ComboFix 08-02-20.2 - Admin 2008-02-20 20:31:41.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.105 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Admin\Bureaublad\ComboFix.exe [color=red][b]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b][/color] . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\FunWebProducts C:\Program Files\FunWebProducts\PopSwatr\History\allowed C:\Program Files\FunWebProducts\PopSwatr\History\notallow C:\Program Files\FunWebProducts\Shared\[u]0[/u]00A0052.dat C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn-new.html C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html C:\Program Files\MyWebSearch C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]002AE24 C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0036537.bin C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0039C9C C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]003B52D C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0040590 C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]004E169.bin C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0053A72 C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0066135 C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0071473 C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]00AF480 C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]00DC1AA C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]012E7BB C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]015F53F C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]01C33D5.bin C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]01D5871 C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]02218AF C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0292AB5 C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0298D5D.upjg C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0299526.bin C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0299801.bin C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]02E2080.bin C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]02E2333.bin C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]02E3062.bin C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]02E31A3.bin C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]02E32F7.bin C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]02E3442.bin C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]02E356E.bin C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]02E785D C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0309F13.bin C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]030A126.bin C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]030A357.bin C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]031F64E C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]075D0AC C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0786AFB C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0D5FE03 C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0E19A87 C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0EC7998 C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0FB05E5 C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]13F8A46 C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]157AA89 C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]1BDDD1E.bin C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]2005056 C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]5BCF29D C:\Program Files\MyWebSearch\bar\Cache\files.ini C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S C:\Program Files\MyWebSearch\bar\History\search C:\Program Files\MyWebSearch\bar\Settings\prevcfg.htm C:\Program Files\MyWebSearch\SrchAstt\Cache\[u]0[/u]0028C30 C:\Program Files\MyWebSearch\SrchAstt\Cache\[u]0[/u]003B9CB C:\Program Files\MyWebSearch\SrchAstt\Cache\[u]0[/u]0071603 C:\Program Files\MyWebSearch\SrchAstt\Cache\[u]0[/u]00D4AA0 C:\Program Files\MyWebSearch\SrchAstt\Cache\[u]0[/u]01D0FF4 C:\Program Files\MyWebSearch\SrchAstt\Cache\[u]0[/u]028070A C:\Program Files\MyWebSearch\SrchAstt\Cache\[u]0[/u]0293A0B C:\Program Files\MyWebSearch\SrchAstt\Cache\[u]0[/u]038A8F5 C:\Program Files\MyWebSearch\SrchAstt\Cache\[u]0[/u]0560B7E C:\Program Files\MyWebSearch\SrchAstt\Cache\[u]0[/u]0B4BFCF C:\Program Files\MyWebSearch\SrchAstt\Cache\[u]0[/u]0D711EB C:\Program Files\MyWebSearch\SrchAstt\Cache\[u]0[/u]102F270 C:\Program Files\MyWebSearch\SrchAstt\Cache\[u]0[/u]157AB6F C:\Program Files\MyWebSearch\SrchAstt\Cache\[u]0[/u]2005092 C:\Program Files\MyWebSearch\SrchAstt\Cache\files.ini C:\Program Files\MyWebSearch\SrchAstt\Settings\prevcfg.htm C:\WINDOWS\regedit.com . (((((((((((((((((((( Bestanden Gemaakt van 2008-01-20 to 2008-02-20 )))))))))))))))))))))))))))))) . 