ComboFix 08-07-15.4 - Mark 2008-07-17 9:40:56.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.98 [GMT 2:00] Gestart vanuit: C:\Installatie Programmas\ComboFix.exe * Nieuw herstelpunt werd aangemaakt [color=red][b]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b][/color] . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\winsys.exe . (((((((((((((((((((( Bestanden Gemaakt van 2008-06-17 to 2008-07-17 )))))))))))))))))))))))))))))) . 2008-07-17 08:54 . 2008-07-17 08:54 d-------- C:\WINDOWS\ERUNT 2008-07-17 08:46 . 2008-07-17 09:32 d-------- C:\SDFix 2008-07-14 20:45 . 2008-07-14 20:45 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-07-10 09:23 . 2008-07-14 20:24 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-20 19:43 . 2008-06-20 19:43 247,296 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 12:44 . 2008-06-20 12:44 138,368 -----c--- C:\WINDOWS\system32\dllcache\afd.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-17 07:41 --------- d-----w C:\Program Files\Symantec AntiVirus 2008-07-15 18:10 --------- d-----w C:\Program Files\Google 2008-07-14 19:21 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-07-14 19:21 --------- d-----w C:\Program Files\Windows Live Toolbar 2008-07-14 19:20 --------- d-----w C:\Program Files\AutoCAD 2002 2008-07-14 18:46 --------- d-----w C:\Program Files\Lavasoft 2008-07-14 18:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-06-22 18:50 13,312 --s-a-w C:\WINDOWS\system32\gnmguxh.dll 2008-06-20 17:43 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-14 18:00 272,640 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-05-29 10:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\CanonIJPLM 2008-05-25 09:43 --------- d-----w C:\Program Files\EA Sports 2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-05-07 05:16 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll 2008-04-29 14:36 304,160 ----a-w C:\StiImg.dat 2008-04-23 04:22 826,368 ----a-w C:\WINDOWS\system32\wininet.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 19:05 143360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776] "SW20"="C:\WINDOWS\system32\sw20.exe" [2006-09-07 12:13 208896] "SW24"="C:\WINDOWS\system32\sw24.exe" [2006-09-07 12:14 69632] "WinSys2"="C:\WINDOWS\system32\winsys2.exe" [2006-10-03 08:37 217088] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 16:10 56928] "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 23:55 54832] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 10:21 48752] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-06-23 20:27 85696] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920] "CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-03 18:00 644696] "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 18:50 1603152] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 02:03 15360] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{629340b5-8df6-4211-9245-a86563a35792}"= "C:\WINDOWS\system32\gnmguxh.dll" [2008-06-22 20:50 13312] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= *Newly Created Service* - PROCEXP90 . Inhoud van de 'Gedeelde Taken' map "2008-07-15 19:11:00 C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-17 09:43:57 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-07-17 9:48:17 ComboFix-quarantined-files.txt 2008-07-17 07:47:38 Pre-Run: 7,633,276,928 bytes beschikbaar Post-Run: 7,625,617,408 bytes beschikbaar 99 --- E O F --- 2008-07-15 17:23:57