhotoSmartDiscLabel_PrintOnDisc

HPPhotoSmartDiscLabelContent1

hpphotosmartdisclabelplugin

HPPhotosmartEssential

HPPhotoSmartPhotobookWebPack1

HPProductAssistant

HPSSupply

Huur- en zorgtoeslag 2008

iTunes

Java(TM) 6 Update 3

Java(TM) 6 Update 5

Java(TM) 6 Update 7

Kaspersky Online Scanner

KB898458: Beveiligingsupdate voor Step by Step Interactive Training

LiveUpdate 3.0 (Symantec Corporation)

LiveUpdate Notice (Symantec Corporation)

MagicDisc 2.7.105

Malwarebytes’ Anti-Malware

MarketingReg

MarketResearch

Medieval II Total War

Medieval II Total War : Kingdoms : Britannia

Medieval II Total War : Kingdoms : Crusades

Medieval II Total War : Kingdoms : Teutonic

MGI PhotoSuite 8.1 (Remove Only)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Dutch Language Pack

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 2.0

Microsoft .NET Framework 3.0

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Games for Windows - LIVE Redistributable

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Access MUI (Dutch) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Dutch) 2007

Microsoft Office Groove MUI (Dutch) 2007

Microsoft Office InfoPath MUI (Dutch) 2007

Microsoft Office OneNote MUI (Dutch) 2007

Microsoft Office Outlook MUI (Dutch) 2007

Microsoft Office PowerPoint MUI (Dutch) 2007

Microsoft Office Proof (Dutch) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proofing (Dutch) 2007

Microsoft Office Publisher MUI (Dutch) 2007

Microsoft Office Shared MUI (Dutch) 2007

Microsoft Office Word MUI (Dutch) 2007

Microsoft Software Update for Web Folders (Dutch) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C 2005 Redistributable

Microsoft Visual J# .NET Redistributable Package 1.1

Microsoft XML Parser

Mindjet MindManager Pro 6

Mozilla ActiveX Control v1.7.12

MSRedist

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 6.0 Parser (KB925673)

Nero 8

neroxml

Norton AntiSpam

Norton AntiVirus 2006

Norton Internet Security

Norton Internet Security 2006 (Symantec Corporation)

Norton Protection Center

Norton WMI Update

NVIDIA Drivers

Oblivion

OCR Software by I.R.I.S. 10.0

Pakket voor de provider van Microsoft Base-smartcardcryptografieservice

PanoStandAlone

PDF-XChange 3.0

PL-2303 USB-to-Serial

PS_AIO_02_ProductContext

PS_AIO_02_Software

PS_AIO_02_Software_Min

PSSWCORE

QuickTime

Realtek High Definition Audio Driver

Recovery Media Creator Library Update

Scan

Security Update for 2007 Microsoft Office System (KB951550)

Security Update for 2007 Microsoft Office System (KB951944)

Security Update for 2007 Microsoft Office System (KB958439)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft Office Excel 2007 (KB958437)

Security Update for Microsoft Office OneNote 2007 (KB950130)

Security Update for Microsoft Office PowerPoint 2007 (KB951338)

Security Update for Microsoft Office Publisher 2007 (KB950114)

Security Update for Microsoft Office system 2007 (KB954326)

Security Update for Microsoft Office system 2007 (KB956828)

Security Update for Microsoft Office Word 2007 (KB956358)

Security Update for Visio 2007 (KB947590)

Shop for HP Supplies

SmartWebPrintingOC

SolutionCenter

SPBBC

Spybot - Search & Destroy

Spyware Doctor 6.0

Star Wars Empire at War

Star Wars Republic Commando

Status

Symantec Technical Support Web Controls

SymNet

System Requirements Lab

Toolbox

TrayApp

Trust Webcam Live

TuxGuitar

UnloadSupport

Update for Microsoft Office Outlook 2007 (KB952142)

Update for Office 2007 (KB946691)

Update for Outlook 2007 Junk Email Filter (kb959141)

Update for Windows Media Player 10 (KB910393)

Update for Windows Media Player 10 (KB913800)

Update for Windows Media Player 10 (KB926251)

Update Rollup 2 voor Windows XP Media Center Edition 2005

Update voor Windows XP (KB951072-v2)

