ComboFix 08-04-11.8 - Liesbeth Van Meulder 2008-04-12 14:04:10.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.102 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\Liesbeth Van Meulder\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt [color=red][b]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b][/color] . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CCEVTMGR -------\Service_ccEvtMgr -------\Service_ccPwdSvc (((((((((((((((((((( Bestanden Gemaakt van 2008-03-12 to 2008-04-12 )))))))))))))))))))))))))))))) . 2008-04-12 13:31 . 2008-04-12 13:31 d-------- C:\Program Files\Thomson 2008-04-12 13:31 . 2003-12-08 11:53 70,688 --a------ C:\WINDOWS\system32\drivers\alcaudsl.sys 2008-04-12 13:31 . 2003-12-08 11:53 53,600 --a------ C:\WINDOWS\system32\drivers\alcan5wn.sys 2008-04-12 13:31 . 2003-12-08 11:53 5,606 --a------ C:\WINDOWS\system32\stci.dll 2008-04-12 13:31 . 2003-12-08 11:53 5,280 --a------ C:\WINDOWS\system32\drivers\alcawh.sys 2008-04-12 13:31 . 2003-12-08 11:53 3,968 --a------ C:\WINDOWS\system32\drivers\alcacr.sys 2008-04-12 13:30 . 2008-04-12 13:30 d-------- C:\Program Files\support.com 2008-04-12 13:29 . 2008-04-12 13:29 d-------- C:\Documents and Settings\All Users\Application Data\Support.com 2008-04-11 17:58 . 2008-04-11 17:58 5,615,598 -r-hs---- C:\AVG7DB_F.DAT 2008-04-11 17:41 . 2008-04-11 17:41 12,392,433 --------- C:\AVG7QT.DAT 2008-04-11 17:40 . 2008-04-11 17:40 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2008-04-11 17:40 . 2008-04-11 17:40 d-------- C:\Documents and Settings\Liesbeth Van Meulder\Application Data\AVG7 2008-04-11 17:40 . 2008-04-11 17:40 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-04-11 17:40 . 2008-04-11 17:41 d-------- C:\Documents and Settings\All Users\Application Data\avg7 2008-04-11 16:10 . 2008-04-11 16:10 d-------- C:\Program Files\Trend Micro 2008-04-11 15:52 . 2008-04-11 16:00 d-------- C:\ComboFix[1] 2008-04-11 15:22 . 2008-04-11 15:22 d-------- C:\Program Files\SymNetDrv 2008-03-26 18:51 . 2008-03-26 18:51 d-------- C:\Program Files\Western Digital Technologies . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-12 11:31 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-11 14:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-04-11 13:23 --------- d-----w C:\Program Files\Symantec 2008-04-01 21:39 --------- d-----w C:\Documents and Settings\Liesbeth Van Meulder\Application Data\dvdcss 2008-03-12 11:31 --------- d-----w C:\Program Files\Java 2008-03-07 14:09 --------- d-----w C:\Documents and Settings\Liesbeth Van Meulder\Application Data\OpenOffice.org2 2008-02-12 14:55 --------- d-----w C:\Documents and Settings\Liesbeth Van Meulder\Application Data\BearShare . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 11:47 65536] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-07-14 22:35 1961984] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-10 16:38 68856] "ares"="C:\Program Files\Ares\Ares.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05 344064] "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA-zoomutility\SmoothView.exe" [2005-05-12 14:28 118784] "PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-08-30 13:25 1077327] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-02-05 16:09 49768] "URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2005-05-06 05:27 22656] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-15 00:28 98394] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-15 00:26 688218] "Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 13:25 73728] "TPSMain"="TPSMain.exe" [2005-08-03 16:49 266240 C:\WINDOWS\system32\TPSMain.exe] "THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2005-12-08 13:53 352256] "RTHDCPL"="RTHDCPL.EXE" [2005-11-10 20:14 15473664 C:\WINDOWS\RTHDCPL.exe] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-29 20:28 155648] "NDSTray.exe"="NDSTray.exe" [] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-08-01 06:10 122940] "AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 15:29 88203 C:\WINDOWS\agrsmmsg.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-04-11 15:22 100056] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-04-11 17:40 352768] "AVG7_EMC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" [2008-04-11 17:40 272896] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2008-04-11 17:40 151552] [HKLM\~\startupfolder\C:^Documents and Settings^Liesbeth Van Meulder^Menu Start^Programma's^Opstarten^Microsoft Office OneNote 2003 Quick Launch.lnk] path=C:\Documents and Settings\Liesbeth Van Meulder\Menu Start\Programma's\Opstarten\Microsoft Office OneNote 2003 Quick Launch.lnk backup=C:\WINDOWS\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] C:\Program Files\Ares\Ares.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipStunt] C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2005-10-27 01:01 33792 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"= [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8eb6371c-df78-11db-a9d2-0011f5d709c4}] \Shell\AutoRun\command - F:\ \Shell\explore\Command - RECYCLED\INFO.exe \Shell\open\Command - RECYCLED\INFO.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{976f19de-fb36-11dc-aad6-0011f5d709c4}] \Shell\AutoRun\command - F:\wd_windows_tools\setup.exe . Inhoud van de 'Gedeelde Taken' map "2008-03-21 19:30:16 C:\WINDOWS\Tasks\Norton AntiVirus - Mijn computer scannen - Liesbeth Van Meulder.job" - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task: "2008-04-11 14:13:34 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-12 14:09:21 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\system32\acs.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Common Files\Symantec Shared\Security Center\symwsc.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\system32\TPSBattM.exe C:\WINDOWS\system32\RAMASST.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\taskmgr.exe . ************************************************************************** . Voltooingstijd: 2008-04-12 14:21:37 - machine was rebooted [Liesbeth Van Meulder] ComboFix-quarantined-files.txt 2008-04-12 12:21:28 Pre-Run: 9,640,873,984 bytes beschikbaar Post-Run: 9,569,632,256 bytes beschikbaar . 2008-04-08 23:01:38 --- E O F ---