ComboFix 08-03-30.4 - Beheerder 2008-03-31 22:09:39.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.488 [GMT 2:00]Gestart vanuit: C:\Documents and Settings\Beheerder\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt * Resident AV is active [color=red][b]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b][/color] . (((((((((((((((((((( Bestanden Gemaakt van 2008-02-28 to 2008-03-31 )))))))))))))))))))))))))))))) . 2008-03-31 22:09 . 2008-03-31 22:09 d-------- C:\quarantine 2008-03-31 19:07 . 2008-03-31 19:07 d-------- C:\Program Files\Trend Micro 2008-03-31 18:26 . 2008-03-31 18:28 d-------- C:\Documents and Settings\Beheerder\Application Data\AVG7 2008-03-31 18:25 . 2008-03-31 18:25 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2008-03-31 18:25 . 2008-03-31 18:25 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-31 18:25 . 2008-03-31 18:28 d-------- C:\Documents and Settings\All Users\Application Data\avg7 2008-03-31 18:22 . 2008-03-31 18:22 d-------- C:\WINDOWS\5DF3D1BB894E4DCD8275159AC9829B43.TMP 2008-03-04 21:37 . 2008-03-04 21:37 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-03-04 15:45 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-03-04 15:45 . 2007-07-30 20:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-03-04 15:45 . 2007-07-30 20:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-03-03 20:59 . 2008-03-03 20:59 d-------- C:\Program Files\DivX 2008-03-03 20:59 . 2008-03-03 20:59 d-------- C:\Documents and Settings\Beheerder\Application Data\DivX 2008-03-03 19:36 . 2006-11-29 14:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-03-03 19:35 . 2008-03-03 19:35 d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-03-03 19:24 . 2008-03-03 19:31 d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-03 19:24 . 2008-03-03 19:24 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-02-21 04:05 . 2008-02-21 04:05 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-02-21 04:05 . 2008-02-21 04:05 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2008-02-21 04:05 . 2008-02-21 04:05 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe 2008-02-21 04:05 . 2008-02-21 04:05 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2008-02-21 04:05 . 2008-02-21 04:05 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb 2008-02-21 04:03 . 2008-02-21 04:03 630,784 --a------ C:\WINDOWS\system32\divxdec.ax 2008-02-21 04:03 . 2008-02-21 04:03 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax 2008-02-21 04:03 . 2008-02-21 04:03 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-02-21 04:03 . 2008-02-21 04:03 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-31 16:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-03-31 16:37 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-03-31 15:23 --------- d-----w C:\Program Files\Windows Live 2008-03-28 17:33 --------- d-----w C:\Documents and Settings\Beheerder\Application Data\Skype 2008-03-28 15:49 --------- d-----w C:\Documents and Settings\Beheerder\Application Data\LimeWire 2008-03-06 15:55 --------- d-----w C:\Program Files\Java 2008-03-03 17:31 --------- d-----w C:\Program Files\MSN Messenger 2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-02-13 10:25 --------- d-----w C:\Program Files\Common Files\Adobe 2007-12-07 02:18 824,832 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2005-05-27 03:28 20480] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 16:24 86016] "SoundMan"="SOUNDMAN.EXE" [2004-05-14 09:47 67072 C:\WINDOWS\SOUNDMAN.EXE] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 16:46 172032] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 09:38 241664] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-03-23 02:32 20480] "PE2CKFNT SE"="C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 13:51 25088] "ToUcamVProperty"="C:\Program Files\Philips ToUcam Camera\VProperty.exe" [2001-11-28 15:50 118784] "TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 16:52 3770024] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-14 15:09 57344] "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 20:00 94208] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50 139320] "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48 147514] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51 257088] "CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 18:01 644696] "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 18:50 1603152] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 12:02 79400] "WrtMon.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 08:35 20480] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-31 18:25 579072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-03-07 07:06 5181440] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-31 18:25 219136] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-05-27 03:28:09 450560] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2005-05-27 03:27:12 581632] Photo Express Calendar Checker SE.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe [2007-03-23 02:33:48 55296] Reality Fusion GameCam SE.lnk - C:\Program Files\Philips ToUcam Camera\GameCam SE\Program\RFTray.exe [2007-03-23 02:31:59 32768] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-08-03 11:10:00 394856] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 09:20] S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys [] S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys [] *Newly Created Service* - ENTDRV51 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Van Dale Grote woordenboeken Duits v2.0] C:\Program Files\VanDale\Grote Woordenboeken\Duits\JNJScript\Uvdwbd20.EXE /S [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Van Dale Grote woordenboeken Frans v2.0] C:\Program Files\VanDale\Grote Woordenboeken\Frans\JNJScript\Uvdwbf20.EXE /S [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{969B3B70-8765-11D5-9809-0050BACBF861}] rundll32.exe advpack.dll,LaunchINFSection C:\Program Files\CyberLink\MP3PowerEncoder\Cyber.inf,PerUserStub . Inhoud van de 'Gedeelde Taken' map "2007-06-07 11:41:35 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-31 22:12:20 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run ToUcamVProperty = C:\Program Files\Philips ToUcam Camera\VProperty.exe??U?c?a?m? ?C?a?m?e?r?a?\?V?P?r?o?p?e?r?t?y?.?e?x?e??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-03-31 22:14:45 ComboFix-quarantined-files.txt 2008-03-31 20:14:42 Pre-Run: 41,261,690,880 bytes beschikbaar Post-Run: 41,293,959,168 bytes beschikbaar . 2008-03-12 18:03:18 --- E O F ---