ComboFix 08-10-22.05 - user 2008-10-23 9:58:39.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.205 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\user\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\user\Application Data\Install.dat C:\Program Files\Altnet C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab.cab (incomplete) C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\system32\mdm.exe . (((((((((((((((((((( Bestanden Gemaakt van 2008-09-23 to 2008-10-23 )))))))))))))))))))))))))))))) . 2008-10-22 17:16 . 2008-10-22 17:16 d-------- C:\Program Files\Uniblue 2008-10-22 17:16 . 2008-10-22 17:16 d-------- C:\Documents and Settings\user\Application Data\Uniblue 2008-10-22 16:54 . 2008-10-22 20:09 dr-h----- C:\Documents and Settings\user\Onlangs geopend 2008-10-22 16:50 . 2008-10-22 16:53 d-------- C:\Program Files\RegCleaner 2008-10-22 16:49 . 2008-10-22 16:50 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-22 16:49 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-22 16:49 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-22 16:47 . 2008-10-22 16:47 d-------- C:\Program Files\Lavasoft 2008-10-22 16:47 . 2008-10-22 16:49 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-10-22 16:46 . 2008-10-22 16:46 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-10-13 14:10 . 2008-10-13 14:10 d-------- C:\WINDOWS\system32\nl 2008-10-13 14:10 . 2008-10-13 14:29 d-------- C:\WINDOWS\system32\bits 2008-10-13 14:10 . 2008-10-13 14:28 d-------- C:\WINDOWS\l2schemas 2008-10-13 13:57 . 2007-08-10 20:52 33,656 --a------ C:\WINDOWS\system32\sprecovr.exe 2008-10-13 13:52 . 2004-08-04 15:00 13,463,552 --a------ C:\WINDOWS\system32\dllcache\hwxjpn.dll 2008-10-13 13:51 . 2005-09-10 03:55 2,067,968 --a------ C:\WINDOWS\system32\cdosys.dll 2008-10-13 13:49 . 2008-10-13 13:49 d-------- C:\WINDOWS\EHome 2008-09-30 20:10 . 2008-09-30 20:10 7 --a------ C:\NOTACER.ID 2008-09-26 16:02 . 2004-06-15 07:00 116,736 --a------ C:\WINDOWS\system32\CNMLM61.DLL 2008-09-26 16:02 . 2004-06-15 07:00 7,680 --a------ C:\WINDOWS\system32\CNMVS61.DLL 2008-09-26 16:01 . 2004-06-04 17:34 86,016 --a------ C:\WINDOWS\system32\CNMCP61.exe 2008-09-26 15:37 . 2008-09-26 16:09 d-------- C:\Program Files\djDecks 2008-09-26 15:25 . 2008-09-26 15:25 d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ 2008-09-26 15:24 . 2007-10-21 20:00 223,744 --a------ C:\WINDOWS\system32\CNMLM97.DLL . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-22 15:59 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-10-22 15:48 --------- d-----w C:\Program Files\Windows Live Toolbar 2008-10-22 15:47 --------- d-----w C:\Program Files\Virtual Villagers 2008-10-22 15:46 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-10-22 15:41 --------- d-----w C:\Program Files\Zylom Games 2008-10-22 15:36 --------- d-----w C:\Program Files\Google 2008-10-22 15:34 --------- d-----w C:\Program Files\Philips 2008-10-22 15:33 --------- d-----w C:\Program Files\iWin 2008-10-22 15:33 --------- d-----w C:\Program Files\Common Files\DVDVIDEOSOFT 2008-10-19 15:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-10-03 11:50 --------- d-----w C:\Program Files\Java 2008-09-08 15:52 --------- d-----w C:\Program Files\Didascalia 2008-09-04 15:16 --------- d-----w C:\Program Files\COMODO 2008-09-04 15:16 --------- d-----w C:\Documents and Settings\user\Application Data\Comodo 2008-08-28 20:06 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys 2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2005-05-06 07:45 45,320 ----a-w C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT 2005-01-21 00:53 45,056 -c----r C:\Program Files\SetAttrib.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EzStatus"="C:\Apps\EZHome\EZStatus.exe" [2004-10-11 98304] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-04 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 339968] "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-10-08 81920] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-29 1234712] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 C:\WINDOWS\system32\Hdaudpropshortcut.exe] "AlcWzrd"="ALCWZRD.EXE" [2004-09-15 C:\WINDOWS\ALCWZRD.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360] "EzStatus"="C:\Apps\EZHome\EZStatus.exe" [2004-10-11 98304] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Microsoft Office.lnk - C:\Program Files\microsoft office\Office\OSA9.EXE [1999-02-17 65588] NkvMon.exe.lnk - C:\Program Files\Nikon\NkView5\NkvMon.exe [2005-05-06 233472] Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2000-08-06 69632] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\BearShare\\BearShare.exe"= "C:\\Program Files\\microsoft office\\Office\\FRONTPG.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-28 97928] R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2003-06-16 49024] R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-28 875288] R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-28 231704] R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-08 76040] R2 dev4_423;dev4_423;C:\phpdev\Apache\Apache.exe [2005-12-13 20480] R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 139264] R3 Cap713x;Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2004-10-08 751104] S0 ntcdrdrv;ntcdrdrv;C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys [ ] S3 ACSSCR;ACR38 Smart Card Reader;C:\WINDOWS\system32\DRIVERS\a38usbxp.sys [2004-04-30 24832] S3 Navcar;Navman In-car Navigator USB Driver Service;C:\WINDOWS\system32\DRIVERS\Navcar.sys [2003-10-29 30329] . - - - - ORPHANS VERWIJDERD - - - - HKLM-Run-TkBellExe - realsched.exe Notify-dimsntfy - (no file) . ------- Bijkomende Scan ------- . FireFox -: Profile - C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\1e32uv1x.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://webmail.skynet.be/index.html?partner=skynet&vortal=residential&lang=nl&new_lang=nl&l1=communication&l2=webmail . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-23 10:04:55 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . ------------------------ Andere Aktieve Processen ------------------------ . C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\scardsvr.exe C:\WINDOWS\system32\Belpic PCSC Service.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe C:\Program Files\AVG\AVG8\avgrsx.exe . ************************************************************************** . Voltooingstijd: 2008-10-23 10:10:00 - machine werd herstart ComboFix-quarantined-files.txt 2008-10-23 08:09:49 Pre-Run: 211.747.176.448 bytes beschikbaar Post-Run: 212,777,377,792 bytes beschikbaar 154 --- E O F --- 2008-10-22 18:57:41