2008-02-20 20:11 . 2008-02-20 20:11 4,124 --a------ C:\WINDOWS\SYSTEM32\tmp.reg 2008-02-19 16:57 . 2008-02-19 16:57 d-------- C:\VundoFix Backups 2008-02-19 16:54 . 2008-02-20 00:10 d-------- C:\HijackThis 2008-02-17 22:58 . 2008-02-17 22:58 d-------- C:\Program Files\Common Files\Download Manager 2008-02-17 22:58 . 2008-02-17 22:58 1,152 --a------ C:\WINDOWS\SYSTEM32\windrv.sys 2008-02-06 14:49 . 2008-02-13 17:57 d-------- C:\Program Files\LimeWire 2008-02-05 17:01 . 2008-02-05 17:01 d-------- C:\Program Files\iTunes 2008-02-05 16:58 . 2008-02-05 16:58 d-------- C:\Program Files\Bonjour 2008-01-28 22:40 . 2008-01-28 22:40 d-------- C:\Program Files\MSXML 4.0 2008-01-28 18:52 . 2006-09-07 05:34 347,776 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\rt73.sys 2008-01-28 18:47 . 2008-01-28 18:47 21,275 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AegisP.sys 2008-01-28 18:46 . 2008-01-28 18:46 d-------- C:\Program Files\Belkin 2008-01-28 18:46 . 2005-11-30 04:33 2,048 --------- C:\WINDOWS\SYSTEM32\DRIVERS\rt73.bin . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-20 19:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-02-18 00:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Amen face trans 32 2008-02-08 10:23 --------- d-----w C:\Program Files\Google 2008-02-07 10:22 --------- d-----w C:\Program Files\Philips Firmware Manager 2008-02-07 10:08 --------- d-----w C:\Program Files\Musicmatch 2008-02-05 17:23 --------- d-----w C:\Program Files\Java 2008-02-05 16:01 --------- d-----w C:\Program Files\iPod 2008-02-05 15:58 --------- d-----w C:\Program Files\QuickTime 2008-02-05 15:54 --------- d-----w C:\Program Files\Apple Software Update 2008-02-01 19:38 --------- d-----w C:\Documents and Settings\Bettina\Application Data\real multi okay 2008-01-11 05:52 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll 2007-12-28 19:40 --------- d-----w C:\Documents and Settings\Admin\Application Data\U3 2007-12-22 21:53 --------- d-----w C:\Program Files\EA GAMES 2007-12-19 22:57 347,136 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll 2007-12-18 09:51 179,584 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mrxdav.sys 2007-12-08 05:18 3,592,192 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll 2007-12-06 11:04 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe 2007-12-06 11:04 625,664 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe 2007-12-06 11:00 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe 2007-12-06 04:59 161,792 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll 2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\oleaut32.dll 2007-12-04 18:42 550,912 ------w C:\WINDOWS\SYSTEM32\oleaut32.dll 2005-09-25 20:03 1,112 ----a-w C:\Documents and Settings\Admin\Application Data\ViewerApp.dat 2003-04-16 17:29 43,520 ----a-w C:\Documents and Settings\Laurens\Application Data\MBSQTImporterPlugin.dll 2003-04-16 17:29 26,112 ----a-w C:\Documents and Settings\Laurens\Application Data\MBSRegistrationPlugin.dll 2002-10-06 10:50 1,768,592 ----a-w C:\Documents and Settings\Admin\Install_GrooveBlender.EXE 2004-08-04 08:03 50,688 --sh--w C:\WINDOWS\twain_32.dll 2003-04-05 01:16 32 --sha-w C:\WINDOWS\{3C3FA19B-6B8E-47F8-856C-88E14CBD1974}.dat 2003-04-05 01:18 32 --sha-w C:\WINDOWS\{889160FA-974A-4C62-9D64-4CEB794264AE}.dat 2004-08-04 08:03 54,784 --sha-w C:\WINDOWS\SYSTEM32\msvcirt.dll 2004-08-04 08:03 12,288 --sh--w C:\WINDOWS\SYSTEM32\regsvr32.exe 2003-04-05 01:18 32 -csha-w C:\WINDOWS\SYSTEM32\{8346EF5F-FD9D-4093-A79E-AF2C182D25AF}.dat 2003-04-05 01:16 32 -csha-w C:\WINDOWS\SYSTEM32\{A72B0613-80A8-4D1B-935B-316D938AEDAF}.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{4E7BD74F-2B8D-469E-C0FF-FD63B399BC7D}"= C:\PROGRA~1\FLOWGO~1\Toolbar\flgobar.dll [ ] [HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-c0ff-fd63b399bc7d}] [HKEY_CLASSES_ROOT\flgobar.FLGOBAR] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2004-04-29 13:06 16384] "encwarn"="C:\DOCUME~1\Admin\APPLIC~1\REALMU~1\BirdReadme.exe" [2006-06-04 21:59 204622] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UpdReg"="C:\WINDOWS\Updreg.exe" [ ] "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 09:11 57344] "DellTouch"="C:\WINDOWS\DELLMMKB.EXE" [2001-09-23 08:14 163840] "AHQInit"="C:\Program Files\Creative\SBLive\Program\AHQInit.exe" [2001-03-28 