Update voor Windows XP (KB951978)

Update voor Windows XP (KB955839)

VCRedistSetup

VideoLAN VLC media player 0.8.6d

VideoToolkit01

WebFldrs XP

WebReg

Windows Communication Foundation

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Live aanmeldhulp

Windows Live installer

Windows Live Messenger

Windows Media Format 11 runtime

Windows Media Format SDK Hotfix - KB891122

Windows Media Player 11

Windows Presentation Foundation

Windows Workflow Foundation

Windows XP Media Center Edition 2005 KB919803

Windows XP Service Pack 3

WinRAR

WinZip 12.0

Wireless Client

Wireless Client Manager V3.30

XML Paper Specification Shared Components Pack 1.0

==== End Of File ===========================

Hi Eatgarfield,

Nothing stands out in your log to cause suspicion. Since the file is gone and you no longer get any infection warnings, the only thing I could suggest at this time is an online scan as a double check. Instructions below.

Do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click View scan report at the bottom.
Click the Save Report As… button.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**

To optimize scanning time and produce a more sensible report for review:Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Post the Kaspersky log here.

Here’s the log from Kaspersky, I noticed that most files are quarantined files from Norton, because Norton, most of the time, keeps telling me that it cannot remove files so it puts them in quarantine

——————————————————————————–

KASPERSKY ONLINE SCANNER 7 REPORT

Monday, January 19, 2009

Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Monday, January 19, 2009 13:45:30

Records in database: 1647770

——————————————————————————–

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

Scan area - My Computer:

C:\

D:\

E:\

F:\

G:\

H:\

I:\

J:\

Scan statistics:

Files scanned: 178220

Threat name: 17

Infected objects: 42

Suspicious objects: 0

Duration of the scan: 03:45:46

File name / Threat name / Threats count

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\02C2146C.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03BD1EDF.wma Infected: Trojan-Downloader.WMA.Wimad.l 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09565141.wma Infected: Trojan-Downloader.WMA.Wimad.l 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\098627C7.wma Infected: Trojan-Downloader.WMA.Wimad.l 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D434B80.exe Infected: Trojan.Win32.Monderb.aeis 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E762BEF.tmp Infected: Packed.Win32.****.d 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11525D33.wma Infected: Trojan-Downloader.WMA.Wimad.l 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\163F4036.DLL Infected: Rootkit.Win32.Clbd.lc 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\17BA0FEF.wma Infected: Trojan-Downloader.WMA.Wimad.l 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\199357E6.wma Infected: Trojan-Downloader.WMA.Wimad.l 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\199601E3.wma Infected: Trojan-Downloader.WMA.Wimad.l 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\199A2BDF.wma Infected: Trojan-Downloader.WMA.Wimad.l 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1EB152EB.dll Infected: Backdoor.Win32.TDSS.asz 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\20153363.sys Infected: Backdoor.Win32.TDSS.bkw 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25872B12.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\259E50F9.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25B820DC.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2BF9623D.exe Infected: not-a-virus:AdWare.Win32.BHO.ejm 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2C6221CA.tmp Infected: Rootkit.Win32.TDSS.cig 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2C866FA3.tmp Infected: Packed.Win32.****.d 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31D51E8C.exe Infected: Trojan-Downloader.Win32.Agent.agld 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3CA72629.wma Infected: Trojan-Downloader.WMA.Wimad.l 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3CAA2980.wma Infected: Trojan-Downloader.WMA.Wimad.l 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3D72514A.wma Infected: Trojan-Downloader.WMA.Wimad.l 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3D757B47.wma Infected: Trojan-Downloader.WMA.Wimad.l 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\438D7341.wma Infected: Trojan-Downloader.WMA.Wimad.l 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47CC64AD.dll Infected: Backdoor.Win32.TDSS.blh 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AEC133D.dll Infected: Backdoor.Win32.TDSS.atb 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4B4033E2.sys Infected: Backdoor.Win32.TDSS.bkw 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E301FC4.exe Infected: Trojan-Downloader.Win32.Agent.azjn 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5082749E.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52D416A7.wma Infected: Trojan-Downloader.WMA.Wimad.l 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\55BC2776.dll Infected: not-a-virus:AdWare.Win32.BHO.ejh 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\55C6256C.dll Infected: not-a-virus:AdWare.Win32.BHO.efr 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5E5B3E82.tmp Infected: Packed.Win32.****.d 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\65F2108C.wma Infected: Trojan-Downloader.WMA.Wimad.l 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66060C76.wma Infected: Trojan-Downloader.WMA.Wimad.l 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66093672.wma Infected: Trojan-Downloader.WMA.Wimad.l 1

