ComboFix 08-04-03.5 - Eigenaar 2008-04-04 16:58:59.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.531 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt [color=red][b]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b][/color] . (((((((((((((((((((( Bestanden Gemaakt van 2008-03-04 to 2008-04-04 )))))))))))))))))))))))))))))) . 2008-04-02 13:51 . 2008-04-02 13:51 d-------- C:\Program Files\GPLGS 2008-04-02 13:50 . 2008-04-02 13:50 d-------- C:\Program Files\Acro Software 2008-04-02 13:50 . 2007-07-12 22:33 87,552 --a------ C:\WINDOWS\system32\cpwmon2k.dll 2008-03-31 13:22 . 2008-04-04 16:58 dr-h----- C:\Documents and Settings\Eigenaar\Onlangs geopend 2008-03-22 14:27 . 2008-03-29 19:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-22 14:27 . 2008-03-22 14:27 1,409 --a------ C:\WINDOWS\QTFont.for . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-04 12:17 --------- d-----w C:\Program Files\SPAMfighter 2008-04-04 11:17 --------- d-----w C:\Program Files\Symantec AntiVirus 2008-03-20 17:37 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\LimeWire 2008-03-15 18:03 --------- d-----w C:\Program Files\Java 2008-02-10 15:57 --------- d-----w C:\Program Files\Eidos Interactive 2007-07-29 18:08 1,024 -c--a-w C:\Documents and Settings\All Users\Application Data\pdfdoc2.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2004-01-08 20:54 65536 C:\WINDOWS\SOUNDMAN.EXE] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 21:05 339968] "SA"="C:\Program Files\Logitech\QuickCam\SA3.EXE" [ ] "DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [1998-11-30 19:04 497376] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-10-17 20:54 155648] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 19:26 52896] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 20:33 125168] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [ ] "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-10-25 16:29 308880] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624] Snelstart HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52 53248] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3acm"= l3codeca.acm "MSVideo8"= VfWWDM32.dll "VIDC.VDOM"= vdowave.drv "VIDC.MPG4"= msscmc32.dll "MSACM.LHACM"= lhacm.acm "VIDC.TR20"= tr2032.dll "msacm.voxacm119"= vdk32119.acm "vidc.vivo"= ivvideo.dll "vidc.LEAD"= LCODCCMP.DLL "MSACM.CEGSM"= mobilev.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\LucasArts\\SWKotOR2\\swupdate.exe"= "C:\\WINDOWS\\system32\\rtcshare.exe"= "C:\\Program Files\\NetMeeting\\conf.exe"= "C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\Program Files\\U.S. Robotics\\EasyConfigurator\\UninstallerData\\Uninstall.exe"= "C:\\Program Files\\U.S. Robotics\\EasyConfigurator\\EasyConfigurator.exe"= R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2007-10-25 16:29] R3 NTSPPPOE;NTS Enternet P.P.P.o.E LAN Miniport Driver;C:\WINDOWS\system32\DRIVERS\ntspppoe.sys [2000-06-29 16:03] S3 ATMEL FVNETusbASKEY (AR)(R);ATMEL FVNETusbASKEY (AR)(R) Service for SANTIS WLAN USB Adapter;C:\WINDOWS\system32\DRIVERS\vnetusbk.sys [] S3 ATMEL WinXP PCMCIAFVNETR (2ARC)(R);ATMEL WinXP PCMCIAFVNETR (2ARC)(R) Service for SANTIS WLAN PC Card;C:\WINDOWS\system32\DRIVERS\fvnetr51.sys [] S3 PPPoEService;PPPoE Service;C:\PROGRA~1\Alcatel\ENTERN~1\app\pppoeservice.exe [2000-07-11 10:48] S3 RAWESR;RAWESR;C:\PROGRA~1\Alcatel\ENTERN~1\app\RAWESR.SYS [2000-06-26 17:02] S3 TAPBIND;TAPBIND;C:\PROGRA~1\Alcatel\ENTERN~1\app\TAPBIND1.SYS [2000-07-17 19:20] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{409b26ac-f7c2-11db-85eb-000fea7bfdeb}] \Shell\AutoRun\command - E:\LaunchU3.exe -a *Newly Created Service* - GTNDIS5 . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-04 17:00:56 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-04-04 17:01:37 ComboFix-quarantined-files.txt 2008-04-04 15:01:26 Pre-Run: 58,621,423,616 bytes beschikbaar Post-Run: 58,629,828,608 bytes beschikbaar . 2008-03-13 16:36:00 --- E O F ---