02:00 102400] "AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-20 10:59 675840] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-07-15 13:56 57984] "ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2003-07-15 13:50 58608] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-06-30 20:56 188416] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-06-30 21:00 65536] "MessengerPlus3"="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" [ ] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-05-17 21:22 100056] "RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-01-28 06:39 1179648] "StatusClient 2.6"="C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2004-02-27 19:29 61440] "TomcatStartup 2.5"="C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-05-10 21:39 188416] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-06-10 10:21 217088] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048] "SNM"="C:\Program Files\SpyNoMore\SNM.exe" [ ] "CreateCD50"="C:\PROGRA~1\COMMON~1\ADAPTE~3\CreateCD\CREATE~1.exe" [2002-04-20 11:01 110592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360] "Symantec Network Driver Update Warning"="C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE" [2004-04-30 17:02 91256] "ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2005-02-01 15:46 263776] "encwarn"="C:\DOCUME~1\NETWOR~1\APPLIC~1\REALMU~1\BirdReadme.exe" [2006-03-26 13:01 202254] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Belkin Wireless Client Utility.lnk - C:\Program Files\Belkin\F5D9050\Belkinwcui.exe [2006-12-01 16:26:40 1585152] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2004-04-30 11:22:12 196608] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^MyWebSearch Email Plugin.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\MyWebSearch Email Plugin.lnk backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package Menu.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Picture Package Menu.lnk backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Picture Package VCD Maker.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Picture Package VCD Maker.lnk backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^updater.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\updater.lnk backup=C:\WINDOWS\pss\updater.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\encwarn] --a------ 2006-06-04 21:59 204622 C:\DOCUME~1\Admin\APPLIC~1\REALMU~1\BirdReadme.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler] --a------ 2001-10-18 10:59 77887 C:\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SavePlayFunkBody] --a------ 2004-10-16 09:21 302902 C:\Documents and Settings\All Users\Application Data\Tool Rdr Save Play\Online Two.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trans 32 software vga] --a------ 2005-10-24 08:58 364810 C:\Documents and Settings\All Users\Application Data\Amen face trans 32\proc remote.exe R2 tcaicchg;tcaicchg;C:\WINDOWS\System32\tcaicchg.sys [2000-06-06 19:08] R2 TCAITDI;TCAITDI Protocol;C:\WINDOWS\system32\DRIVERS\TCAITDI.sys [2001-09-04 12:22] R3 Msikbd2k;DellTouch;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2000-10-03 16:18] S2 Nhksrv;Netropa NHK Server;C:\WINDOWS\Nhksrv.exe [] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18] S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2002-12-10 17:53] S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 07:01] S4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 22:52] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82662020-b57c-11dc-bbe7-000476e715f5}] \Shell\AutoRun\command - F:\LaunchU3.exe -a . Inhoud van de 'Gedeelde Taken' map "2008-02-20 19:00:00 C:\WINDOWS\Tasks\ADDC022E9187B6EE.job" - c:\docume~1\marc\applic~1\realmu~1\type32phone.exe "2008-02-20 19:00:00 C:\WINDOWS\Tasks\AE0F97CE90640D6E.job" - c:\docume~1\eva\applic~1\realmu~1\type32phone.exe "2008-02-15 19:10:16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-02-20 19:00:00 C:\WINDOWS\Tasks\B3B5ED0691AA9A82.job" - c:\docume~1\admin\applic~1\realmu~1\type32phone.exe "2008-02-15 19:00:51 C:\WINDOWS\Tasks\Norton AntiVirus - Mijn computer scannen.job" - C:\PROGRA~1\NORTON~1\NAVW32.exeG/task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~2\Tasks\mycomp.sca "2008-02-20 18:57:04 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-20 20:41:09 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-02-20 20:51:04 ComboFix-quarantined-files.txt 2008-02-20 19:50:59 . 2008-02-13 22:14:19 --- E O F ---