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\711B1E88.wma Infected: Trojan-Downloader.WMA.Wimad.l 1

C:\Mijn Backup — 08-02-15 0219PM\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1878564E.exe Infected: Trojan.Win32.Agent.abg 2

C:\Mijn Backup — 08-02-15 0219PM\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31B12088.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.59 1

The selected area was scanned.

Please visit the following webpage for instructions for downloading and running ComboFix

How to use ComboFix

Download ComboFix by sUBs from here, saving the file to your desktop.

Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

Close all open programs and windows
Double click ComboFix.exe and follow the prompts.
It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.
Note: Do not mouseclick combofix’s window while its running. That may cause it to stall

**NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.

ComboFix log

Here’s the log from Combofix

ComboFix 09-01-19.05 - lijklema 2009-01-20 10:28:51.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.2046.1310 [GMT 1:00]

Gestart vanuit: c:\documents and settings\lijklema\Bureaublad\ComboFix.exe

AV: Norton Internet Security 2006 *On-access scanning disabled* (Updated)

FW: Norton Internet Security 2006 *disabled*

FW: Norton Internet Worm Protection *disabled*

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

—– BITS: Mogelijk ge�nfecteerde sites —–

hxxp://www.graboid.com

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-12-20 to 2009-01-20 ))))))))))))))))))))))))))))))

.

2009-01-20 10:21 . 2009-01-20 10:21 <DIR> d——– c:\windows\LastGood

2009-01-17 00:37 . 2009-01-19 10:24 <DIR> d——– c:\program files\Spyware Doctor

2009-01-17 00:37 . 2009-01-17 00:37 <DIR> d——– c:\documents and settings\lijklema\Application Data\PC Tools

2009-01-17 00:37 . 2009-01-20 10:27 <DIR> d-a—— c:\documents and settings\All Users\Application Data\TEMP

2009-01-17 00:37 . 2008-08-25 12:36 81,288 –a—— c:\windows\system32\drivers\iksyssec.sys

2009-01-17 00:37 . 2008-08-25 12:36 66,952 –a—— c:\windows\system32\drivers\iksysflt.sys

2009-01-17 00:37 . 2008-08-25 12:36 40,840 –a—— c:\windows\system32\drivers\ikfilesec.sys

2009-01-17 00:37 . 2008-06-02 16:19 29,576 –a—— c:\windows\system32\drivers\kcom.sys

2009-01-16 21:04 . 2009-01-19 11:30 69 –a—— c:\windows\NeroDigital.ini

2009-01-16 20:54 . 2009-01-16 20:54 <DIR> d——– c:\documents and settings\lijklema\Application Data\Nero

2009-01-16 20:50 . 2009-01-16 20:50 <DIR> d——– c:\program files\Nero

2009-01-16 20:50 . 2009-01-16 20:52 <DIR> d——– c:\program files\Common Files\Nero

2009-01-16 20:50 . 2009-01-16 20:50 <DIR> d——– c:\documents and settings\All Users\Application Data\Nero

2009-01-14 19:25 . 2009-01-14 19:25 <DIR> d——– c:\documents and settings\lijklema\Application Data\Petroglyph

2009-01-14 19:03 . 2009-01-14 19:04 <DIR> d——– c:\program files\MagicDisc

2009-01-14 19:03 . 2008-07-28 17:19 116,736 –a—— c:\windows\system32\drivers\mcdbus.sys

2009-01-14 15:06 . 2009-01-14 19:16 <DIR> d——– c:\program files\LucasArts

2009-01-04 13:28 . 2009-01-04 13:28 <DIR> d——– c:\program files\Bethesda Softworks

2009-01-04 13:28 . 2009-01-04 13:28 <DIR> d——– c:\documents and settings\All Users\Application Data\Fallout3

2009-01-04 13:27 . 2009-01-04 13:27 <DIR> d——– c:\windows\Logs

2009-01-04 13:24 . 2009-01-20 10:22 <DIR> d——– c:\windows\system32\XPSViewer

2009-01-04 13:23 . 2009-01-04 13:23 <DIR> d——– c:\program files\Reference Assemblies

2009-01-04 13:23 . 2006-06-29 13:07 14,048 ——— c:\windows\system32\spmsg2.dll

2009-01-04 13:22 . 2009-01-04 13:22 <DIR> d——– c:\windows\system32\xlive

2008-12-25 18:13 . 2008-12-25 18:13 <DIR> d——– c:\documents and settings\All Users\Application Data\Launcher

2008-12-25 18:12 . 2008-12-27 13:54 <DIR> d——– c:\documents and settings\lijklema\Application Data\vlc

2008-12-25 18:12 . 2008-12-25 18:12 <DIR> d——– c:\documents and settings\All Users\Application Data\Graboid Inc

2008-12-25 18:11 . 2008-12-25 18:11 <DIR> d——– c:\documents and settings\lijklema\Application Data\MozillaControl

2008-12-25 17:42 . 2008-12-25 17:42 <DIR> d——– c:\program files\VideoLAN

2008-12-25 17:42 . 2008-12-25 17:42 <DIR> d——– c:\program files\Mozilla ActiveX Control v1.7.12

2008-12-25 17:42 . 2008-12-25 18:11 <DIR> d——– c:\program files\Graboid

2008-12-24 08:26 . 2008-12-24 08:26 268 –ah—– C:\sqmdata12.sqm

2008-12-24 08:26 . 2008-12-24 08:26 244 –ah—– C:\sqmnoopt12.sqm

2008-12-24 00:45 . 2008-12-24 00:45 268 –ah—– C:\sqmdata11.sqm

2008-12-24 00:45 . 2008-12-24 00:45 244 –ah—– C:\sqmnoopt11.sqm

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-19 22:48 ——— d—–w c:\documents and settings\lijklema\Application Data\Azureus

2009-01-19 17:49 ——— d—–w c:\documents and settings\All Users\Application Data\Google Updater

2009-01-17 19:28 ——— d—–w c:\program files\Common Files\Symantec Shared

2009-01-15 11:50 ——— d—–w c:\documents and settings\All Users\Application Data\Microsoft Help

2009-01-15 11:49 ——— d—–w c:\program files\Norton Internet Security

2009-01-14 18:16 ——— d–h–w c:\program files\InstallShield Installation Information

2009-01-06 09:27 806 —-a-w c:\windows\system32\drivers\SYMEVENT.INF

2009-01-06 09:27 60,808 —-a-w c:\windows\system32\S32EVNT1.DLL

2009-01-06 09:27 124,464 —-a-w c:\windows\system32\drivers\SYMEVENT.SYS

2009-01-06 09:27 10,635 —-a-w c:\windows\system32\drivers\SYMEVENT.CAT

2009-01-06 09:27 ——— d—–w c:\program files\Symantec

2009-01-04 12:26 ——— d—–w c:\program files\MSBuild

2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys

2008-12-10 20:20 ——— d—–w c:\documents and settings\All Users\Application Data\Office Genuine Advantage

2008-12-07 23:01 ——— d—–w c:\program files\Windows Media Connect 2

2008-12-07 19:42 ——— d—–w c:\program files\Azureus

2008-12-07 19:33 ——— d—–w c:\program files\EsetOnlineScanner

2008-12-07 18:37 ——— d—–w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2008-12-07 16:55 ——— d—–w c:\program files\Spybot - Search & Destroy

2008-12-07 14:34 ——— d—–w c:\documents and settings\All Users\Application Data\Symantec

2008-12-07 12:50 ——— d—–w c:\documents and settings\Administrator\Application Data\Malwarebytes

2008-11-26 18:20 ——— d—–w c:\program files\tuxguitar-1.0

2008-11-26 13:44 ——— d—–w c:\program files\DivX

2008-10-23 12:43 286,720 —-a-w c:\windows\system32\gdi32.dll

2008-04-28 10:15 1 —-a-w c:\documents and settings\lijklema\SI.bin

2008-04-02 18:13 22,328 —-a-w c:\documents and settings\lijklema\Application Data\PnkBstrK.sys

2001-06-20 14:19 40,960 —-a-w c:\program files\ACMonitor_X83.exe

2008-02-17 18:43 8 –sh–r c:\windows\system32\6622C2784B.sys

2008-09-21 17:39 88 –sh–r c:\windows\system32\7D1A886136.sys

2008-09-21 17:39 2,724 –sha-w c:\windows\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-03-21 486856]

"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2007-03-05 1103480]

"pdfSaver3"="c:\program files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" [2004-09-05 380928]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]

"Lexmark X83 Button Manager"="c:\progra~1\LEXMAR~1\AcBtnMgr_X83.exe" [2001-06-10 53248]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-03-07 53096]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [2001-10-25 36864]

"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"MMReminderService"="c:\program files\Mindjet\MindManager 6\MMReminderService.exe" [2005-09-13 28672]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]

"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\lijklema\Menu Start\Programma’s\Opstarten\

MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-01-14 575488]

c:\documents and settings\All Users\Menu Start\Programma’s\Opstarten\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

Wireless Client Manager.lnk - c:\program files\Wireless\Client Manager\CMags.EXE [2008-02-15 315392]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0×0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\FrostWire\\FrostWire.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-02 99376]

R3 wlags51b;Agere Wireless USB Driver;c:\windows\system32\drivers\wlags51b.sys [2008-02-15 178688]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-17 356920]

S4 BulkUsb;Genesys Logic USB Scanner Controller NT 5.0;c:\windows\system32\drivers\usbscan.sys [2008-02-16 15104]

— Andere Services/Drivers In Geheugen —

*NewlyCreated* - COMHOST

*NewlyCreated* - FONTCACHE3.0.0.0

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Inhoud van de ‘Gedeelde Taken’ map

2009-01-17 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2009-01-16 c:\windows\Tasks\Norton AntiVirus - Volledige systeemscan uitvoeren - lijklema.job

- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2007-05-28 12:00]

.

.

——- Bijkomende Scan ——-

.

uLocal Page = \blank.htm

uStart Page = hxxp://www.startpagina.nl/

uInternet Settings,ProxyOverride = *.local

IE: &Search

IE: Add to AMV Convert Tool… - c:\program files\MP3 Player Utilities 3.78\AMVConverter\grab.html

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 3.78\MediaManager\grab.html

DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-20 10:32:28

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen …

scannen van verborgen autostart items …

scannen van verborgen bestanden …

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

——————— VERGRENDELDE REGISTER SLEUTELS ———————

[HKEY_USERS\S-1-5-21-429115175-1296836545-315636210-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:5d,13,66,8f,bf,24,9f,02,6d,cb,8a,77,60,6f,ac,4f,49,32,62,5c,88,ce, 91,

72,de,d6,92,4f,f1,ce,df,b0,1c,6d,14,10,10,f1,9d,1f,8f,0c,bc,44,83,63,bd,16, \

"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-429115175-1296836545-315636210-1006\Software\SecuROM\License information*]

"datasecu"=hex:01,fc,f9,76,07,d9,dc,50,df,18,b2,14,fa,42,54,8f,e1,94,58,95, d8,

9f,1c,72,d3,e3,66,19,c3,d3,6c,3f,31,38,76,39,96,9b,28,42,c5,f0,af,3b,7f,37, \

"rkeysecu"=hex:32,cd,e3,62,54,1e,11,b2,13,15,cc,e7,87,c0,f6,24

.

Voltooingstijd: 2009-01-20 10:34:20

ComboFix-quarantined-files.txt 2009-01-20 09:34:10

ComboFix2.txt 2008-12-09 12:12:37

Pre-Run: 137.185.701.888 bytes beschikbaar

Post-Run: 137,729,904,640 bytes beschikbaar

216 — E O F — 2009-01-15 11:50:11

Related Posts:

written by lina \\ tags: , , , , , , , , , , , , , , , , , , , , , ,

Comments

Leave a Reply

You must be logged in to post a comment.